| |
| |||||||
Log-Analyse und Auswertung: Infizierung mit locked-TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.06.2012, 21:14
| #1 |
 |  Infizierung mit locked-Trojaner Hallo Leute, heute morgen wurde bei mir der Verschlüsselungstrojaner aktiv. Aufgefallen ist es mir, als diverse Programme nicht mehr starten wollten. Bei meiner Fehlersuche habe ich dann die schönen "locked-"-Dateien bemerkt. Obwohl er wohl nur ca. 12min aktiv war, bevor ihn MSE in Quarantäne gesteckt hat, hat er über 50.000 Dateien verschlüsselt, die ich aber mit dem Decrypter-Tool wieder herstellen konnte. Es folgen die OTL-Logfiles: OTL.txt: OTL logfile created on: 06.06.2012 21:51:47 - Run 1 OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\***\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,97 Gb Total Physical Memory | 4,82 Gb Available Physical Memory | 60,51% Memory free 15,94 Gb Paging File | 13,04 Gb Available in Paging File | 81,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 73,05 Gb Free Space | 7,84% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 58,59 Gb Free Space | 6,29% Space Free | Partition Type: NTFS Computer Name: COMPUTER677 | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.06 14:51:41 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.03.29 13:45:40 | 001,626,952 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe PRC - [2012.03.29 13:43:16 | 000,545,608 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe PRC - [2012.03.29 13:43:16 | 000,267,080 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe PRC - [2012.03.29 13:43:14 | 000,537,416 | ---- | M] (PacketVideo) -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe PRC - [2012.03.20 00:58:52 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe PRC - [2012.02.14 21:25:37 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2012.02.14 21:25:28 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.09.14 15:48:20 | 000,230,696 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.03.31 16:08:14 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2010.11.17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.10.05 09:32:58 | 001,811,800 | ---- | M] (Logitech(c)) -- C:\Program Files (x86)\Logitech\G35\G35.exe ========== Modules (No Company Name) ========== MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc) SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.05.19 16:42:43 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.05.06 02:47:33 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.29 13:43:16 | 000,545,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe -- (TwonkyProxy) SRV - [2012.03.29 13:43:16 | 000,267,080 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe -- (TwonkyWebDav) SRV - [2012.03.29 13:43:14 | 000,537,416 | ---- | M] (PacketVideo) [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe -- (TwonkyServer) SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.28 00:06:48 | 003,280,208 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\Defrag\oodag.exe -- (OODefragAgent) SRV - [2012.02.14 21:25:37 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2012.02.14 21:25:28 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.22 15:59:00 | 000,024,576 | ---- | M] (Realtek Semiconductor.) [Auto | Stopped] -- C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe -- (SetupARService) SRV - [2011.09.02 06:13:49 | 000,292,136 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service) SRV - [2011.09.02 06:13:47 | 000,075,048 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service) SRV - [2011.08.24 03:13:43 | 000,083,240 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD) SRV - [2011.06.17 09:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011.05.03 19:57:33 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc) SRV - [2011.03.31 16:08:14 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010.11.20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.01 15:02:56 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.08.23 22:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.04.30 13:59:32 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2011.04.30 13:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.04.30 13:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.12.10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.11.22 09:09:06 | 000,303,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx) DRV:64bit: - [2010.11.22 09:09:06 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons) DRV:64bit: - [2010.11.20 15:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 15:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 13:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd) DRV:64bit: - [2010.11.20 13:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs) DRV:64bit: - [2010.11.09 14:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2010.10.19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.09.29 11:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys -- (LADF_SBVM) DRV:64bit: - [2010.09.29 11:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys -- (LADF_DHP2) DRV:64bit: - [2010.09.07 04:37:26 | 000,121,432 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2010.08.24 19:28:24 | 000,030,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd) DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010.06.09 18:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nm3.sys -- (nm3) DRV:64bit: - [2010.04.27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid) DRV:64bit: - [2010.04.27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum) DRV:64bit: - [2010.04.27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore) DRV:64bit: - [2010.04.27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter) DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.11.01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl) DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV - [2011.10.25 12:14:06 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2011.09.02 12:08:46 | 000,148,976 | ---- | M] (CyberLink Corp.) [2011/10/20 10:54:49] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) DRV - [2011.08.24 03:13:44 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD) DRV - [2011.01.06 12:06:56 | 000,011,888 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Setup Files\Ms7681v1G0\NTIOLib_X64.sys -- (NTIOLib_1_0_6) DRV - [2010.10.22 10:37:36 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys -- (NTIOLib_1_0_4) DRV - [2010.07.01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2010.05.10 10:44:40 | 000,033,592 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys -- (MSI_MSIBIOS_010507) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C5 AF DA FE E7 F4 CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = {5E0392FD-BFF4-4931-AFF0-2B13B19635EC} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{5E0392FD-BFF4-4931-AFF0-2B13B19635EC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files (x86)\Downloader\npdd.dll (Metaboli) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.18 19:47:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.20 01:58:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.19 16:20:44 | 000,000,000 | ---D | M] [2011.11.08 18:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.11.08 18:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [2012.05.20 01:58:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\y418s5aa.default\extensions [2011.04.07 11:20:20 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\y418s5aa.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB} [2011.05.26 11:02:50 | 000,000,000 | ---D | M] ("DHL Packstation Bestellhelfer") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\y418s5aa.default\extensions\{ff0981f1-9827-44a3-88cd-e760430793c9} [2011.08.09 12:16:31 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\y418s5aa.default\extensions\DeviceDetection@logitech.com [2011.08.05 22:26:12 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\y418s5aa.default\extensions\https-everywhere@eff.org [2012.05.20 01:58:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.05 10:13:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {D6E0063B-7B09-45C9-A51D-1FB51840EBE0} - No CLSID value found. O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [OODefragTray] C:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c)) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [KeePass Password Safe 2] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKCU..\Run: [ncid.Net] "C:\Program Files (x86)\ncid.Net\ncid.Net.exe" wait File not found O4 - HKCU..\Run: [TVgenial] C:\Program Files (x86)\TVgenial\TVgenial.exe (ARAKON TVgenial Systems GbR) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Add to Playlist - res://C:\Program Files (x86)\Twonky\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/314 File not found O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Add to Playlist - res://C:\Program Files (x86)\Twonky\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/314 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{351D8CE3-E5D2-4ED1-8315-AA4EDD4663F1}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64B4B76D-4E68-4B4E-B387-020CD9EC3264}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{63d9be46-6082-11e0-8228-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{63d9be46-6082-11e0-8228-806e6f6e6963}\Shell\AutoRun\command - "" = E:\DVDSetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.06 14:33:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.06.06 14:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.06 14:33:29 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.06 14:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.06 14:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.06 11:32:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Rprmdwdo [2012.06.05 19:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Her Interactive [2012.06.05 18:34:36 | 000,000,000 | ---D | C] -- C:\CloneDVDTemp [2012.06.05 18:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Elaborate Bytes [2012.06.05 18:06:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes [2012.06.05 17:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft [2012.06.05 17:51:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlySoft [2012.06.01 15:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2012.05.26 20:08:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\FLT [2012.05.24 17:03:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ZinioTabletReader [2012.05.22 17:18:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1 [2012.05.20 01:58:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.05.20 01:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.05.19 16:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.05.19 16:20:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.05.09 20:25:29 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.05.09 18:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.05.09 18:06:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2012.05.09 18:06:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.05.09 18:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.06 21:54:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2332116217-2143763194-2837301324-1000UA.job [2012.06.06 21:51:38 | 000,000,250 | ---- | M] () -- C:\Windows\Brownie.ini [2012.06.06 21:49:39 | 000,000,168 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.06.06 21:47:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.06 21:06:36 | 000,002,765 | ---- | M] () -- C:\Users\Public\Desktop\QuickKontoblatt 2012.lnk [2012.06.06 21:06:36 | 000,002,759 | ---- | M] () -- C:\Users\Public\Desktop\Quicken DELUXE 2012.lnk [2012.06.06 21:06:36 | 000,002,739 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2012 Zahlungserinnerung.lnk [2012.06.06 21:04:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.06 21:01:08 | 000,000,083 | ---- | M] () -- C:\ProgramData\.zreglib [2012.06.06 21:01:08 | 000,000,011 | ---- | M] () -- C:\ProgramData\.tv6 [2012.06.06 19:20:52 | 000,007,604 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.06.06 19:20:49 | 000,000,847 | ---- | M] () -- C:\Users\***\.recently-used.xbel [2012.06.06 19:10:50 | 001,805,536 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.06 19:10:50 | 000,774,964 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.06 19:10:50 | 000,716,104 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.06 19:10:50 | 000,175,598 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.06 19:10:50 | 000,143,440 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.06 19:10:35 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.06 19:10:35 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.06 19:08:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.06 19:03:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.06 19:03:11 | 2122,235,903 | -HS- | M] () -- C:\hiberfil.sys [2012.06.06 19:03:09 | 000,122,929 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2012.06.06 17:54:05 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2332116217-2143763194-2837301324-1000Core.job [2012.06.06 11:44:50 | 000,007,604 | ---- | M] () -- C:\Users\***\AppData\Local\locked-Resmon.ResmonCfg.xgpf [2012.06.06 11:43:54 | 000,000,847 | ---- | M] () -- C:\Users\***\locked-.recently-used.xbel.anxj [2012.06.06 11:43:22 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\locked-00002C3C.LCS.tkfo [2012.06.06 11:42:24 | 000,000,083 | ---- | M] () -- C:\ProgramData\locked-.zreglib.cyyp [2012.06.06 11:42:24 | 000,000,011 | ---- | M] () -- C:\ProgramData\locked-.tv6.rntp [2012.06.05 18:26:31 | 1805,090,816 | ---- | M] () -- C:\Users\***\Documents\DVD.ISO [2012.06.05 18:26:31 | 000,004,316 | ---- | M] () -- C:\Users\***\Documents\DVD.MDS [2012.06.05 18:21:54 | 2578,579,455 | ---- | M] () -- C:\Users\***\Documents\SAFE_FACHPUBLIKUM.ISO [2012.06.05 18:21:54 | 000,008,430 | ---- | M] () -- C:\Users\***\Documents\SAFE_FACHPUBLIKUM.MDS [2012.06.04 17:33:35 | 000,000,040 | ---- | M] () -- C:\Windows\RUNAWAY2.INI [2012.06.01 15:10:31 | 000,000,856 | ---- | M] () -- C:\Users\***\Desktop\Max Payne 3.lnk [2012.05.26 20:08:39 | 000,001,155 | ---- | M] () -- C:\Users\***\Desktop\DiRT Showdown.lnk [2012.05.25 18:12:16 | 000,000,220 | ---- | M] () -- C:\Users\***\Desktop\Sid Meier's Civilization V.url [2012.05.22 20:55:33 | 000,000,220 | ---- | M] () -- C:\Users\***\Desktop\Hitman Blood Money.url [2012.05.19 16:11:11 | 000,001,061 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.05.09 20:27:07 | 000,001,594 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF [2012.05.09 16:53:32 | 000,357,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.06 21:49:39 | 000,000,168 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.06.06 21:06:36 | 000,002,765 | ---- | C] () -- C:\Users\Public\Desktop\QuickKontoblatt 2012.lnk [2012.06.06 21:06:36 | 000,002,759 | ---- | C] () -- C:\Users\Public\Desktop\Quicken DELUXE 2012.lnk [2012.06.06 21:01:08 | 000,000,083 | ---- | C] () -- C:\ProgramData\.zreglib [2012.06.06 21:01:08 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv6 [2012.06.06 19:20:52 | 000,007,604 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.06.06 19:20:49 | 000,000,847 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2012.06.05 18:26:31 | 000,004,316 | ---- | C] () -- C:\Users\***\Documents\DVD.MDS [2012.06.05 18:23:16 | 1805,090,816 | ---- | C] () -- C:\Users\***\Documents\DVD.ISO [2012.06.05 18:21:54 | 000,008,430 | ---- | C] () -- C:\Users\***\Documents\SAFE_FACHPUBLIKUM.MDS [2012.06.05 18:08:36 | 2578,579,455 | ---- | C] () -- C:\Users\***\Documents\SAFE_FACHPUBLIKUM.ISO [2012.06.05 17:54:50 | 000,000,083 | ---- | C] () -- C:\ProgramData\locked-.zreglib.cyyp [2012.06.04 17:33:35 | 000,000,040 | ---- | C] () -- C:\Windows\RUNAWAY2.INI [2012.06.01 15:31:40 | 000,000,856 | ---- | C] () -- C:\Users\***\Desktop\Max Payne 3.lnk [2012.05.26 20:08:39 | 000,001,155 | ---- | C] () -- C:\Users\***\Desktop\DiRT Showdown.lnk [2012.05.25 18:12:16 | 000,000,220 | ---- | C] () -- C:\Users\***\Desktop\Sid Meier's Civilization V.url [2012.05.24 17:03:46 | 000,002,975 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zinio