Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Black Screen & Shut down Issue [Solved]


  • This topic is locked This topic is locked

#16
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

p.s : I guess RK tells me to delete some registry but I am not sure. Should I delete them?

Aye indeed, we will be dealing with these shortly...

Re-scan with AdwCleaner:

  • Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
  • Now click on the Delete tab >> reboot your machine when prompted.
  • Please post the contents of the log-file created in your next post.
Note: The log can also be located at C: >> AdwCleaner[XX].txt >> XX <-- denotes the number of times the application has been ran, so in this case should be something like S1.

Re-scan with RogueKiller:

Run the scan again as outlined prior and it will create a new log called RKreport[2].txt. I actually have no need to review this one...

After the scan is complete, click on the Delete button, once complete click on the ShortcutsFix button.

Post the contents of both RKreport[3].txt and RKreport[4].txt in your next reply. Provide a quick update how your machine is performing now and we will go from there, thank you.
  • 0

Advertisements


#17
ntlyke

ntlyke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
AdWcleaner S2:

# AdwCleaner v2.006 - Datei am 04/11/2012 um 11:25:47 erstellt
# Aktualisiert am 30/10/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Soner - SONER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Soner\Desktop\AdwCleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.1 (tr)

Profilname : default
Datei : C:\Users\Soner\AppData\Roaming\Mozilla\Firefox\Profiles\ven14gag.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Soner\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1825 octets] - [03/11/2012 14:33:01]
AdwCleaner[S1].txt - [1758 octets] - [04/11/2012 11:21:58]
AdwCleaner[R2].txt - [1170 octets] - [04/11/2012 11:25:27]
AdwCleaner[S2].txt - [1103 octets] - [04/11/2012 11:25:47]

########## EOF - C:\AdwCleaner[S2].txt - [1163 octets] ##########



RK 3:

RogueKiller V8.2.1 [10/29/2012] durch Tigzy
mail: tigzyRK<at>gmail<dot>com
Kommentare: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Betriebssystem: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestartet in : Normaler Modus
Benutzer : Soner [Admin Rechte]
Funktion : Entfernen -- Datum : 11/04/2012 11:28:37

¤¤¤ Böswillige Prozesse : 0 ¤¤¤

¤¤¤ Registry-Einträge : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> GELÖSCHT
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> ERSETZT (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ERSETZT (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ERSETZT (0)

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [NICHT GELADEN] ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400BEVT-00A0RT0 ATA Device +++++
--- User ---
[MBR] f30cd2c72714e156b44264d9af3db080
[BSP] 3b6fe5f88d06c1f79063acd85d32978f : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 610378 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Abgeschlossen : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt



RK 4:

RogueKiller V8.2.1 [10/29/2012] durch Tigzy
mail: tigzyRK<at>gmail<dot>com
Kommentare: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Betriebssystem: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestartet in : Normaler Modus
Benutzer : Soner [Admin Rechte]
Funktion : Reparierte Verknüpfungen -- Datum : 11/04/2012 11:31:43

¤¤¤ Böswillige Prozesse : 0 ¤¤¤

¤¤¤ Treiber : [NICHT GELADEN] ¤¤¤

¤¤¤ Dateiattribute wiederhergestellt: ¤¤¤
Desktop: Success 1655 / Fail 0
Schnellstart: Success 1 / Fail 0
Programme: Success 2 / Fail 0
Startmenü: Success 1 / Fail 0
Benutzer-Ordner: Success 76 / Fail 0
Eigene Dateien: Success 0 / Fail 0
Meine Favoriten: Success 0 / Fail 0
Meine Bilder: Success 0 / Fail 0
Meine Musik: Success 0 / Fail 0
Meine Videos: Success 0 / Fail 0
Lokale Laufwerke: Success 53 / Fail 0
Sicherungskopie: [NOT FOUND]

Laufwerke:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\HarddiskVolume3 -- 0x2 --> Restored
[F:] \Device\CdRom1 -- 0x5 --> Skipped

Abgeschlossen : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt



p.s : After all this, there s a new toolbar on my Chrome browser called "White Smoke". Don t know how--

p.s.s : After all this, I watched a full screen video to check how it will react, and it froze once again-
  • 0

#18
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

After all this, I watched a full screen video to check how it will react, and it froze once again

Acknowledged.

After all this, there s a new toolbar on my Chrome browser called "White Smoke". Don t know how

Re-run AdWcleaner again and select the Delete option >> follow the prompts, post the new log in your next reply.

Scan with TDSSKiller:

Please download TDSSKiller.zip and extract (unzip) it to your Desktop.

  • Right-click on TDSSKiller.exe to launch it.
  • When the window opens, click on Change Parameters
  • Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • A Report will have been created by TDSSKiller in your root directory C:\
  • To find the log go to Start(Windows 7 Orb) > Computer > C:
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!

Re-scan with OTL:

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Minimal Output is selected.
  • Click the Scan All Users checkbox.
  • Now click on Run Scan at the top left hand corner.
  • When done, one Notepad file will open. Post the new log in your next reply.

  • 0

#19
ntlyke

ntlyke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
ADW: It also says that I have Avast running or something like that and then the restart- Nothing else

# AdwCleaner v2.006 - Datei am 04/11/2012 um 18:17:14 erstellt
# Aktualisiert am 30/10/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Soner - SONER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Soner\Desktop\AdwCleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Soner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif
Ordner Gelöscht : C:\Users\Soner\AppData\LocalLow\Conduit

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\kfkcangbigakljkjeglcofaomihpejif
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kfkcangbigakljkjeglcofaomihpejif

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.1 (tr)

Profilname : default
Datei : C:\Users\Soner\AppData\Roaming\Mozilla\Firefox\Profiles\ven14gag.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Soner\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1825 octets] - [03/11/2012 14:33:01]
AdwCleaner[S1].txt - [1758 octets] - [04/11/2012 11:21:58]
AdwCleaner[R2].txt - [1170 octets] - [04/11/2012 11:25:27]
AdwCleaner[S2].txt - [1232 octets] - [04/11/2012 11:25:47]
AdwCleaner[R3].txt - [1858 octets] - [04/11/2012 18:17:00]
AdwCleaner[S3].txt - [1662 octets] - [04/11/2012 18:17:14]

########## EOF - C:\AdwCleaner[S3].txt - [1722 octets] ##########



TDS :



18:21:02.0862 2708 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:21:03.0018 2708 ============================================================
18:21:03.0018 2708 Current date / time: 2012/11/04 18:21:03.0018
18:21:03.0018 2708 SystemInfo:
18:21:03.0018 2708
18:21:03.0033 2708 OS Version: 6.1.7601 ServicePack: 1.0
18:21:03.0033 2708 Product type: Workstation
18:21:03.0033 2708 ComputerName: SONER-PC
18:21:03.0033 2708 UserName: Soner
18:21:03.0033 2708 Windows directory: C:\Windows
18:21:03.0033 2708 System windows directory: C:\Windows
18:21:03.0033 2708 Running under WOW64
18:21:03.0033 2708 Processor architecture: Intel x64
18:21:03.0033 2708 Number of processors: 2
18:21:03.0033 2708 Page size: 0x1000
18:21:03.0033 2708 Boot type: Normal boot
18:21:03.0033 2708 ============================================================
18:21:04.0999 2708 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:21:05.0015 2708 ============================================================
18:21:05.0015 2708 \Device\Harddisk0\DR0:
18:21:05.0015 2708 MBR partitions:
18:21:05.0015 2708 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:21:05.0015 2708 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4A825000
18:21:05.0015 2708 ============================================================
18:21:05.0061 2708 C: <-> \Device\Harddisk0\DR0\Partition2
18:21:05.0061 2708 ============================================================
18:21:05.0061 2708 Initialize success
18:21:05.0061 2708 ============================================================
18:22:58.0411 3172 ============================================================
18:22:58.0411 3172 Scan started
18:22:58.0411 3172 Mode: Manual; SigCheck; TDLFS;
18:22:58.0411 3172 ============================================================
18:22:59.0612 3172 ================ Scan system memory ========================
18:22:59.0612 3172 System memory - ok
18:22:59.0612 3172 ================ Scan services =============================
18:22:59.0831 3172 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:23:00.0033 3172 1394ohci - ok
18:23:00.0065 3172 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:23:00.0127 3172 ACPI - ok
18:23:00.0174 3172 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:23:00.0267 3172 AcpiPmi - ok
18:23:00.0345 3172 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
18:23:00.0392 3172 adfs - ok
18:23:00.0579 3172 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:23:00.0642 3172 AdobeFlashPlayerUpdateSvc - ok
18:23:00.0720 3172 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:23:00.0782 3172 adp94xx - ok
18:23:00.0813 3172 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:23:00.0845 3172 adpahci - ok
18:23:00.0876 3172 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:23:00.0907 3172 adpu320 - ok
18:23:00.0954 3172 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:23:01.0157 3172 AeLookupSvc - ok
18:23:01.0235 3172 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:23:01.0344 3172 AFD - ok
18:23:01.0391 3172 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:23:01.0422 3172 agp440 - ok
18:23:01.0469 3172 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:23:01.0562 3172 ALG - ok
18:23:01.0609 3172 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:23:01.0640 3172 aliide - ok
18:23:01.0718 3172 [ E20DDDFBD0DBE7D8EAD4D7A51D654367 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:23:01.0874 3172 AMD External Events Utility - ok
18:23:01.0968 3172 AMD FUEL Service - ok
18:23:01.0999 3172 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:23:02.0046 3172 amdide - ok
18:23:02.0077 3172 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
18:23:02.0108 3172 amdiox64 - ok
18:23:02.0155 3172 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:23:02.0218 3172 AmdK8 - ok
18:23:02.0514 3172 [ 4284FB1240537A33E6EC417EFD87D40F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:23:02.0873 3172 amdkmdag - ok
18:23:02.0935 3172 [ 6C25C497E05EFD0CB6033A0444FC9B51 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
18:23:02.0982 3172 amdkmdap - ok
18:23:03.0013 3172 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:23:03.0044 3172 AmdPPM - ok
18:23:03.0091 3172 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:23:03.0122 3172 amdsata - ok
18:23:03.0169 3172 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:23:03.0200 3172 amdsbs - ok
18:23:03.0216 3172 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:23:03.0247 3172 amdxata - ok
18:23:03.0294 3172 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:23:03.0544 3172 AppID - ok
18:23:03.0590 3172 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:23:03.0700 3172 AppIDSvc - ok
18:23:03.0762 3172 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:23:03.0824 3172 Appinfo - ok
18:23:03.0887 3172 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
18:23:03.0949 3172 AppMgmt - ok
18:23:03.0996 3172 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
18:23:04.0027 3172 arc - ok
18:23:04.0027 3172 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:23:04.0058 3172 arcsas - ok
18:23:04.0090 3172 [ 4A57B2C375D82CBEB28454E0460D65AD ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
18:23:04.0152 3172 aswFsBlk - ok
18:23:04.0199 3172 [ 0DFA8428E92FA0398A4557077E03D0BE ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
18:23:04.0214 3172 aswMonFlt - ok
18:23:04.0230 3172 [ 061BF40C947848B6F4A478C600B0298C ] aswRdr C:\Windows\system32\drivers\aswRdr.sys
18:23:04.0246 3172 aswRdr - ok
18:23:04.0308 3172 [ 9597C6E9091369EF4B94956478D545BF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
18:23:04.0355 3172 aswSnx - ok
18:23:04.0370 3172 [ 6B31B59C48A5F45E9F26DE37ACAE7DB4 ] aswSP C:\Windows\system32\drivers\aswSP.sys
18:23:04.0386 3172 aswSP - ok
18:23:04.0433 3172 [ 5C06C8ED0627A970DC7A4B6624F3BD08 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
18:23:04.0464 3172 aswTdi - ok
18:23:04.0495 3172 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:23:04.0620 3172 AsyncMac - ok
18:23:04.0636 3172 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:23:04.0651 3172 atapi - ok
18:23:04.0745 3172 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
18:23:04.0870 3172 athr - ok
18:23:04.0916 3172 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
18:23:04.0963 3172 AtiHDAudioService - ok
18:23:05.0260 3172 [ 4284FB1240537A33E6EC417EFD87D40F ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:23:05.0478 3172 atikmdag - ok
18:23:05.0540 3172 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:23:05.0650 3172 AudioEndpointBuilder - ok
18:23:05.0665 3172 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:23:05.0743 3172 AudioSrv - ok
18:23:05.0806 3172 [ AE28BA1361D8040D8850F21CACFCCCE9 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
18:23:05.0821 3172 avast! Antivirus - ok
18:23:05.0837 3172 [ AE28BA1361D8040D8850F21CACFCCCE9 ] avast! Mail Scanner C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
18:23:05.0868 3172 avast! Mail Scanner - ok
18:23:05.0868 3172 [ AE28BA1361D8040D8850F21CACFCCCE9 ] avast! Web Scanner C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
18:23:05.0884 3172 avast! Web Scanner - ok
18:23:05.0930 3172 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:23:06.0008 3172 AxInstSV - ok
18:23:06.0055 3172 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
18:23:06.0133 3172 b06bdrv - ok
18:23:06.0164 3172 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:23:06.0242 3172 b57nd60a - ok
18:23:06.0305 3172 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:23:06.0398 3172 BDESVC - ok
18:23:06.0445 3172 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:23:06.0554 3172 Beep - ok
18:23:06.0617 3172 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:23:06.0726 3172 BFE - ok
18:23:06.0773 3172 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
18:23:06.0898 3172 BITS - ok
18:23:06.0929 3172 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:23:06.0960 3172 blbdrive - ok
18:23:07.0022 3172 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:23:07.0116 3172 bowser - ok
18:23:07.0163 3172 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
18:23:07.0241 3172 BrFiltLo - ok
18:23:07.0256 3172 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
18:23:07.0288 3172 BrFiltUp - ok
18:23:07.0334 3172 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
18:23:07.0459 3172 BridgeMP - ok
18:23:07.0537 3172 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:23:07.0600 3172 Browser - ok
18:23:07.0631 3172 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:23:07.0693 3172 Brserid - ok
18:23:07.0709 3172 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:23:07.0756 3172 BrSerWdm - ok
18:23:07.0771 3172 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:23:07.0802 3172 BrUsbMdm - ok
18:23:07.0818 3172 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:23:07.0849 3172 BrUsbSer - ok
18:23:07.0849 3172 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:23:07.0896 3172 BTHMODEM - ok
18:23:07.0943 3172 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:23:08.0036 3172 bthserv - ok
18:23:08.0052 3172 catchme - ok
18:23:08.0099 3172 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:23:08.0161 3172 cdfs - ok
18:23:08.0208 3172 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:23:08.0270 3172 cdrom - ok
18:23:08.0302 3172 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:23:08.0395 3172 CertPropSvc - ok
18:23:08.0442 3172 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
18:23:08.0520 3172 circlass - ok
18:23:08.0551 3172 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:23:08.0614 3172 CLFS - ok
18:23:08.0676 3172 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:23:08.0738 3172 clr_optimization_v2.0.50727_32 - ok
18:23:08.0785 3172 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:23:08.0848 3172 clr_optimization_v2.0.50727_64 - ok
18:23:08.0941 3172 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:23:09.0035 3172 clr_optimization_v4.0.30319_32 - ok
18:23:09.0097 3172 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:23:09.0144 3172 clr_optimization_v4.0.30319_64 - ok
18:23:09.0175 3172 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:23:09.0222 3172 CmBatt - ok
18:23:09.0253 3172 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:23:09.0316 3172 cmdide - ok
18:23:09.0362 3172 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:23:09.0487 3172 CNG - ok
18:23:09.0518 3172 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:23:09.0550 3172 Compbatt - ok
18:23:09.0581 3172 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:23:09.0659 3172 CompositeBus - ok
18:23:09.0690 3172 COMSysApp - ok
18:23:09.0752 3172 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:23:09.0799 3172 crcdisk - ok
18:23:09.0846 3172 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:23:09.0908 3172 CryptSvc - ok
18:23:09.0955 3172 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
18:23:10.0080 3172 CSC - ok
18:23:10.0158 3172 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
18:23:10.0252 3172 CscService - ok
18:23:10.0330 3172 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:23:10.0470 3172 DcomLaunch - ok
18:23:10.0501 3172 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:23:10.0657 3172 defragsvc - ok
18:23:10.0688 3172 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:23:10.0798 3172 DfsC - ok
18:23:10.0844 3172 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:23:10.0954 3172 Dhcp - ok
18:23:10.0985 3172 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:23:11.0094 3172 discache - ok
18:23:11.0125 3172 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
18:23:11.0141 3172 Disk - ok
18:23:11.0203 3172 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
18:23:11.0266 3172 dmvsc - ok
18:23:11.0297 3172 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:23:11.0406 3172 Dnscache - ok
18:23:11.0453 3172 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:23:11.0578 3172 dot3svc - ok
18:23:11.0609 3172 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:23:11.0671 3172 DPS - ok
18:23:11.0718 3172 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:23:11.0796 3172 drmkaud - ok
18:23:11.0890 3172 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:23:11.0952 3172 dtsoftbus01 - ok
18:23:12.0030 3172 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:23:12.0092 3172 DXGKrnl - ok
18:23:12.0108 3172 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:23:12.0170 3172 EapHost - ok
18:23:12.0295 3172 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
18:23:12.0482 3172 ebdrv - ok
18:23:12.0514 3172 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:23:12.0592 3172 EFS - ok
18:23:12.0701 3172 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:23:12.0794 3172 ehRecvr - ok
18:23:12.0826 3172 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:23:12.0857 3172 ehSched - ok
18:23:12.0919 3172 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:23:12.0997 3172 elxstor - ok
18:23:13.0028 3172 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:23:13.0075 3172 ErrDev - ok
18:23:13.0138 3172 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:23:13.0247 3172 EventSystem - ok
18:23:13.0278 3172 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:23:13.0372 3172 exfat - ok
18:23:13.0387 3172 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:23:13.0450 3172 fastfat - ok
18:23:13.0512 3172 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:23:13.0652 3172 Fax - ok
18:23:13.0684 3172 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
18:23:13.0730 3172 fdc - ok
18:23:13.0762 3172 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:23:13.0824 3172 fdPHost - ok
18:23:13.0855 3172 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:23:13.0918 3172 FDResPub - ok
18:23:13.0949 3172 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:23:13.0980 3172 FileInfo - ok
18:23:14.0011 3172 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:23:14.0089 3172 Filetrace - ok
18:23:14.0198 3172 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:23:14.0276 3172 FLEXnet Licensing Service - ok
18:23:14.0339 3172 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
18:23:14.0386 3172 FLEXnet Licensing Service 64 - ok
18:23:14.0417 3172 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
18:23:14.0448 3172 flpydisk - ok
18:23:14.0479 3172 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:23:14.0495 3172 FltMgr - ok
18:23:14.0588 3172 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:23:14.0744 3172 FontCache - ok
18:23:14.0776 3172 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:23:14.0822 3172 FontCache3.0.0.0 - ok
18:23:14.0854 3172 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:23:14.0869 3172 FsDepends - ok
18:23:14.0916 3172 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:23:14.0963 3172 Fs_Rec - ok
18:23:14.0994 3172 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:23:15.0025 3172 fvevol - ok
18:23:15.0056 3172 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:23:15.0088 3172 gagp30kx - ok
18:23:15.0150 3172 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:23:15.0275 3172 gpsvc - ok
18:23:15.0337 3172 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:23:15.0368 3172 gupdate - ok