Tablet Reader Beta.lnk [2012.05.22 20:55:33 | 000,000,220 | ---- | C] () -- C:\Users\***\Desktop\Hitman Blood Money.url [2012.05.19 16:11:11 | 000,001,061 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.05.09 20:26:11 | 000,001,594 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.02.17 18:03:35 | 000,000,087 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.12.22 15:58:26 | 000,000,974 | ---- | C] () -- C:\Windows\SysWow64\setup.ini [2011.12.22 15:58:26 | 000,000,473 | ---- | C] () -- C:\Windows\SysWow64\layout.bin [2011.12.11 05:03:58 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.12.11 05:03:58 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.10.28 11:40:48 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.10.01 00:01:25 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.07.28 23:35:45 | 000,000,040 | ---- | C] () -- C:\Windows\RUNAWAY.INI [2011.07.27 12:50:24 | 000,007,604 | ---- | C] () -- C:\Users\***\AppData\Local\locked-Resmon.ResmonCfg.xgpf [2011.07.25 13:51:40 | 000,038,439 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2011.06.29 15:24:56 | 000,000,371 | ---- | C] () -- C:\Windows\lgfwup.ini [2011.06.15 21:31:58 | 000,000,011 | ---- | C] () -- C:\ProgramData\locked-.tv6.rntp [2011.05.14 02:52:16 | 000,000,000 | ---- | C] () -- C:\Windows\Secrets.INI [2011.05.09 02:53:32 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011.04.29 10:43:46 | 000,000,087 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc [2011.04.24 00:27:28 | 000,000,062 | ---- | C] () -- C:\Windows\nfsc_patch.ini [2011.04.17 08:21:56 | 000,000,021 | ---- | C] () -- C:\Windows\Quicken.ini [2011.04.09 22:03:14 | 000,005,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.07 23:30:24 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2011.04.07 23:30:24 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini [2011.04.07 23:30:24 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2011.04.07 23:30:22 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2140.INI [2011.04.07 23:29:39 | 000,000,250 | ---- | C] () -- C:\Windows\Brownie.ini [2011.04.07 23:27:07 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.04.07 23:27:07 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2140.DAT [2011.04.07 13:50:15 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.04.07 13:50:13 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.04.06 22:14:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.04.06 21:44:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.04.06 21:43:32 | 001,830,866 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.10.21 14:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll [2010.10.21 14:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll [2010.10.21 14:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll ========== LOP Check ========== [2012.05.07 00:48:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.mono [2011.10.23 23:06:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\2K Sports [2011.06.23 14:29:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Activision [2012.02.08 21:34:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2012.01.18 12:06:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BigHugeEngine [2012.04.04 15:57:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\bizarre creations [2011.10.23 15:46:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BlackBean [2011.07.08 12:44:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Brawsome [2011.08.04 17:15:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Kane's Wrath [2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command and Conquer 4 [2011.07.31 14:40:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ContentGuard [2012.06.06 19:08:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2011.04.17 08:30:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DataDesign [2012.06.06 19:09:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2011.05.26 14:55:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EAC [2011.07.26 23:50:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ESM-Tools [2012.06.02 15:01:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2011.07.28 11:57:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GoContactSyncMOD [2012.04.23 22:47:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GOG.com [2012.04.03 01:38:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2011.08.15 19:11:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ivacy [2012.05.02 17:49:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Kalypso Media [2012.06.06 19:22:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass [2011.04.06 22:22:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2012.04.11 13:56:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LegacyInteractive [2011.04.17 08:28:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexware [2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LucasArts [2012.04.27 17:01:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda [2012.02.29 14:05:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mkvtoolnix [2012.03.05 20:43:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag [2011.05.13 14:51:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MusicBee [2012.04.18 21:27:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MysteryStudio [2012.03.27 15:19:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2011.10.21 14:40:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin [2011.07.28 11:27:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Outlook [2012.05.07 00:51:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pole Position 2012 [2011.04.22 01:35:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PQube [2011.12.07 16:56:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDISC [2011.12.03 11:36:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PunkBuster [2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Red Alert 3 [2012.04.15 22:52:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Red Alert 3 Uprising [2012.06.06 19:01:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rprmdwdo [2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\runic games [2011.11.08 18:21:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Songbird2 [2012.03.30 10:54:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tropico 4 [2011.08.10 09:47:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tropico 4 Demo [2011.12.19 21:40:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2012.06.06 19:21:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TVgenial [2012.04.28 17:13:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TwonkyMedia [2012.04.28 17:10:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TwonkyServer [2012.03.16 22:00:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft [2012.06.05 19:14:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent [2012.05.22 17:18:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1 [2011.12.08 13:10:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1.bak [2012.04.01 01:42:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1.sic [2012.03.15 00:50:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1.sic2 [2009.07.14 07:08:49 | 000,027,846 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:364682BC < End of report > extras.txt: OTL Extras logfile created on: 06.06.2012 21:51:47 - Run 1 OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\***\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,97 Gb Total Physical Memory | 4,82 Gb Available Physical Memory | 60,51% Memory free 15,94 Gb Paging File | 13,04 Gb Available in Paging File | 81,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 73,05 Gb Free Space | 7,84% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 58,59 Gb Free Space | 6,29% Space Free | Partition Type: NTFS Computer Name: COMPUTER677 | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .ini [@ = Notepad++_file] -- Reg Error: Key error. File not found .txt [@ = Notepad++_file] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07079019-BAC2-408D-8BE2-0613F94B82DA}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{08C8B36B-515D-4AEC-B6C9-F33548CEF89F}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{1A38F24D-438C-472B-88E6-6F8D4A6B6B3C}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{1F370DF9-FAD4-407C-A33D-5F084AC36979}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1F9A2A7A-AFDA-4A4E-88A6-62FC23EB0157}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2DAC6330-BA79-41CC-ADD9-83935F7A1C9A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{30957B6C-EE69-4F41-86DA-82DD4E3E36FD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{4321DA8A-C18B-4D43-A244-A9B850B8BE12}" = rport=10243 | protocol=6 | dir=out | app=system | "{4A9E6A18-D19F-4EFF-9BEB-9108F3320185}" = lport=138 | protocol=17 | dir=in | app=system | "{4BD71C72-2D6F-4C80-AA7B-E64C9017416D}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{556A9AE2-49A0-4AD4-9139-845AD749794E}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{5843E091-B4D3-4E3F-8BC0-164C9BF1EE40}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5AF51FC0-F305-431F-8ECD-DD623A1A9537}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{5DA53699-BE38-4DC0-A69D-08FDF13E01C8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{623F3DFF-8536-4DDF-B5D8-2F4C68F796FC}" = lport=3333 | protocol=6 | dir=in | name=network caller id | "{6262B7E5-B5DA-40E1-ABF8-6C1E5360DC01}" = lport=10243 | protocol=6 | dir=in | app=system | "{6344BAB9-3AC9-4848-AD40-8B0A734BA970}" = rport=445 | protocol=6 | dir=out | app=system | "{6749B654-7187-4D0C-A965-ED4932C6C68E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{6ABA42A5-B5BA-45A1-B878-B568C7592DC6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{72A47412-350B-4E6E-9E1E-1C791561C6ED}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7334FFCF-D383-486D-9019-03FF3105F6A6}" = lport=445 | protocol=6 | dir=in | app=system | "{99468133-9119-4922-A378-FB0B4470B40C}" = rport=139 | protocol=6 | dir=out | app=system | "{9D8B3644-034F-4B08-9F00-D447BE477C97}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9DA1E87B-24DA-4A97-B78A-6B6BB9650B8D}" = lport=139 | protocol=6 | dir=in | app=system | "{A4297212-A50F-49AD-AAA6-93F53CA07633}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AA331C79-7D8D-4285-A83E-F496F4D09E31}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B0121EE2-CF39-4BFE-8B6B-14C854176376}" = rport=138 | protocol=17 | dir=out | app=system | "{B257455F-1FEE-437E-A0E6-D2CB1D7F25BB}" = lport=2869 | protocol=6 | dir=in | app=system | "{BE7E4A75-6959-4599-A72D-DE192E0DD36B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BEE13D73-AA7F-44D1-9E04-7AEE00B26A34}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C089FAB7-71E7-46AD-920B-C7D76535EF83}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C1B16FB1-B9B5-429D-B508-6736F9C325FB}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{C4E010E2-C0A7-4F84-A6EC-54C7F119B9EF}" = lport=137 | protocol=17 | dir=in | app=system | "{CBBCC64A-975D-478B-8EBF-2BDF63C54FB7}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{D4C9C895-A1FA-4FF0-ACDD-16DEE20DC580}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DE05AF0F-96CA-4F1F-B026-A09E1B140F86}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E368BB7A-EB39-451D-B5A2-C1D244026BEE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F939E50F-FB5A-47AD-B3BE-1F10FB9DE00A}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04ADBA1F-054D-401D-B087-BDE7DE3249AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{0525FA8A-B6B5-4C47-BE58-43DDAF05A26F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe | "{05993B37-B41E-4C36-B247-FC9A7AE5F15A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{0645547D-CFB5-4348-8FAE-1EF0E4338E9E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe | "{07E27360-33CD-4402-BBCF-AB894EEF3547}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe | "{07FD1051-7026-4E8E-90F9-8EF3EA7730E8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{099CF369-DEA5-4D03-8199-492200764006}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{09E12737-0FCB-4885-B69B-F02F1E058549}" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkystarter.exe | "{09E5888C-5AE6-4BCA-9325-B67E6CE64D8C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{0A5219A5-9D30-4C9B-9CE4-98616766BB3C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\powerdvd11.exe | "{0ADCE080-F620-46F5-9A25-1AAF92C38270}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{0C675F38-A85C-4789-B8DA-9F931BE22B9F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{0C796A86-8925-4974-8E3C-6BE0CE199D26}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\need for speed the run limited edition\need for speed the run.exe | "{10EC6CDB-4DE7-4245-B530-A6C142E00E9F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\pdvd11serv.exe | "{11407DE3-13B8-46EE-9917-9286D37053D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\syberia\game.exe | "{1162D98C-5280-4347-A441-A90B2A1478BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{11D10033-B046-4624-B106-14CFF7FB4C45}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\virtua tennis 4\launcher.exe | "{11FD4058-1C54-4209-8C4C-8BF13A4D6EDB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{12470128-3837-4775-A030-8E3557F5BFD4}" = protocol=6 | dir=in | app=d:\spiele\dragon age 2\dragonage2launcher.exe | "{12844895-7DFD-401B-A507-18F0892920F6}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\need for speed™ undercover\nfs.exe | "{135B0A2E-8404-475A-A121-EC1419B6C33D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\from dust\from_dust.exe | "{141CDC0D-25ED-4465-B9A2-5081A3541075}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\driver parallel lines\driverparallellines.exe | "{14E7EA8E-EAB7-4B75-A64D-6DC46B6FFE82}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | "{150DDEB9-7DBB-4527-9D26-A9ED8B905247}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe | "{1593C7B6-0106-4EC4-B31D-E7AA57B78F73}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{164C4E47-6FD9-4C42-9D5E-8C7042839782}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm | "{164FE90D-73BB-4C95-9123-E132F56DE4AD}" = protocol=17 | dir=in | app=d:\spiele\dragon age 2\dragonage2launcher.exe | "{1712AB36-DA9D-43D0-8A72-76CB718BAA27}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{17BB54B6-887D-4A9D-9D18-2617E964E98A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 2\dirt2.exe | "{1888AB9E-19C2-43EC-B857-FEBCCEAB0EC3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\runaway the dream of the turtle\runawaytdott.exe | "{18D8DE57-F464-427D-9477-D8D61F4942E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe | "{1A917D5E-8146-458F-8DF8-6B8B15F452F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction armageddon\redfactionarmageddon_dx11.exe | "{1B7221DF-FEE7-4DE7-BD60-FA2CBD939000}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt showdown demo\showdown_demo.exe | "{1BD7B623-D5DF-4240-A3A6-4679D3C48BD7}" = dir=out | app=%programfiles% (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{1BDB0691-51D4-4502-B0B4-7127CE393629}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt\dirt.exe | "{1C209ED9-4275-4190-84F4-BEB0911B625C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction armageddon\rf4_launcher.exe | "{1C890F70-88BF-4CC5-90C7-0876B998B1AF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe | "{1E6507AA-0DFB-491C-A557-E3AC8401EF15}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\mass effect(tm)\masseffectlauncher.exe | "{1ED31DE8-E8E3-4283-B8AB-4BDFD06E3EAB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe | "{219E2E7A-C2FF-48AE-A0CD-B8486800BD67}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\mass effect 3\binaries\win32\masseffect3.exe | "{22F226AC-7CAA-4A70-A1BB-0E2593F0AF45}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\driver parallel lines\driverparallellines.exe | "{23FA060C-C421-47E8-A29D-DB4E28E2E9D0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe | "{27251798-0761-42C8-8390-ED37C3CDC8FD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | "{27C2AA02-979D-40C7-A998-D8B88B9E8AE3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\runaway