18:23:15.0384 3172 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:23:15.0400 3172 gupdatem - ok
18:23:15.0446 3172 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:23:15.0524 3172 hcw85cir - ok
18:23:15.0587 3172 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:23:15.0665 3172 HdAudAddService - ok
18:23:15.0696 3172 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:23:15.0790 3172 HDAudBus - ok
18:23:15.0805 3172 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
18:23:15.0852 3172 HidBatt - ok
18:23:15.0868 3172 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:23:15.0914 3172 HidBth - ok
18:23:15.0930 3172 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
18:23:15.0946 3172 HidIr - ok
18:23:15.0977 3172 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
18:23:16.0039 3172 hidserv - ok
18:23:16.0102 3172 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:23:16.0148 3172 HidUsb - ok
18:23:16.0180 3172 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:23:16.0273 3172 hkmsvc - ok
18:23:16.0304 3172 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:23:16.0382 3172 HomeGroupListener - ok
18:23:16.0414 3172 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:23:16.0492 3172 HomeGroupProvider - ok
18:23:16.0538 3172 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:23:16.0570 3172 HpSAMD - ok
18:23:16.0648 3172 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:23:16.0757 3172 HTTP - ok
18:23:16.0788 3172 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:23:16.0819 3172 hwpolicy - ok
18:23:16.0835 3172 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:23:16.0866 3172 i8042prt - ok
18:23:16.0913 3172 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:23:16.0960 3172 iaStorV - ok
18:23:17.0022 3172 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:23:17.0084 3172 idsvc - ok
18:23:17.0131 3172 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:23:17.0178 3172 iirsp - ok
18:23:17.0240 3172 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:23:17.0350 3172 IKEEXT - ok
18:23:17.0396 3172 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:23:17.0428 3172 intelide - ok
18:23:17.0490 3172 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
18:23:17.0537 3172 intelppm - ok
18:23:17.0584 3172 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:23:17.0708 3172 IPBusEnum - ok
18:23:17.0740 3172 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:23:17.0849 3172 IpFilterDriver - ok
18:23:17.0880 3172 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:23:17.0989 3172 iphlpsvc - ok
18:23:18.0005 3172 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:23:18.0036 3172 IPMIDRV - ok
18:23:18.0052 3172 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:23:18.0114 3172 IPNAT - ok
18:23:18.0161 3172 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:23:18.0223 3172 IRENUM - ok
18:23:18.0254 3172 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:23:18.0286 3172 isapnp - ok
18:23:18.0317 3172 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:23:18.0364 3172 iScsiPrt - ok
18:23:18.0395 3172 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:23:18.0410 3172 kbdclass - ok
18:23:18.0442 3172 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:23:18.0488 3172 kbdhid - ok
18:23:18.0504 3172 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:23:18.0535 3172 KeyIso - ok
18:23:18.0566 3172 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:23:18.0582 3172 KSecDD - ok
18:23:18.0613 3172 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:23:18.0644 3172 KSecPkg - ok
18:23:18.0676 3172 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:23:18.0769 3172 ksthunk - ok
18:23:18.0816 3172 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:23:18.0910 3172 KtmRm - ok
18:23:18.0941 3172 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
18:23:19.0019 3172 LanmanServer - ok
18:23:19.0050 3172 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:23:19.0159 3172 LanmanWorkstation - ok
18:23:19.0206 3172 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:23:19.0268 3172 lltdio - ok
18:23:19.0300 3172 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:23:19.0362 3172 lltdsvc - ok
18:23:19.0409 3172 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:23:19.0487 3172 lmhosts - ok
18:23:19.0518 3172 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:23:19.0534 3172 LSI_FC - ok
18:23:19.0565 3172 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:23:19.0580 3172 LSI_SAS - ok
18:23:19.0596 3172 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:23:19.0612 3172 LSI_SAS2 - ok
18:23:19.0627 3172 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:23:19.0643 3172 LSI_SCSI - ok
18:23:19.0658 3172 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:23:19.0705 3172 luafv - ok
18:23:19.0752 3172 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:23:19.0783 3172 Mcx2Svc - ok
18:23:19.0830 3172 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
18:23:19.0861 3172 megasas - ok
18:23:19.0877 3172 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:23:19.0908 3172 MegaSR - ok
18:23:19.0955 3172 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:23:20.0002 3172 MMCSS - ok
18:23:20.0033 3172 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:23:20.0111 3172 Modem - ok
18:23:20.0142 3172 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:23:20.0236 3172 monitor - ok
18:23:20.0267 3172 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:23:20.0282 3172 mouclass - ok
18:23:20.0345 3172 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:23:20.0407 3172 mouhid - ok
18:23:20.0438 3172 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:23:20.0454 3172 mountmgr - ok
18:23:20.0532 3172 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:23:20.0563 3172 MozillaMaintenance - ok
18:23:20.0594 3172 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:23:20.0626 3172 mpio - ok
18:23:20.0626 3172 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:23:20.0672 3172 mpsdrv - ok
18:23:20.0750 3172 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:23:20.0860 3172 MpsSvc - ok
18:23:20.0891 3172 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:23:20.0969 3172 MRxDAV - ok
18:23:21.0000 3172 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:23:21.0062 3172 mrxsmb - ok
18:23:21.0109 3172 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:23:21.0140 3172 mrxsmb10 - ok
18:23:21.0156 3172 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:23:21.0187 3172 mrxsmb20 - ok
18:23:21.0234 3172 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:23:21.0250 3172 msahci - ok
18:23:21.0265 3172 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:23:21.0296 3172 msdsm - ok
18:23:21.0312 3172 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:23:21.0374 3172 MSDTC - ok
18:23:21.0421 3172 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:23:21.0499 3172 Msfs - ok
18:23:21.0530 3172 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:23:21.0671 3172 mshidkmdf - ok
18:23:21.0702 3172 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:23:21.0718 3172 msisadrv - ok
18:23:21.0780 3172 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:23:21.0889 3172 MSiSCSI - ok
18:23:21.0889 3172 msiserver - ok
18:23:21.0952 3172 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:23:22.0061 3172 MSKSSRV - ok
18:23:22.0092 3172 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:23:22.0186 3172 MSPCLOCK - ok
18:23:22.0201 3172 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:23:22.0264 3172 MSPQM - ok
18:23:22.0295 3172 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:23:22.0326 3172 MsRPC - ok
18:23:22.0342 3172 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:23:22.0373 3172 mssmbios - ok
18:23:22.0404 3172 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:23:22.0482 3172 MSTEE - ok
18:23:22.0513 3172 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
18:23:22.0529 3172 MTConfig - ok
18:23:22.0560 3172 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:23:22.0576 3172 Mup - ok
18:23:22.0622 3172 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:23:22.0685 3172 napagent - ok
18:23:22.0732 3172 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:23:22.0825 3172 NativeWifiP - ok
18:23:22.0888 3172 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:23:22.0966 3172 NDIS - ok
18:23:22.0997 3172 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:23:23.0122 3172 NdisCap - ok
18:23:23.0153 3172 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:23:23.0231 3172 NdisTapi - ok
18:23:23.0262 3172 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:23:23.0324 3172 Ndisuio - ok
18:23:23.0340 3172 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:23:23.0418 3172 NdisWan - ok
18:23:23.0449 3172 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:23:23.0558 3172 NDProxy - ok
18:23:23.0590 3172 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:23:23.0652 3172 NetBIOS - ok
18:23:23.0683 3172 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:23:23.0746 3172 NetBT - ok
18:23:23.0761 3172 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:23:23.0792 3172 Netlogon - ok
18:23:23.0839 3172 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:23:23.0964 3172 Netman - ok
18:23:23.0980 3172 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:23:24.0089 3172 netprofm - ok
18:23:24.0120 3172 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:23:24.0151 3172 NetTcpPortSharing - ok
18:23:24.0198 3172 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:23:24.0245 3172 nfrd960 - ok
18:23:24.0292 3172 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:23:24.0448 3172 NlaSvc - ok
18:23:24.0463 3172 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:23:24.0541 3172 Npfs - ok
18:23:24.0557 3172 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:23:24.0635 3172 nsi - ok
18:23:24.0666 3172 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:23:24.0744 3172 nsiproxy - ok
18:23:24.0838 3172 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:23:24.0947 3172 Ntfs - ok
18:23:24.0978 3172 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:23:25.0040 3172 Null - ok
18:23:25.0072 3172 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:23:25.0103 3172 nvraid - ok
18:23:25.0150 3172 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:23:25.0181 3172 nvstor - ok
18:23:25.0228 3172 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:23:25.0259 3172 nv_agp - ok
18:23:25.0259 3172 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:23:25.0290 3172 ohci1394 - ok
18:23:25.0321 3172 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:23:25.0384 3172 p2pimsvc - ok
18:23:25.0415 3172 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:23:25.0477 3172 p2psvc - ok
18:23:25.0524 3172 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
18:23:25.0571 3172 Parport - ok
18:23:25.0618 3172 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:23:25.0664 3172 partmgr - ok
18:23:25.0680 3172 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:23:25.0727 3172 PcaSvc - ok
18:23:25.0758 3172 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:23:25.0789 3172 pci - ok
18:23:25.0805 3172 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:23:25.0836 3172 pciide - ok
18:23:25.0867 3172 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:23:25.0898 3172 pcmcia - ok
18:23:25.0898 3172 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:23:25.0930 3172 pcw - ok
18:23:25.0945 3172 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:23:26.0008 3172 PEAUTH - ok
18:23:26.0070 3172 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:23:26.0195 3172 PeerDistSvc - ok
18:23:26.0288 3172 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:23:26.0382 3172 PerfHost - ok
18:23:26.0476 3172 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:23:26.0616 3172 pla - ok
18:23:26.0663 3172 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:23:26.0756 3172 PlugPlay - ok
18:23:26.0788 3172 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:23:26.0850 3172 PNRPAutoReg - ok
18:23:26.0881 3172 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:23:26.0928 3172 PNRPsvc - ok
18:23:26.0975 3172 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:23:27.0084 3172 PolicyAgent - ok
18:23:27.0115 3172 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:23:27.0178 3172 Power - ok
18:23:27.0240 3172 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:23:27.0365 3172 PptpMiniport - ok
18:23:27.0396 3172 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
18:23:27.0458 3172 Processor - ok
18:23:27.0505 3172 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:23:27.0583 3172 ProfSvc - ok
18:23:27.0614 3172 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:23:27.0646 3172 ProtectedStorage - ok
18:23:27.0677 3172 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:23:27.0739 3172 Psched - ok
18:23:27.0786 3172 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
18:23:27.0817 3172 PSI_SVC_2 - ok
18:23:27.0864 3172 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:23:27.0926 3172 ql2300 - ok
18:23:27.0958 3172 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:23:27.0989 3172 ql40xx - ok
18:23:28.0036 3172 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:23:28.0082 3172 QWAVE - ok
18:23:28.0098 3172 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:23:28.0145 3172 QWAVEdrv - ok
18:23:28.0192 3172 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:23:28.0270 3172 RasAcd - ok
18:23:28.0301 3172 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:23:28.0363 3172 RasAgileVpn - ok
18:23:28.0394 3172 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:23:28.0504 3172 RasAuto - ok
18:23:28.0535 3172 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:23:28.0628 3172 Rasl2tp - ok
18:23:28.0660 3172 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:23:28.0722 3172 RasMan - ok
18:23:28.0769 3172 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:23:28.0847 3172 RasPppoe - ok
18:23:28.0878 3172 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:23:28.0940 3172 RasSstp - ok
18:23:28.0987 3172 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:23:29.0096 3172 rdbss - ok
18:23:29.0128 3172 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:23:29.0190 3172 rdpbus - ok
18:23:29.0221 3172 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:23:29.0284 3172 RDPCDD - ok
18:23:29.0346 3172 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:23:29.0440 3172 RDPDR - ok
18:23:29.0471 3172 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:23:29.0596 3172 RDPENCDD - ok
18:23:29.0611 3172 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:23:29.0674 3172 RDPREFMP - ok
18:23:29.0705 3172 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:23:29.0798 3172 RDPWD - ok
18:23:29.0876 3172 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:23:29.0892 3172 rdyboost - ok
18:23:29.0939 3172 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:23:30.0017 3172 RemoteAccess - ok
18:23:30.0048 3172 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:23:30.0126 3172 RemoteRegistry - ok
18:23:30.0157 3172 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:23:30.0220 3172 RpcEptMapper - ok
18:23:30.0251 3172 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:23:30.0298 3172 RpcLocator - ok
18:23:30.0329 3172 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:23:30.0391 3172 RpcSs - ok
18:23:30.0438 3172 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:23:30.0516 3172 rspndr - ok
18:23:30.0563 3172 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
18:23:30.0641 3172 s3cap - ok
18:23:30.0656 3172 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:23:30.0672 3172 SamSs - ok
18:23:30.0703 3172 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:23:30.0719 3172 sbp2port - ok
18:23:30.0750 3172 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:23:30.0828 3172 SCardSvr - ok
18:23:30.0844 3172 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:23:30.0922 3172 scfilter - ok
18:23:30.0968 3172 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:23:31.0062 3172 Schedule - ok
18:23:31.0093 3172 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:23:31.0140 3172 SCPolicySvc - ok
18:23:31.0187 3172 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:23:31.0296 3172 SDRSVC - ok
18:23:31.0327 3172 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:23:31.0421 3172 secdrv - ok
18:23:31.0452 3172 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:23:31.0514 3172 seclogon - ok
18:23:31.0546 3172 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
18:23:31.0608 3172 SENS - ok
18:23:31.0639 3172 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:23:31.0717 3172 SensrSvc - ok
18:23:31.0764 3172 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
18:23:31.0842 3172 Serenum - ok
18:23:31.0873 3172 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
18:23:31.0936 3172 Serial - ok
18:23:31.0998 3172 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:23:32.0060 3172 sermouse - ok
18:23:32.0123 3172 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:23:32.0185 3172 SessionEnv - ok
18:23:32.0201 3172 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:23:32.0216 3172 sffdisk - ok
18:23:32.0232 3172 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:23:32.0263 3172 sffp_mmc - ok
18:23:32.0263 3172 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:23:32.0310 3172 sffp_sd - ok
18:23:32.0310 3172 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:23:32.0357 3172 sfloppy - ok
18:23:32.0388 3172 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:23:32.0466 3172 SharedAccess - ok
18:23:32.0513 3172 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:23:32.0622 3172 ShellHWDetection - ok
18:23:32.0653 3172 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:23:32.0684 3172 SiSRaid2 - ok
18:23:32.0700 3172 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:23:32.0716 3172 SiSRaid4 - ok
18:23:32.0778 3172 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:23:32.0825 3172 SkypeUpdate - ok
18:23:32.0856 3172 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:23:32.0918 3172 Smb - ok
18:23:32.0981 3172 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:23:33.0028 3172 SNMPTRAP - ok
18:23:33.0059 3172 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:23:33.0074 3172 spldr - ok
18:23:33.0121 3172 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:23:33.0184 3172 Spooler - ok
18:23:33.0308 3172 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:23:33.0496 3172 sppsvc - ok
18:23:33.0527 3172 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:23:33.0574 3172 sppuinotify - ok
18:23:33.0605 3172 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:23:33.0698 3172 srv - ok
18:23:33.0714 3172 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:23:33.0761 3172 srv2 - ok
18:23:33.0808 3172 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:23:33.0854 3172 SrvHsfHDA - ok
18:23:33.0932 3172 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:23:34.0057 3172 SrvHsfV92 - ok
18:23:34.0104 3172 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:23:34.0135 3172 SrvHsfWinac - ok
18:23:34.0182 3172 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:23:34.0244 3172 srvnet - ok
18:23:34.0307 3172 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:23:34.0416 3172 SSDPSRV - ok
18:23:34.0447 3172 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:23:34.0510 3172 SstpSvc - ok
18:23:34.0556 3172 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:23:34.0572 3172 stexstor - ok
18:23:34.0588 3172 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:23:34.0681 3172 stisvc - ok
18:23:34.0712 3172 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:23:34.0744 3172 storflt - ok
18:23:34.0775 3172 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
18:23:34.0822 3172 StorSvc - ok
18:23:34.0884 3172 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:23:34.0931 3172 storvsc - ok
18:23:34.0962 3172 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:23:34.0993 3172 swenum - ok
18:23:35.0040 3172 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:23:35.0149 3172 swprv - ok
18:23:35.0212 3172 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:23:35.0383 3172 SysMain - ok
18:23:35.0414 3172 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:23:35.0446 3172 TabletInputService - ok
18:23:35.0477 3172 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:23:35.0539 3172 TapiSrv - ok
18:23:35.0570 3172 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:23:35.0664 3172 TBS - ok
18:23:35.0758 3172 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:23:35.0867 3172 Tcpip - ok
18:23:35.0914 3172 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:23:35.0976 3172 TCPIP6 - ok
18:23:36.0023 3172 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:23:36.0116 3172 tcpipreg - ok
18:23:36.0132 3172 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:23:36.0163 3172 TDPIPE - ok
18:23:36.0194 3172 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:23:36.0210 3172 TDTCP - ok
18:23:36.0241 3172 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:23:36.0319 3172 tdx - ok
18:23:36.0335 3172 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:23:36.0350 3172 TermDD - ok
18:23:36.0397 3172 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:23:36.0475 3172 TermService - ok
18:23:36.0506 3172 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:23:36.0553 3172 Themes - ok
18:23:36.0553 3172 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:23:36.0616 3172 THREADORDER - ok
18:23:36.0647 3172 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:23:36.0740 3172 TrkWks - ok
18:23:36.0803 3172 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:23:36.0912 3172 TrustedInstaller - ok
18:23:36.0943 3172 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:23:37.0037 3172 tssecsrv - ok
18:23:37.0052 3172 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:23:37.0115 3172 TsUsbFlt - ok
18:23:37.0162 3172 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
18:23:37.0208 3172 TsUsbGD - ok
18:23:37.0255 3172 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:23:37.0380 3172 tunnel - ok
18:23:37.0427 3172 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:23:37.0474 3172 uagp35 - ok
18:23:37.0505 3172 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:23:37.0614 3172 udfs - ok
18:23:37.0676 3172 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:23:37.0708 3172 UI0Detect - ok
18:23:37.0770 3172 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:23:37.0801 3172 uliagpkx - ok
18:23:37.0832 3172 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:23:37.0926 3172 umbus - ok
18:23:37.0957 3172 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
18:23:38.0004 3172 UmPass - ok
18:23:38.0035 3172 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
18:23:38.0098 3172 UmRdpService - ok
18:23:38.0160 3172 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:23:38.0316 3172 upnphost - ok
18:23:38.0347 3172 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:23:38.0441 3172 usbccgp - ok
18:23:38.0488 3172 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:23:38.0519 3172 usbcir - ok
18:23:38.0550 3172 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:23:38.0612 3172 usbehci - ok
18:23:38.0644 3172 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:23:38.0690 3172 usbhub - ok
18:23:38.0722 3172 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:23:38.0800 3172 usbohci - ok
18:23:38.0831 3172 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
18:23:38.0893 3172 usbprint - ok
18:23:38.0924 3172 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
18:23:39.0034 3172 USBSTOR - ok
18:23:39.0080 3172 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:23:39.0158 3172 usbuhci - ok
18:23:39.0205 3172 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:23:39.0283 3172 usbvideo - ok
18:23:39.0314 3172 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:23:39.0392 3172 UxSms - ok
18:23:39.0424 3172 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:23:39.0455 3172 VaultSvc - ok
18:23:39.0502 3172 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:23:39.0564 3172 vdrvroot - ok
18:23:39.0595 3172 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:23:39.0673 3172 vds - ok
18:23:39.0689 3172 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:23:39.0736 3172 vga - ok
18:23:39.0751 3172 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:23:39.0814 3172 VgaSave - ok
18:23:39.0845 3172 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:23:39.0860 3172 vhdmp - ok
18:23:39.0876 3172 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:23:39.0892 3172 viaide - ok
18:23:39.0923 3172 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:23:39.0938 3172 vmbus - ok
18:23:39.0970 3172 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
18:23:40.0016 3172 VMBusHID - ok
18:23:40.0048 3172 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:23:40.0063 3172 volmgr - ok
18:23:40.0079 3172 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:23:40.0110 3172 volmgrx - ok
18:23:40.0110 3172 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:23:40.0141 3172 volsnap - ok
18:23:40.0172 3172 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:23:40.0204 3172 vsmraid - ok
18:23:40.0297 3172 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:23:40.0422 3172 VSS - ok
18:23:40.0453 3172 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:23:40.0516 3172 vwifibus - ok
18:23:40.0547 3172 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:23:40.0578 3172 vwififlt - ok
18:23:40.0625 3172 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:23:40.0718 3172 W32Time - ok
18:23:40.0765 3172 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:23:40.0843 3172 WacomPen - ok
18:23:40.0874 3172 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:23:40.0952 3172 WANARP - ok
18:23:40.0968 3172 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:23:41.0030 3172 Wanarpv6 - ok
18:23:41.0108 3172 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:23:41.0202 3172 WatAdminSvc - ok
18:23:41.0249 3172 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:23:41.0358 3172 wbengine - ok
18:23:41.0374 3172 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:23:41.0405 3172 WbioSrvc - ok
18:23:41.0420 3172 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:23:41.0467 3172 wcncsvc - ok
18:23:41.0498 3172 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:23:41.0561 3172 WcsPlugInService - ok
18:23:41.0608 3172 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
18:23:41.0623 3172 Wd - ok
18:23:41.0654 3172 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:23:41.0701 3172 Wdf01000 - ok
18:23:41.0732 3172 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:23:41.0873 3172 WdiServiceHost - ok
18:23:41.0888 3172 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:23:41.0920 3172 WdiSystemHost - ok
18:23:41.0951 3172 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:23:42.0013 3172 WebClient - ok
18:23:42.0044 3172 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:23:42.0154 3172 Wecsvc - ok
18:23:42.0169 3172 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:23:42.0232 3172 wercplsupport - ok
18:23:42.0247 3172 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:23:42.0325 3172 WerSvc - ok
18:23:42.0356 3172 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:23:42.0419 3172 WfpLwf - ok
18:23:42.0466 3172 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:23:42.0512 3172 WIMMount - ok
18:23:42.0528 3172 WinDefend - ok
18:23:42.0544 3172 WinHttpAutoProxySvc - ok
18:23:42.0590 3172 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:23:42.0684 3172 Winmgmt - ok
18:23:42.0762 3172 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:23:42.0965 3172 WinRM - ok
18:23:43.0074 3172 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:23:43.0168 3172 Wlansvc - ok
18:23:43.0183 3172 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:23:43.0214 3172 WmiAcpi - ok
18:23:43.0261 3172 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:23:43.0292 3172 wmiApSrv - ok
18:23:43.0324 3172 WMPNetworkSvc - ok
18:23:43.0355 3172 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:23:43.0402 3172 WPCSvc - ok
18:23:43.0433 3172 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:23:43.0464 3172 WPDBusEnum - ok
18:23:43.0495 3172 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:23:43.0558 3172 ws2ifsl - ok
18:23:43.0573 3172 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
18:23:43.0620 3172 wscsvc - ok
18:23:43.0636 3172 WSearch - ok
18:23:43.0745 3172 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:23:43.0870 3172 wuauserv - ok
18:23:43.0885 3172 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:23:43.0948 3172 WudfPf - ok
18:23:43.0994 3172 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:23:44.0135 3172 WUDFRd - ok
18:23:44.0182 3172 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:23:44.0275 3172 wudfsvc - ok
18:23:44.0306 3172 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:23:44.0384 3172 WwanSvc - ok
18:23:44.0416 3172 ================ Scan global ===============================
18:23:44.0447 3172 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:23:44.0509 3172 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
18:23:44.0540 3172 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
18:23:44.0634 3172 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:23:44.0790 3172 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:23:44.0821 3172 [Global] - ok
18:23:44.0821 3172 ================ Scan MBR ==================================
18:23:44.0852 3172 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:23:45.0305 3172 \Device\Harddisk0\DR0 - ok
18:23:45.0305 3172 ================ Scan VBR ==================================
18:23:45.0320 3172 [ 429AA67D708A0C4B172F8C4B7D790388 ] \Device\Harddisk0\DR0\Partition1
18:23:45.0320 3172 \Device\Harddisk0\DR0\Partition1 - ok
18:23:45.0367 3172 [ 7CAEBABE87EAFC1D52BEC2C1DC5D9C1D ] \Device\Harddisk0\DR0\Partition2
18:23:45.0383 3172 \Device\Harddisk0\DR0\Partition2 - ok
18:23:45.0383 3172 ============================================================
18:23:45.0383 3172 Scan finished
18:23:45.0383 3172 ============================================================
18:23:45.0398 1624 Detected object count: 0
18:23:45.0398 1624 Actual detected object count: 0
18:24:03.0109 3288 Deinitialize success