the dream of the turtle\runawaytdott.exe | "{29EBAC88-A5AF-4B4B-BE20-905590270885}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2A28412B-7473-4CC2-B605-40E2B4204991}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\broken sword 3\bstsd.exe | "{2A2B39AA-4E89-4BB0-BCBC-DA16DB162026}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe | "{2AC9DF9F-6DC9-4CE9-9291-8949F087D3AE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2ACDACF4-F219-4CBB-A038-1F3DCE73E237}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\runlauncher.bat | "{2CB80525-0947-43E4-9A40-81B1C1910F0E}" = dir=out | app=%programfiles% (x86)\kalypso media\port royale 3\appdata.exe | "{2D99E0AE-5DDE-4835-BC34-32F35CC247ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bully scholarship edition\bully.exe | "{2F33FA62-F41D-4BCA-9A46-7F6214471426}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\fifa soccer 12\game\fifa.exe | "{2FAD90F3-580F-4F6A-B636-A125653B9EAC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{3060B90D-D667-463A-ADE6-A07BDD40278C}" = protocol=17 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | "{30DF4119-4EB3-41D1-AE80-2114757C44EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{316AE8BE-2152-4198-BDE0-CD59725650DE}" = protocol=17 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\acrmp.exe | "{32671100-BFB0-49F9-B6F9-C1EFAE4115F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe | "{3373A350-9F4E-4CFC-8804-87C2AC5C9CAE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe | "{34610804-991F-4C3E-B23B-FED8BF1973B3}" = dir=in | app=%programfiles% (x86)\kalypso media\port royale 3\appdata.exe | "{355C5BB7-EC98-4006-B626-25454721524D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe | "{36F682D9-25E8-4BE4-AEE5-AEDB2DE0442B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{37136F2B-2037-441E-BA54-1D169789B3C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{391EEC7F-C63D-4C88-90AB-A77702AE5D9C}" = protocol=6 | dir=in | app=c:\program files (x86)\packetvideo\twonkybeam\tmslite\tms-beam.exe | "{3A1C45DC-6486-4EAD-BE19-14267627B805}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | "{3A31BB95-6394-4414-9578-EBE973EB150E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the guild 2 renaissance\guildii.exe | "{3A847941-7FC4-45AE-A4B0-EA552A60B82D}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\need for speed™ undercover\nfs.exe | "{3B5931A7-F0B7-41F8-91D9-72883878BBAB}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{3B73D5F8-B18C-434A-82FF-AD45B23F73DE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\virtua tennis 4\vt4.exe | "{3C032F4B-655A-4A9A-BD03-60D730DB52D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe | "{3C2CD206-5BFD-4A5B-B4C2-1484D1236816}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe | "{3D0E8693-37D2-4796-9B57-D423ABAFA74D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\broken sword 3\bstsd.exe | "{3D810912-FC51-4F7B-98ED-0553A2CE225D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{3F585BC1-BB00-41F6-8A07-FD5E401C4E3E}" = dir=in | app=c:\program files (x86)\kalypso media\port royale 3\portroyale3.exe | "{4003D9B2-938A-41F4-9B4E-0659A00673CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe | "{405EA4E4-DA51-4237-BC21-E5FFC0C74088}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bully scholarship edition\bully.exe | "{42F3C16B-1961-4788-A07D-EF60A8940A38}" = dir=in | app=d:\spiele\electronic arts\command & conquer 3 kane's wrath\retailexe\1.2\cnc3ep1.dat | "{43047640-C09E-43C9-A9F3-200799D0E4BA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{43472933-6F8A-4CDA-BE66-8D6679CD1C30}" = protocol=6 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\acrmp.exe | "{44D88226-BA0D-49BA-BE66-4CC4533F59A3}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\mass effect 3\binaries\win32\masseffect3.exe | "{45B886E1-CFA9-4A9F-A71E-F303B884A0F9}" = protocol=6 | dir=in | app=d:\spiele\codemasters\dirt 3\dirt3_game.exe | "{45F29B69-AD57-4913-9172-B295D509F33F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe | "{471982BB-CACB-4823-B574-6D4C6A188701}" = protocol=6 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | "{476F5E53-3376-4B71-80D1-3C1D90B1F559}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{48C03F16-7EA5-4A71-A5A2-99BE17AAFA30}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\broken sword 2\brokensword.bat | "{4923689B-E19C-4E81-ABCB-7BC1B19422D8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{4961B935-6CFF-4C45-A8EA-79ADA9A4E3C2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oblivion\oblivionlauncher.exe | "{4AB68D1C-CC19-4712-A851-74FC7B206CDD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt\dirt.exe | "{4C489DC8-03CB-4AFF-9CC9-C728F0425591}" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkybeam\tmslite\tms-beam.exe | "{4C973D36-F89E-48B1-A1F7-F9C0417995CF}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\need for speed the run limited edition\need for speed the run.exe | "{4D2C3CCD-FB74-4FE6-B459-E9FC98C8473B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\syberia 2\game.exe | "{4D632E11-E404-4512-BB92-4FBBAECA3D41}" = protocol=6 | dir=in | app=d:\spiele\rockstar games\eflc\launcheflc.exe | "{4E460486-E7B9-4391-8376-8A7B8599C60A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{52F4DAB4-401D-4C9A-9F37-9AE83CD789A9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{53367FC4-887C-4955-B11E-4919D370681F}" = protocol=17 | dir=in | app=d:\spiele\disney interactive studios\split second\splitsecond.exe | "{55B77324-0262-4CCA-8F12-9F3DABDDB655}" = protocol=6 | dir=in | app=c:\program files (x86)\twonkymedia\twonkymediaserverwatchdog.exe | "{56B05415-504B-4231-8EC1-E2F1B79D2955}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe | "{5ADC8666-2B8F-4FF7-A80A-1D0ECA7557D2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5B41B688-1863-47EB-B628-800F9E992709}" = protocol=17 | dir=in | app=d:\spiele\rockstar games\eflc\launcheflc.exe | "{5F982D77-288C-46C3-B15F-DD77E9638AE3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | "{615B5D12-90FC-4187-AFDD-F2035C424523}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\fifa soccer 12\game\fifa.exe | "{62B538B3-63D6-493B-AC76-917996B595E8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{63590C2E-B45B-4B45-9E45-6E84ED50D856}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\f1 2011\f1_2011.exe | "{635BB72D-AD80-4873-8000-7FBEA8981DAB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{688816DF-8BDC-4DAC-90A8-DCD0310E8A1F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | "{6972E647-D906-45C9-AFF5-52AB9064B635}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | "{6D333D5F-5AF7-4666-BB95-4C17DBF13A03}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction armageddon\redfactionarmageddon_dx11.exe | "{6DBEB15B-B7A5-4147-B38C-B07D855D076C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monkey2\monkey2.exe | "{6DC66949-95DA-4F69-9566-CDA40D52053B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{6E0B9818-653E-4817-BD6A-C73712396091}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe | "{6EE0607B-EB92-44B4-8F5D-284C002A81FA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{70935B4B-7045-4190-9F64-B34963AE9587}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops rcon\blackopsrcon.exe | "{717FA88B-1371-4887-BE5B-F71DBD841F0B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe | "{728E6038-57C1-4793-8D94-C8A318FA92D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\syberia 2\game.exe | "{74A285F2-B178-4A39-9D08-BD9186A7D47D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\virtua tennis 4\launcher.exe | "{75810FC5-7FE6-431A-A62E-3871BEC0D31D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt showdown demo\showdown_demo.exe | "{75ED039A-8806-4018-B40D-F127783123A5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe | "{761F2DCE-4978-45C8-931F-A5613DD462BA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{761F8662-42FB-4257-9819-1AB7AC7F3D27}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe | "{77CD4E3B-FA46-4DB2-B9E0-5BE7F3445EAE}" = protocol=6 