OTL :

OTL logfile created on: 04.11.2012 18:25:32 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Soner\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,75 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 66,01% Memory free
7,49 Gb Paging File | 5,96 Gb Available in Paging File | 79,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 371,78 Gb Free Space | 62,37% Space Free | Partition Type: NTFS

Computer Name: SONER-PC | User Name: Soner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Soner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\avformat-54.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avast! Web Scanner) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (ALWIL Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (ALWIL Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (ALWIL Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (ALWIL Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (ALWIL Software)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3147729049-1134107313-2390106882-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3147729049-1134107313-2390106882-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 E0 18 94 B1 B2 CD 01 [binary data]
IE - HKU\S-1-5-21-3147729049-1134107313-2390106882-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3147729049-1134107313-2390106882-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3147729049-1134107313-2390106882-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.25 14:10:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012.10.25 14:10:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Soner\AppData\Roaming\mozilla\Extensions
[2012.10.25 14:14:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Soner\AppData\Roaming\mozilla\Firefox\Profiles\ven14gag.default\extensions
[2012.10.25 14:10:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.11 02:05:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.11 08:15:12 | 000,001,182 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-tr.xml
[2012.10.11 08:15:12 | 000,002,489 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yandex-tr.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Soner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Soner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

O1 HOSTS File: ([2012.10.27 20:43:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3147729049-1134107313-2390106882-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3147729049-1134107313-2390106882-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3147729049-1134107313-2390106882-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A778F1C-805A-4C4E-BF80-E9CBAE7DAE57}: DhcpNameServer = 212.186.211.21 195.34.133.21
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.11.03 23:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012.11.03 23:07:39 | 000,000,000 | ---D | C] -- C:\Users\Soner\Desktop\Bluetooth_Broadcom(2045 & 2046)_v6.2.1.0100_Win7x86x64
[2012.11.03 14:37:33 | 000,000,000 | ---D | C] -- C:\Users\Soner\Desktop\RK_Quarantine
[2012.11.03 14:34:09 | 000,526,680 | ---- | C] (SweetIM Technologies Ltd.) -- C:\Users\Soner\Desktop\sweetimsetup.exe
[2012.11.02 18:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012.11.02 18:05:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012.11.02 18:05:19 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Soner\Desktop\erunt-setup.exe
[2012.11.02 16:20:22 | 000,694,375 | ---- | C] (Farbar) -- C:\Users\Soner\Desktop\FSS.exe
[2012.11.02 15:14:07 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Soner\Desktop\aswMBR.exe
[2012.11.02 10:00:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2012.11.02 10:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2012.11.02 09:54:28 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.11.01 20:40:51 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Roaming\ImgBurn
[2012.11.01 20:35:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2012.10.31 21:49:22 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Soner\Desktop\TDSSKiller.exe
[2012.10.29 15:54:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Soner\Desktop\OTL.exe
[2012.10.29 15:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
[2012.10.29 15:42:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Geeks3D
[2012.10.27 20:43:25 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.10.27 20:30:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.27 20:30:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.27 20:30:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.27 20:26:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.27 20:25:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.27 20:24:18 | 004,989,309 | R--- | C] (Swearware) -- C:\Users\Soner\Desktop\ComboFix.exe
[2012.10.27 15:36:22 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Local\Macromedia
[2012.10.26 18:57:11 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.26 18:57:11 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.10.26 18:57:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.10.25 20:32:20 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Local\CRE
[2012.10.25 20:23:49 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012.10.25 20:19:37 | 000,000,000 | ---D | C] -- C:\Users\Soner\Desktop\ageof
[2012.10.25 20:18:28 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
[2012.10.25 20:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
[2012.10.25 20:18:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicISO
[2012.10.25 20:14:00 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Roaming\TuneUp Software
[2012.10.25 20:13:36 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.10.25 20:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.10.25 20:12:10 | 000,000,000 | --SD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.10.25 20:11:45 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.10.25 20:11:41 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Roaming\DAEMON Tools Lite
[2012.10.25 20:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012.10.25 20:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012.10.25 16:39:31 | 000,000,000 | ---D | C] -- C:\Users\Soner\Desktop\BIOS_Acer_2.15_Windows
[2012.10.25 15:52:05 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Roaming\WinZip
[2012.10.25 15:51:14 | 000,000,000 | ---D | C] -- C:\Users\Soner\Desktop\everest
[2012.10.25 14:10:32 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Roaming\Mozilla
[2012.10.25 14:10:32 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Local\Mozilla
[2012.10.25 14:10:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.10.25 14:10:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.10.25 14:10:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.25 14:06:47 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Roaming\Macromedia
[2012.10.25 13:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.10.25 13:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012.10.25 13:05:31 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
[2012.10.25 12:51:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012.10.25 12:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.10.25 12:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS4
[2012.10.25 12:48:31 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Roaming\Adobe
[2012.10.25 12:47:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.10.25 12:47:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012.10.25 12:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.10.25 12:45:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012.10.25 12:45:41 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Local\Adobe
[2012.10.25 12:45:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2012.10.25 12:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012.10.25 12:18:35 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Local\WinZip
[2012.10.25 12:02:53 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Local\AMD
[2012.10.25 12:02:38 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Roaming\ATI
[2012.10.25 12:02:38 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Local\ATI
[2012.10.25 12:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.10.25 12:02:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012.10.25 12:02:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.10.25 12:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012.10.25 12:02:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012.10.25 12:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012.10.25 12:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012.10.25 12:01:15 | 000,046,136 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdiox64.sys
[2012.10.25 11:59:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012.10.25 11:59:46 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.10.25 11:58:59 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012.10.25 11:57:53 | 000,000,000 | ---D | C] -- C:\AMD
[2012.10.25 11:44:58 | 000,000,000 | ---D | C] -- C:\Users\Soner\Documents\My Palettes
[2012.10.25 11:40:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel
[2012.10.25 11:39:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Protexis
[2012.10.25 11:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5
[2012.10.25 11:33:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2012.10.25 10:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis
[2012.10.25 10:20:32 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Roaming\Corel
[2012.10.25 10:09:17 | 000,000,000 | ---D | C] -- C:\Users\Soner\Documents\Corel
[2012.10.25 10:08:59 | 000,000,000 | ---D | C] -- C:\Users\Soner\Documents\Visual Studio 2008
[2012.10.25 10:08:54 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Local\Microsoft Help
[2012.10.25 10:07:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2012.10.25 10:07:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2012.10.25 10:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.10.25 10:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2012.10.25 09:33:11 | 000,000,000 | ---D | C] -- C:\Users\Soner\Documents\Vuze Downloads
[2012.10.25 09:29:32 | 000,000,000 | ---D | C] -- C:\Users\Soner\.swt
[2012.10.25 09:26:40 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Roaming\Azureus
[2012.10.25 09:26:19 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2012.10.25 08:51:05 | 000,022,096 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.10.25 08:51:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Pro Antivirus
[2012.10.25 08:51:04 | 000,121,936 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.10.25 08:51:02 | 000,424,016 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.10.25 08:51:01 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012.10.25 08:50:59 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.10.25 08:50:55 | 000,063,568 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.10.25 08:49:21 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.10.25 08:49:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2012.10.25 08:49:18 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2012.10.24 23:16:03 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2012.10.24 23:16:03 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2012.10.24 23:15:59 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2012.10.24 23:15:59 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2012.10.24 23:15:59 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2012.10.24 23:15:59 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2012.10.24 23:15:59 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2012.10.24 23:15:59 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2012.10.24 23:15:58 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2012.10.24 10:29:34 | 000,000,000 | ---D | C] -- C:\Users\Soner\Desktop\Mastercollection cs4
[2012.10.24 10:29:06 | 000,000,000 | ---D | C] -- C:\Users\Soner\Desktop\Corel DRAW Graphics Suite X5 EN + KEYGEN [bertbosi]
[2012.10.24 10:17:02 | 000,000,000 | ---D | C] -- C:\Users\Soner\Desktop\bauplatz
[2012.10.24 10:09:26 | 000,000,000 | ---D | C] -- C:\Users\Soner\Desktop\DCIM
[2012.10.24 10:08:23 | 000,000,000 | ---D | C] -- C:\Users\Soner\Desktop\Exports
[2012.10.24 07:41:46 | 000,000,000 | ---D | C] -- C:\Users\Soner\Desktop\Soner
[2012.10.24 07:21:14 | 000,000,000 | ---D | C] -- C:\Users\Soner\Desktop\TU Architektur
[2012.10.24 07:16:18 | 000,000,000 | ---D | C] -- C:\Users\Soner\Desktop\Portfolio
[2012.10.24 06:44:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.10.24 03:05:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012.10.24 03:05:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012.10.24 02:14:45 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012.10.24 02:11:16 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012.10.24 02:11:16 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012.10.24 02:11:16 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.10.24 02:11:16 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.10.24 02:11:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.10.24 02:11:16 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.10.24 02:11:16 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.10.24 02:11:16 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.10.24 02:11:16 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.10.24 02:11:16 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012.10.24 02:11:16 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012.10.24 02:11:16 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012.10.24 02:11:16 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012.10.24 02:11:16 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.10.24 02:11:16 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012.10.24 02:11:16 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012.10.24 02:11:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.10.24 02:11:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.10.24 02:11:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.10.24 02:11:16 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012.10.24 02:11:16 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012.10.24 02:11:16 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012.10.24 02:11:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.10.24 02:11:16 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.10.24 02:11:16 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012.10.24 02:11:16 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012.10.24 02:11:16 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012.10.24 02:11:16 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012.10.24 02:11:16 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012.10.24 02:11:16 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012.10.24 02:11:16 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012.10.24 02:11:16 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012.10.24 02:11:16 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012.10.24 02:11:16 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012.10.24 02:11:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.10.24 02:11:16 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012.10.24 02:11:16 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012.10.24 02:11:16 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012.10.24 02:11:16 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.10.24 02:11:16 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012.10.24 02:11:16 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012.10.24 02:11:16 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012.10.24 02:11:16 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012.10.24 02:11:16 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012.10.24 02:11:16 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.10.24 02:11:16 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012.10.24 02:11:16 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012.10.24 02:11:16 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012.10.24 02:11:16 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012.10.24 02:11:16 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012.10.24 02:11:16 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012.10.24 02:11:16 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012.10.24 02:11:16 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012.10.24 02:11:16 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012.10.24 02:11:16 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012.10.24 02:11:16 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012.10.24 02:11:16 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012.10.24 02:11:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.10.24 02:11:16 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012.10.24 02:11:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012.10.24 02:11:16 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012.10.24 02:11:16 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012.10.24 02:11:16 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012.10.24 02:11:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012.10.24 02:11:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012.10.24 02:11:16 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012.10.24 02:11:16 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012.10.24 02:11:16 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.10.24 02:11:16 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.10.24 02:11:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012.10.24 02:11:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.10.24 02:11:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012.10.24 02:03:27 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.10.24 02:03:27 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012.10.23 23:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012.10.23 23:04:04 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012.10.23 23:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012.10.23 22:42:33 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012.10.23 22:42:32 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012.10.23 22:42:32 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012.10.23 22:42:32 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012.10.23 22:42:32 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012.10.23 22:42:32 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012.10.23 22:42:32 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012.10.23 22:42:32 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012.10.23 22:42:32 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012.10.23 22:42:32 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012.10.23 22:42:30 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.10.23 22:42:23 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2012.10.23 22:42:22 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2012.10.23 22:42:22 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2012.10.23 22:42:22 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2012.10.23 22:42:22 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2012.10.23 22:42:22 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2012.10.23 22:42:21 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012.10.23 22:42:20 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012.10.23 22:42:17 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012.10.23 22:42:17 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012.10.23 22:42:16 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012.10.23 22:42:15 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012.10.23 22:42:15 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.10.23 22:42:15 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.10.23 22:42:11 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012.10.23 22:42:10 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012.10.23 22:42:09 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012.10.23 22:42:09 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012.10.23 22:42:09 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012.10.23 22:42:09 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012.10.23 22:42:09 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012.10.23 22:42:09 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012.10.23 22:42:09 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012.10.23 22:42:09 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012.10.23 22:42:09 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012.10.23 22:42:08 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012.10.23 22:42:08 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012.10.23 22:42:08 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012.10.23 22:42:06 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012.10.23 22:42:06 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012.10.23 22:42:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.10.23 22:42:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.10.23 22:42:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012.10.23 22:42:00 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012.10.23 22:41:59 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012.10.23 22:41:58 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012.10.23 22:41:58 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012.10.23 22:41:50 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.10.23 22:41:49 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.10.23 22:41:49 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.10.23 22:41:47 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012.10.23 22:41:46 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012.10.23 22:41:45 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2012.10.23 22:41:45 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2012.10.23 22:41:45 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2012.10.23 22:41:44 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2012.10.23 22:41:33 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.10.23 22:41:33 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.10.23 22:41:33 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.10.23 22:41:33 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.10.23 22:41:32 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.10.23 22:41:32 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.10.23 22:41:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.10.23 22:41:32 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.10.23 22:41:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.10.23 22:41:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.10.23 22:41:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.10.23 22:41:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.10.23 22:41:32 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.10.23 22:41:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.23 22:41:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.23 22:41:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.23 22:41:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.23 22:41:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.23 22:41:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.10.23 22:41:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.10.23 22:41:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.10.23 22:41:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.23 22:41:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.23 22:41:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.23 22:41:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.23 22:41:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.23 22:41:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.23 22:41:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.23 22:41:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.10.23 22:41:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.10.23 22:41:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.10.23 22:41:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.23 22:41:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.23 22:41:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.23 22:41:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.10.23 22:41:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.10.23 22:41:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.10.23 22:41:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.10.23 22:41:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.23 22:41:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.10.23 22:41:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.10.23 22:41:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.10.23 22:41:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.10.23 22:41:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.10.23 22:41:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.10.23 22:41:31 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.10.23 22:41:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.23 22:41:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.10.23 22:41:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.10.23 22:41:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.23 22:41:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.23 22:41:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.10.23 22:41:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.10.23 22:41:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.23 22:41:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.10.23 22:41:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.10.23 22:41:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.23 22:41:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.23 22:41:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.23 22:41:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.23 22:41:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.23 22:41:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.23 22:41:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.10.23 22:41:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.10.23 22:41:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.23 22:41:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.23 22:41:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.10.23 22:41:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.10.23 22:41:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.10.23 22:41:18 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012.10.23 22:41:16 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.10.23 22:41:15 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.10.23 22:41:15 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.10.23 22:41:15 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.10.23 22:41:05 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.10.23 22:41:05 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.10.23 22:41:05 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012.10.23 22:41:05 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012.10.23 22:41:05 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012.10.23 22:41:03 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.10.23 22:41:03 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012.10.23 22:41:00 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.10.23 22:41:00 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.10.23 22:41:00 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2012.10.23 22:41:00 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2012.10.23 22:41:00 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.10.23 22:41:00 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.10.23 22:40:51 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012.10.23 22:40:49 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2012.10.23 22:40:49 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2012.10.23 22:40:49 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2012.10.23 22:40:38 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.10.23 22:40:23 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012.10.23 22:39:53 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012.10.23 22:39:52 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012.10.23 22:39:52 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012.10.23 22:39:52 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012.10.23 22:39:51 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012.10.23 22:39:45 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2012.10.23 22:39:45 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2012.10.23 22:39:45 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2012.10.23 22:39:45 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2012.10.23 22:39:45 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2012.10.23 22:39:45 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2012.10.23 22:39:45 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2012.10.23 22:39:38 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.10.23 22:39:37 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012.10.23 22:39:37 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012.10.23 22:31:22 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Roaming\Skype
[2012.10.23 22:31:14 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.10.23 22:31:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.10.23 22:31:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.10.23 22:31:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.10.23 22:29:38 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.10.23 22:29:38 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.10.23 22:29:38 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.10.23 22:29:34 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012.10.23 22:29:34 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012.10.23 22:29:30 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.10.23 22:29:29 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2012.10.23 22:29:24 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012.10.23 22:29:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.10.23 22:28:56 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.10.23 22:28:51 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012.10.23 22:28:51 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012.10.23 22:27:57 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.10.23 22:27:57 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.10.23 22:27:50 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012.10.23 22:27:48 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.10.23 22:27:47 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.10.23 22:27:47 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.10.23 22:27:45 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012.10.23 22:27:45 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012.10.23 22:27:33 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.10.23 22:27:32 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.10.23 22:26:30 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012.10.23 22:26:30 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012.10.23 22:25:22 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012.10.23 22:25:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.10.23 22:25:07 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Local\Google
[2012.10.23 22:24:36 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Local\Apps
[2012.10.23 22:24:35 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Local\Deployment
[2012.10.23 20:40:07 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.10.23 19:56:18 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.10.23 19:56:18 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012.10.23 19:52:49 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.10.23 19:52:49 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.10.23 19:52:49 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.10.23 19:52:32 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.10.23 19:52:32 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.10.23 19:52:32 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.10.23 19:52:30 | 000,000,000 | R--D | C] -- C:\Users\Soner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.10.23 19:52:29 | 000,000,000 | R--D | C] -- C:\Users\Soner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.10.23 19:52:29 | 000,000,000 | R--D | C] -- C:\Users\Soner\Searches
[2012.10.23 19:51:57 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.10.23 19:51:57 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.10.23 19:51:45 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Roaming\Identities
[2012.10.23 19:51:40 | 000,000,000 | R--D | C] -- C:\Users\Soner\Contacts
[2012.10.23 19:51:37 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Local\VirtualStore
[2012.10.23 19:51:27 | 000,000,000 | --SD | C] -- C:\Users\Soner\AppData\Roaming\Microsoft
[2012.10.23 19:51:27 | 000,000,000 | R--D | C] -- C:\Users\Soner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.10.23 19:51:27 | 000,000,000 | R--D | C] -- C:\Users\Soner\Favorites
[2012.10.23 19:51:27 | 000,000,000 | R--D | C] -- C:\Users\Soner\Downloads
[2012.10.23 19:51:27 | 000,000,000 | R--D | C] -- C:\Users\Soner\Documents
[2012.10.23 19:51:27 | 000,000,000 | R--D | C] -- C:\Users\Soner\Desktop
[2012.10.23 19:51:27 | 000,000,000 | R--D | C] -- C:\Users\Soner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\Vorlagen
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\AppData\Local\Verlauf
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\AppData\Local\Temporary Internet Files
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\Startmenü
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\SendTo
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\Recent
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\Netzwerkumgebung
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\Lokale Einstellungen
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\Documents\Eigene Videos
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\Documents\Eigene Musik
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\Eigene Dateien
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\Documents\Eigene Bilder
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\Druckumgebung
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\Cookies
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\AppData\Local\Anwendungsdaten
[2012.10.23 19:51:27 | 000,000,000 | -HSD | C] -- C:\Users\Soner\Anwendungsdaten
[2012.10.23 19:51:27 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Local\Temp
[2012.10.23 19:51:27 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Local\Microsoft
[2012.10.23 19:51:27 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData\Roaming\Media Center Programs
[2012.10.23 19:51:27 | 000,000,000 | ---D | C] -- C:\Users\Soner\AppData
[2012.10.23 19:51:26 | 000,000,000 | R--D | C] -- C:\Users\Soner\Videos
[2012.10.23 19:51:26 | 000,000,000 | R--D | C] -- C:\Users\Soner\Saved Games
[2012.10.23 19:51:26 | 000,000,000 | R--D | C] -- C:\Users\Soner\Pictures
[2012.10.23 19:51:26 | 000,000,000 | R--D | C] -- C:\Users\Soner\Music
[2012.10.23 19:51:26 | 000,000,000 | R--D | C] -- C:\Users\Soner\Links
[2012.10.23 19:51:13 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.10.23 19:51:13 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.10.23 19:51:13 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.10.23 19:51:13 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.10.23 19:51:13 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.10.23 19:51:13 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.10.23 19:51:13 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.10.23 19:51:13 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.10.23 19:51:13 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.10.23 19:51:13 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.10.23 19:51:13 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.10.23 19:51:13 | 000,000,000 | ---D | C] -- C:\Recovery
[2012.10.23 19:43:51 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.10.23 19:41:37 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012.10.23 19:40:45 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2012.11.04 18:22:38 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.04 18:22:38 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.04 18:22:38 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.04 18:22:38 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.04 18:22:38 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.04 18:20:33 | 002,195,061 | ---- | M] () -- C:\Users\Soner\Desktop\tdsskiller.zip
[2012.11.04 18:18:36 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.04 18:18:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.04 18:18:13 | 3018,559,488 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.04 18:17:41 | 000,017,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.04 18:17:41 | 000,017,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.04 18:16:27 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.04 18:16:24 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.03 14:37:14 | 001,584,640 | ---- | M] () -- C:\Users\Soner\Desktop\RogueKiller.exe
[2012.11.03 14:36:19 | 000,001,969 | ---- | M] () -- C:\Users\Soner\Desktop\Continue SweetIM Installation.lnk
[2012.11.03 14:34:14 | 000,526,680 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Users\Soner\Desktop\sweetimsetup.exe
[2012.11.03 14:32:31 | 000,540,977 | ---- | M] () -- C:\Users\Soner\Desktop\AdwCleaner.exe
[2012.11.02 18:05:24 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Soner\Desktop\erunt-setup.exe
[2012.11.02 16:20:35 | 000,694,375 | ---- | M] (Farbar) -- C:\Users\Soner\Desktop\FSS.exe
[2012.11.02 16:20:05 | 000,000,512 | ---- | M] () -- C:\Users\Soner\Desktop\MBR.dat
[2012.11.02 15:14:31 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Soner\Desktop\aswMBR.exe
[2012.11.02 15:04:51 | 000,000,168 | ---- | M] () -- C:\Users\Soner\defogger_reenable
[2012.11.02 14:58:33 | 000,050,477 | ---- | M] () -- C:\Users\Soner\Desktop\Defogger.exe
[2012.11.01 19:26:58 | 002,169,913 | ---- | M] () -- C:\Users\Soner\Desktop\DSC_1063.JPG
[2012.11.01 19:26:54 | 002,091,035 | ---- | M] () -- C:\Users\Soner\Desktop\DSC_1024.JPG
[2012.10.31 21:49:22 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Soner\Desktop\TDSSKiller.exe
[2012.10.29 15:54:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Soner\Desktop\OTL.exe
[2012.10.29 15:24:11 | 000,283,779 | ---- | M] () -- C:\Users\Soner\Desktop\Unbenannt3.png
[2012.10.27 20:43:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.10.27 20:24:37 | 004,989,309 | R--- | M] (Swearware) -- C:\Users\Soner\Desktop\ComboFix.exe
[2012.10.27 20:14:31 | 000,007,604 | ---- | M] () -- C:\Users\Soner\AppData\Local\Resmon.ResmonCfg
[2012.10.26 18:57:11 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.26 18:57:11 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.10.25 20:32:35 | 000,000,009 | ---- | M] () -- C:\END
[2012.10.25 20:11:45 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.10.25 15:40:06 | 002,902,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.25 14:14:16 | 000,084,029 | ---- | M] () -- C:\Users\Soner\Desktop\Unbenannt.png
[2012.10.25 14:10:22 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.25 14:05:37 | 000,023,495 | ---- | M] () -- C:\Windows\SysNative\energy-report.html
[2012.10.25 14:05:37 | 000,023,495 | ---- | M] () -- C:\Users\Soner\Desktop\energy-report.html
[2012.10.25 13:04:51 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk
[2012.10.25 08:50:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.10.24 02:11:16 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012.10.24 02:11:16 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012.10.24 02:11:16 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.10.24 02:11:16 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.10.24 02:11:16 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.10.24 02:11:16 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.10.24 02:11:16 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.10.24 02:11:16 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.10.24 02:11:16 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.10.24 02:11:16 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012.10.24 02:11:16 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012.10.24 02:11:16 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012.10.24 02:11:16 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012.10.24 02:11:16 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.10.24 02:11:16 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012.10.24 02:11:16 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012.10.24 02:11:16 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.10.24 02:11:16 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.10.24 02:11:16 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.10.24 02:11:16 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012.10.24 02:11:16 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012.10.24 02:11:16 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012.10.24 02:11:16 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.10.24 02:11:16 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.10.24 02:11:16 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012.10.24 02:11:16 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012.10.24 02:11:16 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012.10.24 02:11:16 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012.10.24 02:11:16 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012.10.24 02:11:16 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012.10.24 02:11:16 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012.10.24 02:11:16 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012.10.24 02:11:16 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012.10.24 02:11:16 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012.10.24 02:11:16 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.10.24 02:11:16 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012.10.24 02:11:16 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012.10.24 02:11:16 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012.10.24 02:11:16 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.10.24 02:11:16 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012.10.24 02:11:16 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012.10.24 02:11:16 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012.10.24 02:11:16 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012.10.24 02:11:16 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012.10.24 02:11:16 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.10.24 02:11:16 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012.10.24 02:11:16 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012.10.24 02:11:16 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012.10.24 02:11:16 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012.10.24 02:11:16 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012.10.24 02:11:16 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012.10.24 02:11:16 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012.10.24 02:11:16 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012.10.24 02:11:16 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012.10.24 02:11:16 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012.10.24 02:11:16 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012.10.24 02:11:16 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012.10.24 02:11:16 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.10.24 02:11:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.10.24 02:11:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.10.24 02:11:16 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012.10.24 02:11:16 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012.10.24 02:11:16 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012.10.24 02:11:16 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012.10.24 02:11:16 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012.10.24 02:11:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012.10.24 02:11:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012.10.24 02:11:16 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012.10.24 02:11:16 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012.10.24 02:11:16 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.10.24 02:11:16 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.10.24 02:11:16 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012.10.24 02:11:16 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.10.24 02:11:16 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012.10.23 22:29:22 | 000,002,251 | ---- | M] () -- C:\Users\Soner\Desktop\Google Chrome.lnk
[2012.10.23 19:45:18 | 000,177,271 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.10.23 19:45:18 | 000,177,271 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.10.23 19:43:48 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012.10.23 19:43:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