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\acrsp.exe | "{79C08357-682A-4B9B-B7B8-CBA77BD0CE8A}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\mass effect(tm)\binaries\masseffect.exe | "{7A184AFE-4F31-4D46-847D-C0D7614A339E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction armageddon\rf4_launcher.exe | "{7A7229CB-1493-46B7-90B1-AF6B0F3B6A30}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{7AAF2A73-F880-49DA-AD53-3B7B1C2E22BC}" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkyserver.exe | "{7ABA8879-E537-4D10-8C7A-47F65CB95A60}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\kingdoms of amalur reckoning\reckoning.exe | "{7B29C6E5-32D3-4063-810B-4B8E5ACB48C4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7E818D6E-3796-4897-AC12-B3CE2DFEA16E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{809A0939-5F91-4BB3-AFF5-769CB4055A00}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\docs\ea help\electronic_arts_technical_support.htm | "{80BE146A-CEF2-4B32-B413-316C4ED3FB8B}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{813A7159-7047-4F45-9FED-151ABAC63C92}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe | "{81E9DE97-B87A-4F04-BB17-CC5BD3A8DBC6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{825E8ADC-3D39-4801-8732-4422B2ED5B46}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{831317EC-567D-4816-9626-B87FD10321A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grid\grid.exe | "{831DC34C-B378-48D8-A7CB-3CCB9D051996}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm | "{838C207A-9479-40C5-BF48-BAC6D120A8FB}" = dir=in | app=d:\spiele\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat | "{86A0C8D3-9153-42A3-A6A7-88127DEBBD14}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{8789D27E-3E2F-4386-B9FF-32D23117E6EA}" = protocol=17 | dir=in | app=d:\spiele\codemasters\dirt 3\dirt3_game.exe | "{8862F014-E49A-4729-BF77-C8619803E33C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\runaway a road adventure\video card setup.exe | "{89AF12D7-BC60-4453-9824-FB9C8896FB85}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe | "{8A3D87CB-5FD1-4956-8788-211AB854ACCF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poker night at the inventory\celebritypoker.exe | "{8AA34C69-4F02-447A-948D-2C8BA38CD01D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8C6629E1-F745-4115-B3E6-7409A5254A90}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\driver san francisco\driver.exe | "{931EE64C-E8F3-4C98-972E-F4DF7A7592DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 2070\anno5.exe | "{940D3F3C-9418-493B-905A-48718AF27148}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{95B6E9A8-43A6-465A-BA1F-2E5E0258901A}" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkyserver.exe | "{95E12FE0-04EC-46D7-A24B-DFC6EAA986BB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\docs\ea help\electronic_arts_technical_support.htm | "{96EA3626-2D09-4BE4-8C54-D0D72180935F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{97C0E2DA-F4F5-405B-B95E-7975CE5FFEAC}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\mass effect(tm)\masseffectlauncher.exe | "{97C86014-CE45-4900-BA93-FA7D75E03715}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\runaway a road adventure\video card setup.exe | "{981D9147-4799-4FD7-B4C4-51851A27444A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\broken sword 2\brokensword.bat | "{99C41CC2-6B76-44ED-A52C-B0CAC4DD2A71}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | "{9AF7EB69-B437-49AC-991A-79BF19D74A2F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | "{9E660286-E229-4973-90E7-2B560C083622}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\kingdoms of amalur reckoning demo\reckoningdemo.exe | "{A1A11357-2EC2-4D66-B809-4C533C6FD58C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{A21FFCF0-1396-4A5E-B1BA-F66DAF4F31EE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe | "{A2731423-30E4-4FF7-8AB4-6E689512C273}" = protocol=17 | dir=in | app=c:\program files (x86)\twonkymedia\mediamanager\twonkymediamanager.exe | "{A293111A-2AFC-4EF2-9E58-36BC651F3317}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{A2DFCFA8-F8CC-47C6-B897-6C59A8BB771B}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\mass effect(tm)\binaries\masseffect.exe | "{A35ED826-0627-41C5-995E-E8EA575988CB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A3BB10F3-1F93-4000-8E13-FC776054C107}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oblivion\oblivionlauncher.exe | "{A3C2203C-F31A-43E8-BC2A-CBC9842042F8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe | "{A6029BA6-CBAD-4AEA-B203-B49D2FE71460}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{A6926B6E-A976-4E12-84C9-2D26AC39A8F9}" = protocol=6 | dir=in | app=d:\spiele\dragon age 2\bin_ship\dragonage2.exe | "{A75A9622-4045-4BBF-BB55-80C1A10191E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\runaway a road adventure\runaway.exe | "{A954F3D6-506A-407B-830E-627239187971}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe | "{AA673FD2-6297-4614-8A5D-56D825BBB82A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm | "{AB15EC6C-7123-434E-AC48-B2ECAD36038B}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\need for speed(tm) hot pursuit\launcher.exe | "{AEF87C11-4FA6-4B82-8BE4-6DD77439E481}" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkystarter.exe | "{AF398751-F3D2-4F50-B693-7CB88F99EC6B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | "{AF621AA8-E119-4822-B798-621D0E730C2F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{AF64518B-DD17-4271-8B81-B7E0A8F64D44}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AFC21CE0-506F-4C7E-A314-BE80A82C884D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\runaway the dream of the turtle\video card setup.exe | "{AFCE65D1-19E2-47EB-9287-696A74BD9D04}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe | "{B3981839-C97E-411B-AEF4-2177056A103E}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{B4DB546D-1692-4A6C-903F-ABFA1FD2EB0E}" = dir=out | app=%programfiles% (x86)\kalypso media\port royale 3\portroyale3.exe | "{B5B6327B-B87D-4D36-85E1-2CBCB15F1A65}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum of solace\testapp.exe | "{B6E3D35F-D9E6-47A5-B58D-8DD76DEEE044}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B8EF3ED1-93F1-4EBB-84D1-2D4EC9E20F4D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B9183AD3-940B-49BE-96F2-381FC4A62836}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\test drive unlimited 2\uplauncher.exe | "{B936A981-BDBC-4780-A4FC-3CEBDB35CC9C}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\kingdoms of amalur reckoning demo\reckoningdemo.exe | "{B991BF38-D609-448A-9074-E44A29B6C79A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\binaries\win32\batmanac.exe | "{BA6654FF-448C-4A4D-BDBC-A8B15D0A58B6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 2070\anno5.exe | "{BB8D3DFB-BC0B-4787-A6D9-452FE296A9DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | "{BBA4506A-78A5-4913-836B-7260D281FF70}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{BBDE134F-21C4-4823-B60F-EF1F1C8A8C2E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | "{BC173678-1E9A-4F73-95EE-C0579A4360A0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe | "{BC6DB606-D16E-4BCF-8E36-E77801A8F1D3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 2\dirt2.exe | "{BEB2D249-7A34-4AF0-9340-29693F25983E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the guild 2 renaissance\guildii.exe | "{BF879B39-AD64-4C32-9C4F-BF3F7E2D8415}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bonuscontent\launch.bat | "{BFF439AA-AFA9-4F19-B450-68EA10EAFA29}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{C1234128-62BA-4B34-8F47-6035829F3011}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction armageddon\redfactionarmageddon.exe | "{C1D68001-E69E-4AE6-906C-FF9AD7BD3D61}" = protocol=17 | dir=in | app=c:\program files (x86)\twonkymedia\twonkymediaserverwatchdog.exe | "{C620627F-D63A-440B-89A1-722CD0BD10BE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe | "{C676D494-D493-4319-AF6D-7D3A10E85A0A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C6E39A19-2B15-4EB2-BBFB-4E4A540B9E26}" = dir=in | app=%programfiles% (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{CB01C104-6AE2-4236-B872-E3B4681FB142}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\need for speed(tm) hot pursuit\launcher.exe | "{CBECF99C-0BEE-4B1A-A378-BBE58895A64C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{CE20EAA4-FBD1-4D05-A2A4-F0F53A080186}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\f1 2011\f1_2011.exe | "{CE3CA614-FB2C-413F-BD30-98D11D647202}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | "{CE90D3FB-EFE2-4D7C-B0F0-2ABD43A93176}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia\game.exe | "{CFDCA182-E586-4B5A-B164-CA054ED4CD88}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe | "{D26FF957-AE43-4C74-B887-4767F8451EE5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\runaway a road adventure\runaway.exe | "{D29EF0AD-9241-4E4B-8A80-125E48642F28}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\runlauncher.bat | "{D323CE74-60C0-4EE0-9456-5EC503C90367}" = protocol=17 | dir=in | app=d:\spiele\rockstar games\max payne 3\playmaxpayne3.exe | "{D46969FA-1FB8-42DD-B4A8-C5A1882D633B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\binaries\win32\batmanac.exe | "{D620F3D0-C926-453D-99ED-A545D8A8C022}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D67C0D63-C9B1-4170-8204-4A90CA3BFD4F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D93DCCB4-2079-48B5-92E7-9C176B6BFB4D}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\kingdoms of amalur reckoning\reckoning.exe | "{D95788F1-FF67-4826-8D4D-B3D732EDD6AA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm | "{D9A961A9-4D22-4269-BDA7-A2837A8B64DA}" = protocol=6 | dir=out | app=system | "{DA5DF1DC-B08D-4508-8B61-3A2BF3F68B3B}" = protocol=6 | dir=in | app=d:\spiele\rockstar games\max payne 3\playmaxpayne3.exe | "{DB9E9803-A32D-4378-9668-F714B6CB2997}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe | "{DBC9C2D7-940B-4ECD-B752-02A6B513DE7C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe | "{DBD1FD71-FC4A-45F5-8655-9B89573F8F11}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | "{DBEE98A7-F1B4-43B2-8622-23F71AED79FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bonuscontent\launch.bat | "{DC825FB0-15A8-4E7C-AE3E-8DBA7DD2F4A7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\test drive unlimited 2\uplauncher.exe | "{DD06856D-CB43-422F-82A7-5C107F10D446}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\common\mediaserver\clmsserverforpdvd11.exe | "{DDD2704F-6E13-408D-8C9C-2B48AE00605F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe | "{DDDF5673-BF4E-4303-B16D-948069D2145A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe | "{DFCD464A-A4F2-4345-9670-6207EA2A84B5}" = protocol=17 | dir=in | app=d:\spiele\dragon age 2\bin_ship\dragonage2.exe | "{E040034B-F196-457D-A343-31569849F05F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe | "{E13B089E-352B-4D93-B92A-ACF199382029}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe | "{E17D2E29-1D7E-4722-B4CC-BE868403ED73}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poker night at the inventory\celebritypoker.exe | "{E240FB7F-8A77-4B9C-9B95-E127717188E9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grid\grid.exe | "{E31C178A-3D3D-43ED-9A79-ACD01ED01ADB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | "{E464EAC7-AD8A-4DA8-B2BF-BA2EF81FB5D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{E4663410-483C-4585-A3C5-294579128617}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monkey2\monkey2.exe | "{E5F105ED-DF90-432C-9B9C-152C9391C425}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{E8C08C8D-196F-4B50-A578-5B0DAE83B171}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{E8F3A4B0-B554-4823-9B18-3E4227E8AAE2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction armageddon\redfactionarmageddon.exe | "{EAEAFA43-B303-4CAC-A801-30E1C2D26F37}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia\game.exe | "{EC1A5427-A442-4385-B85E-839E524A74CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{ECFB9F36-5221-40B6-AB09-79535255FDFF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe | "{ED05D442-C672-4FCC-AB1E-5B8DE9E4CFA4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{EF519410-0F02-479C-84AB-FFC3B79A1826}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe | "{F14C2D0D-023F-4B98-87F2-38ABAD11A582}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum of solace\testapp.exe | "{F286D02C-CB44-4EF2-A286-FB3451931131}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe | "{F31831E3-0ADB-4EF9-9635-DD000023A72F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe | "{F3D491CA-6699-48B2-8A1D-9405E3AAED0D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe | "{F49783DE-00C0-4ED0-B923-A7593C4B46CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\virtua tennis 4\vt4.exe | "{F4CF2523-8AA5-491B-AA88-056AF3F03569}" = protocol=6 | dir=in | app=d:\spiele\disney interactive studios\split second\splitsecond.exe | "{F4ECE582-4506-4FCD-B6F5-39197285F60C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\runaway the dream of the turtle\video card setup.exe | "{F6124DAA-AE49-44B2-98D4-56048AD68285}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{F6445840-2C68-41CD-A1BA-9AE19711E40F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\driver san francisco\driver.exe | "{F73C549C-F32F-447F-A775-BD5CB4C19EC1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{F7505251-2AAA-4AAF-8019-79B897A1FAA5}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{F7E314B3-7BDC-4A62-93EE-3727D5629704}" = protocol=6 | dir=in | app=c:\program files (x86)\twonkymedia\mediamanager\twonkymediamanager.exe | "{F93A4B25-D5B3-4481-9C30-0A32FC5159DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops rcon\blackopsrcon.exe | "{FA3B318E-DEC1-4787-B42D-C7CA1CECD611}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\from dust\from_dust.exe | "{FA401A7C-1105-410C-B68E-B363E4607811}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\syberia\game.exe | "{FB090C11-2BC9-43D1-9D02-84F56155BE9C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe | "{FC278A29-A879-48B6-A4E4-8370D13B25E2}" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkybeam\tmslite\tms-beam.exe | "{FC565523-C3C5-4668-8ED9-8B3D15B10CBC}" = protocol=17 | dir=in | app=c:\program files (x86)\packetvideo\twonkybeam\tmslite\tms-beam.exe | "{FE4DECAE-F6BD-4395-99FD-1ADF9B0B54F6}" = protocol=17 | dir=in | app=c:\program files (x86)\twonkymedia\twonkymediaserver.exe | "{FF0D9EC2-1642-4988-BD8F-38C1B81B2EF3}" = protocol=6 | dir=in | app=c:\program files (x86)\twonkymedia\twonkymediaserver.exe | "{FF4AC1FC-C051-4D63-9A3E-22DB474904A1}" = protocol=17 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\acrsp.exe | "{FF4D97F9-C97D-4B26-BA49-778A8BC74960}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe | "TCP Query User{000D9CA1-50F4-42F0-9704-93C695A0C7A4}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | "TCP Query User{0DAE883B-52B0-4507-9E60-7E6B0B1B31C3}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{0FD6E3E2-C617-4AA9-999D-EF2DA8E12DF9}C:\program files (x86)\twonky\twonkymanager\twonkyrenderer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkymanager\twonkyrenderer.exe | "TCP Query User{3019FBB9-DE2B-4335-9860-F0C01266E227}C:\program files (x86)\twonky\twonkymanager\twonkymanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkymanager\twonkymanager.exe | "TCP Query User{304FC0F1-D61F-4E9F-88B4-02FBFBAEDE58}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe | "TCP Query User{3439DE0D-71F8-44DC-892F-C9772E63B973}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{3B3C0A6F-08A5-4C53-80CD-6C7E538B9E10}C:\program files (x86)\netbeans 6.9.1\bin\netbeans.exe" = protocol=6 | dir=in | app=c:\program files (x86)\netbeans 6.9.1\bin\netbeans.exe | "TCP Query User{3BA549E6-DD8B-4180-9FA5-3B28579C6410}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | "TCP Query User{3CF9F3E0-261F-4C26-B042-D6AD5535437E}C:\program files (x86)\steam\steamapps\common\blur\blur.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe | "TCP Query User{3F66CD30-CEDB-421F-AC15-0817CE767024}C:\program files (x86)\steam\steamapps\common\quantum of solace\jb_liveengine_s.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum of solace\jb_liveengine_s.exe | "TCP Query User{40032EBF-2649-4F28-B812-EAFE7D1F47C7}C:\program files (x86)\steam\steamapps\common\test drive unlimited 2\testdrive2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\test drive unlimited 2\testdrive2.exe | "TCP Query User{4F8C9926-A06C-40F8-8A1C-F2A0CF8C8983}D:\spiele\electronic arts\need for speed(tm) shift\shift.exe" = protocol=6 | dir=in | app=d:\spiele\electronic arts\need for speed(tm) shift\shift.exe | "TCP Query User{5B19A9C7-D3C6-4172-AC15-D1B3DA4D14D9}D:\spiele\rockstar games\eflc\eflc.exe" = protocol=6 | dir=in | app=d:\spiele\rockstar games\eflc\eflc.exe | "TCP Query User{5B59C28C-2072-45F3-8268-B7B0A44718E6}C:\program files (x86)\twonky\twonkybeam\tmslite\tms-beam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkybeam\tmslite\tms-beam.exe | "TCP Query User{63D95FBB-4170-43D0-8C02-43E5FFC410F1}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe | "TCP Query User{69223C06-CB8F-4099-A8ED-4200584D1EDE}C:\ruby\bin\ruby.exe" = protocol=6 | dir=in | app=c:\ruby\bin\ruby.exe | "TCP Query User{7E1EA468-146A-492F-89A1-352E35DD3606}D:\spiele\the witcher 2 enhanced edition\bin\witcher2.exe" = protocol=6 | dir=in | app=d:\spiele\the witcher 2 enhanced edition\bin\witcher2.exe | "TCP Query User{832921BC-E7EB-494D-93D3-12CE1E92C345}D:\spiele\renegade x black dawn\binaries\win32\udk.exe" = protocol=6 | dir=in | app=d:\spiele\renegade x black dawn\binaries\win32\udk.exe | "TCP Query User{882CF7C5-4BC5-4FDA-8295-AF5E9FF6C549}D:\spiele\electronic arts\shift 2 unleashed\shift2u.exe" = protocol=6 | dir=in | app=d:\spiele\electronic arts\shift 2 unleashed\shift2u.exe | "TCP Query User{8979AB65-0EC5-46A8-999D-6A181E84B99B}C:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd.exe | "TCP Query User{8DA3B70A-5F35-4296-9F07-E1075C43AA03}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe | "TCP Query User{8F10B101-6831-4B5C-B401-1D066099D02E}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | "TCP Query User{942FFE9E-1944-4805-8A76-0900DA76B229}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{9D3ED476-2725-4F85-9694-122CE5EF0CF7}C:\program files (x86)\twonkymedia\mediamanager\twonkymediamanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\twonkymedia\mediamanager\twonkymediamanager.exe | "TCP Query User{A15DF8CC-6D25-425C-90AA-45A335C5828C}D:\spiele\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=6 | dir=in | app=d:\spiele\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game | "TCP Query User{A49CC675-0EB8-4E5B-A2F4-442E4821377A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{A58ECADF-2AA8-44C4-976E-505CA3B71963}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{B14A4824-A0E2-4DBD-8436-16B1FFD6E08F}D:\spiele\flatout2\flatout2.exe" = protocol=6 | dir=in | app=d:\spiele\flatout2\flatout2.exe | "TCP Query User{B1E898D1-D4D3-4A91-BB50-20B8F70DAFC9}D:\spiele\rockstar games\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=d:\spiele\rockstar games\max payne 3\maxpayne3.exe | "TCP Query User{B1FC11DD-1993-466B-A2EA-BB50665F0F0E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{B540861D-ED74-4C89-9B7F-8CCA5D8E3FAB}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | "TCP Query User{BFA87DB6-AF59-4442-83BA-7CB596088DA9}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | "TCP Query User{C1F042D0-649C-41B1-873E-FF02A5C11C17}C:\program files (x86)\songbird\songbird.exe" = protocol=6 | dir=in | app=c:\program files (x86)\songbird\songbird.exe | "TCP Query User{C87621CC-31D4-49A0-A7F5-CD4EF2FEB475}C:\program files (x86)\msi\live update 5\lu5.exe" = protocol=6 | dir=in | app=c:\program files (x86)\msi\live update 5\lu5.exe | "TCP Query User{D402CD40-CA2E-4453-926C-A38DF1021C5D}C:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbmp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbmp.exe | "TCP Query User{E99C5246-4F3D-4F50-82AC-1C59DA35F0F9}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe | "TCP Query User{ED93032C-4AEF-4850-81C1-37F0EEBCB775}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "TCP Query User{EE5C55F2-32F8-4D8D-B551-AFBB8E6C01AD}D:\spiele\ubisoft\assassin's creed revelations\acrpr.exe" = protocol=6 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\acrpr.exe | "TCP Query User{F40CD599-028C-4824-82E7-11B6372C2348}D:\spiele\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=d:\spiele\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | "UDP Query User{085C8C6F-D791-4E8D-AA75-31E97920F53E}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe | "UDP Query User{0A960B60-B5D5-40FC-A04D-C6A2C7CD762F}D:\spiele\electronic arts\shift 2 unleashed\shift2u.exe" = protocol=17 | dir=in | app=d:\spiele\electronic arts\shift 2 unleashed\shift2u.exe | "UDP Query User{18D8AB71-8AD4-4BE3-B602-BD5B0CBEC596}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{1C868784-E21D-4D8C-A0DA-9C1370D5AC81}C:\program files (x86)\twonkymedia\mediamanager\twonkymediamanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\twonkymedia\mediamanager\twonkymediamanager.exe | "UDP Query User{2B2C17A5-0435-4740-A8A6-56239A70E979}D:\spiele\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=17 | dir=in | app=d:\spiele\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game | "UDP Query User{3264D148-00FB-467C-98D9-55766283EAB1}C:\program files (x86)\steam\steamapps\common\test drive unlimited 2\testdrive2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\test drive unlimited 2\testdrive2.exe | "UDP Query User{384E24B0-3C74-42FC-892F-69FA07E015C6}C:\program files (x86)\netbeans 6.9.1\bin\netbeans.exe" = protocol=17 | dir=in | app=c:\program files (x86)\netbeans 6.9.1\bin\netbeans.exe | "UDP Query User{3DD9DBA4-2B74-4E75-AE2D-34531712D980}C:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbmp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbmp.exe | "UDP Query User{4043920A-600C-4468-9DA6-E79FA320B2B8}D:\spiele\the witcher 2 enhanced edition\bin\witcher2.exe" = protocol=17 | dir=in | app=d:\spiele\the witcher 2 enhanced edition\bin\witcher2.exe | "UDP Query User{40DA1DD9-E312-4741-8CD4-47BACFB053AE}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{4307064A-6D85-46A1-8CA5-6403B0B69D8A}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{4C78812C-7D18-4BD4-B277-85F8C0A4DEC6}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "UDP Query User{5B25499A-25CE-45A4-BE22-EF17046EBE15}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | "UDP Query User{5BC1F0C0-EF59-4361-937C-29F8A32281D2}D:\spiele\ubisoft\assassin's creed revelations\acrpr.exe" = protocol=17 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\acrpr.exe | "UDP Query User{62028CCA-6228-450C-856A-F89371CBA1C7}C:\program files (x86)\songbird\songbird.exe" = protocol=17 | dir=in | app=c:\program files (x86)\songbird\songbird.exe | "UDP Query User{67FAA403-A522-4E69-A49E-6226BB5B4874}D:\spiele\rockstar games\eflc\eflc.exe" = protocol=17 | dir=in | app=d:\spiele\rockstar games\eflc\eflc.exe | "UDP Query User{7079FFCB-BC7E-43DC-A12C-23DB8F7204C4}C:\ruby\bin\ruby.exe" = protocol=17 | dir=in | app=c:\ruby\bin\ruby.exe | "UDP Query User{86A83B15-46FD-4799-BB39-8AAE15F4391A}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{898ED02E-E04B-43ED-AB34-795FC80A86A5}C:\program files (x86)\twonky\twonkybeam\tmslite\tms-beam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkybeam\tmslite\tms-beam.exe | "UDP Query User{8FB4F0F5-6B8E-4619-A511-74236F02ED55}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | "UDP Query User{9F49B3B8-894C-47A1-A00C-ABD45251A32A}D:\spiele\electronic arts\need for speed(tm) shift\shift.exe" = protocol=17 | dir=in | app=d:\spiele\electronic arts\need for speed(tm) shift\shift.exe | "UDP Query User{A149E5DB-B4DF-4FEE-B7C2-C63D4A2C32DD}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | "UDP Query User{A7D193C6-08D5-4F91-9473-55A455ADA7