========== Files Created - No Company Name ==========

[2012.11.04 18:20:30 | 002,195,061 | ---- | C] () -- C:\Users\Soner\Desktop\tdsskiller.zip
[2012.11.03 14:37:09 | 001,584,640 | ---- | C] () -- C:\Users\Soner\Desktop\RogueKiller.exe
[2012.11.03 14:36:12 | 000,001,969 | ---- | C] () -- C:\Users\Soner\Desktop\Continue SweetIM Installation.lnk
[2012.11.03 14:32:20 | 000,540,977 | ---- | C] () -- C:\Users\Soner\Desktop\AdwCleaner.exe
[2012.11.02 16:20:05 | 000,000,512 | ---- | C] () -- C:\Users\Soner\Desktop\MBR.dat
[2012.11.02 15:04:51 | 000,000,168 | ---- | C] () -- C:\Users\Soner\defogger_reenable
[2012.11.02 14:58:32 | 000,050,477 | ---- | C] () -- C:\Users\Soner\Desktop\Defogger.exe
[2012.11.01 19:25:03 | 002,091,035 | ---- | C] () -- C:\Users\Soner\Desktop\DSC_1024.JPG
[2012.11.01 19:25:01 | 002,169,913 | ---- | C] () -- C:\Users\Soner\Desktop\DSC_1063.JPG
[2012.10.29 15:24:11 | 000,283,779 | ---- | C] () -- C:\Users\Soner\Desktop\Unbenannt3.png
[2012.10.27 20:30:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.27 20:30:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.27 20:30:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.27 20:30:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.27 20:30:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.27 20:06:53 | 000,007,604 | ---- | C] () -- C:\Users\Soner\AppData\Local\Resmon.ResmonCfg
[2012.10.26 18:57:12 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.25 20:32:35 | 000,000,009 | ---- | C] () -- C:\END
[2012.10.25 14:14:16 | 000,084,029 | ---- | C] () -- C:\Users\Soner\Desktop\Unbenannt.png
[2012.10.25 14:11:16 | 000,023,495 | ---- | C] () -- C:\Users\Soner\Desktop\energy-report.html
[2012.10.25 14:10:22 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.10.25 14:10:22 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.25 14:05:37 | 000,023,495 | ---- | C] () -- C:\Windows\SysNative\energy-report.html
[2012.10.25 13:04:51 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk
[2012.10.25 09:26:59 | 000,001,798 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2012.10.25 08:50:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012.10.24 02:11:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.10.24 02:11:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.10.23 22:29:22 | 000,002,251 | ---- | C] () -- C:\Users\Soner\Desktop\Google Chrome.lnk
[2012.10.23 22:25:21 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.23 22:25:19 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.23 19:52:51 | 000,001,443 | ---- | C] () -- C:\Users\Soner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.10.23 19:52:51 | 000,001,409 | ---- | C] () -- C:\Users\Soner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.10.23 19:45:06 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.10.23 19:44:53 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.10.23 19:43:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.10.23 19:43:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.10.23 19:40:45 | 3018,559,488 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.04 06:34:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.04 06:34:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.04.18 18:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
  • 0

#20
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

ADW: It also says that I have Avast running or something like that and then the restart- Nothing else

Not a problem, nor a cause for concern.

Though the current version of avast you do have installed is out of date but we can address that in due course.

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the Quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[CreateRestorePoint]

:OTL
O4 - HKLM..\Run: [] File not found
[2012.11.03 14:34:09 | 000,526,680 | ---- | C] (SweetIM Technologies Ltd.) -- C:\Users\Soner\Desktop\sweetimsetup.exe
[2012.10.24 10:29:06 | 000,000,000 | ---D | C] -- C:\Users\Soner\Desktop\Corel DRAW Graphics Suite X5 EN + KEYGEN [bertbosi]

:Files
ipconfig /flushdns /c
C:\Users\Soner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif

:Commands
[ResetHosts]
[EmptyTemp]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Right-click on mbam-setup-1.65.1.1000.exe and select Run as Administrator, then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  • Launch Malwarebytes' Anti-Malware
  • Click on the Logs radio tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.

  • 0

#21
ntlyke

ntlyke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
After I followed the instructions, I opened a movie to check my laptop's performance. After an hour with fullscreen it froze again.

OTL _

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Users\Soner\Desktop\sweetimsetup.exe moved successfully.
C:\Users\Soner\Desktop\Corel DRAW Graphics Suite X5 EN + KEYGEN [bertbosi]\keygen folder moved successfully.
C:\Users\Soner\Desktop\Corel DRAW Graphics Suite X5 EN + KEYGEN [bertbosi] folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Soner\Desktop\cmd.bat deleted successfully.
C:\Users\Soner\Desktop\cmd.txt deleted successfully.
File\Folder C:\Users\Soner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Soner
->Temp folder emptied: 19551640 bytes
->Temporary Internet Files folder emptied: 23220332 bytes
->FireFox cache emptied: 76538198 bytes
->Google Chrome cache emptied: 8562395 bytes
->Flash cache emptied: 10225491 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10432 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36098902 bytes
RecycleBin emptied: 1841148 bytes

Total Files Cleaned = 168,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11042012_203437

Files\Folders moved on Reboot...
C:\Users\Soner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



MBAM :


Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.04.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Soner :: SONER-PC [administrator]

04.11.2012 20:45:10
mbam-log-2012-11-04 (20-45-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200771
Time elapsed: 4 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#22
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

After I followed the instructions, I opened a movie to check my laptop's performance. After an hour with fullscreen it froze again.

What exact form/type of media software were you using to view the movie ?

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan...

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted right-click on it and select Run as Administrator to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files (x86)/ESET/ESET Online Scanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

#23
ntlyke

ntlyke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Finally found something. But to be honest I dont think these occur that problem because I had all listed files for 2 years and it worked perfectly.

LOG :

[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7c4a1640aba9a9438b6d2d53199ea9d7
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-11-05 02:42:59
# local_time=2012-11-05 03:42:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=770 16774141 100 97 917397 128782322 0 0
# compatibility_mode=5893 16776573 100 94 212515 103702300 0 0
# compatibility_mode=8192 67108863 100 0 3763 3763 0 0
# scanned=234598
# found=7
# cleaned=0
# scan_time=10929
C:\Program Files\Alwil Software\Avast5\ashBase.dll a variant of Win32/Packed.VMProtect.AAA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Soner\Desktop\Portfolio\enson\Corel DRAW Graphics Suite X5 EN + KEYGEN [bertbosi]\keygen\Corel Graphics Suit X5 Keygen.exe a variant of Win32/Keygen.AF application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Soner\Documents\Vuze Downloads\Corel Draw graphic suite X5 with Keygen\Keygen.exe a variant of Win32/Keygen.AF application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Soner\Downloads\DTLite4454-0316.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Soner\Downloads\SoftonicDownloader_for_everest.exe a variant of Win32/SoftonicDownloader.E application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Soner\Downloads\WinZip170.exe a variant of Win32/OpenInstall application (unable to clean) 00000000000000000000000000000000 I
${Memory} a variant of Win32/Packed.VMProtect.AAA trojan 00000000000000000000000000000000 I
  • 0

#24
ntlyke

ntlyke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
by the way I was watching online, so can we call it 'Flash'? Those streaming webplayers. But sometimes it freezes when I browse non flash websites.
  • 0

#25
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

My sincere apologies for the delay, unforeseen circumstances I'm afraid...

Finally found something. But to be honest I dont think these occur that problem because I had all listed files for 2 years and it worked perfectly

They will have to be removed per this forums Terms of Use regarding such software, plus the memory related infection will require addressing also.

by the way I was watching online, so can we call it 'Flash'? Those streaming webplayers. But sometimes it freezes when I browse non flash websites.

Feasible it is Adobe Flash Player related as in the installation may be damaged and or the aforementioned memory related infection. Also can you inform myself in your next reply which browser you have been using when the lock-ups have occurred ?

Disable Windows Defender:

  • Launch Windows Defender via Start(Windows 7 Orb), Control Panel, Windows Defender and go to Tools >> Options.
  • There will be a list of configuration options.
  • Scroll down to the end of the list to Administrator options.
  • De-select the Use Windows Defender box and press the Save button.
  • Now you will receive a notification saying that Windows Defender is turned off.
  • Click on Save then Close on the Notification that appears.
A graphical tutorial explaining the above can be viewed here.

You may re-enable this when I give the all clear, though personally I would leave it disabled as it is not a particularly effective application and unfortunately it cannot be uninstalled because it is a integral part of the Windows 7 Operating System

Uninstall Avast:

Follow the instructions here to fully remove your presently installed/out of date version of Avast(we will be updating shortly).

Re-scan with ESET Online Scanner:

Re-run the ESET Online Scanner again per my prior instruction in post #22. Though this time no need to disable anything as we have just removed Avast.

Ensure the option Remove found threats is checked, when completed post the new log in your next reply.

Download/reinstall Avast:

Download and install Avast! Free Antivirus 7.0.1474 from here.
  • 0

Advertisements


#26
ntlyke

ntlyke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
I was using Google Chrome when all (I guess all of them) these problems occured. But however, twice it froze on Skype full screen video call.



[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7c4a1640aba9a9438b6d2d53199ea9d7
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-11-05 02:42:59
# local_time=2012-11-05 03:42:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=770 16774141 100 97 917397 128782322 0 0
# compatibility_mode=5893 16776573 100 94 212515 103702300 0 0
# compatibility_mode=8192 67108863 100 0 3763 3763 0 0
# scanned=234598
# found=7
# cleaned=0
# scan_time=10929
C:\Program Files\Alwil Software\Avast5\ashBase.dll a variant of Win32/Packed.VMProtect.AAA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Soner\Desktop\Portfolio\enson\Corel DRAW Graphics Suite X5 EN + KEYGEN [bertbosi]\keygen\Corel Graphics Suit X5 Keygen.exe a variant of Win32/Keygen.AF application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Soner\Documents\Vuze Downloads\Corel Draw graphic suite X5 with Keygen\Keygen.exe a variant of Win32/Keygen.AF application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Soner\Downloads\DTLite4454-0316.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Soner\Downloads\SoftonicDownloader_for_everest.exe a variant of Win32/SoftonicDownloader.E application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Soner\Downloads\WinZip170.exe a variant of Win32/OpenInstall application (unable to clean) 00000000000000000000000000000000 I
${Memory} a variant of Win32/Packed.VMProtect.AAA trojan 00000000000000000000000000000000 I
[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7c4a1640aba9a9438b6d2d53199ea9d7
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-11-06 08:06:37
# local_time=2012-11-06 09:06:37 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=768 16777215 100 0 3845 3845 0 0
# compatibility_mode=5893 16776574 100 94 66887 103852927 0 0
# compatibility_mode=8192 67108863 100 0 154390 154390 0 0
# scanned=234592
# found=5
# cleaned=5
# scan_time=9320
C:\Users\Soner\Desktop\Portfolio\enson\Corel DRAW Graphics Suite X5 EN + KEYGEN [bertbosi]\keygen\Corel Graphics Suit X5 Keygen.exe a variant of Win32/Keygen.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Soner\Documents\Vuze Downloads\Corel Draw graphic suite X5 with Keygen\Keygen.exe a variant of Win32/Keygen.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Soner\Downloads\DTLite4454-0316.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Soner\Downloads\SoftonicDownloader_for_everest.exe a variant of Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Soner\Downloads\WinZip170.exe a variant of Win32/OpenInstall application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  • 0

#27
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

I was using Google Chrome when all (I guess all of them) these problems occured. But however, twice it froze on Skype full screen video call.

Acknowledged, for now run the below scan for me please...

Security Application Check:

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1
Link 2

  • Right-click SecurityCheck.exe and select Run as Administrator then follow the on-screen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document in your next reply.

  • 0

#28
ntlyke

ntlyke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.4.402.287
Mozilla Firefox (16.0.2)
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
  • 0

#29
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

Let update some software as follows shall we...

Download and install FileHippo Update Checker from here.

Once installed >> Click on Start(Windows 7 Orb) >> All Programs >> Update Checker >> a browser window will open after the scan is complete.

Download any updates detected to the desktop >> uninstall anything that requires updating via Programs and Features in the Control Panel.

Re-install the updated software...

When completed the above let myself know and we will go from there, thank you.

Note: When I give the all clear my advice would be to consider keeping FileHippo Update Checker installed. Then periodically use it to check for any updates as having certain software outdated is a potential for malware to gain a foothold and exploit a system etc.
  • 0

#30
ntlyke

ntlyke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
All done.

Skype, Flash Player and Daemon Tools were to be updated but only re-installed the Flash nothing more (deleted others).

And also havent changed anything for the BETA uploads (Chrome & Firefox)

Thanks.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP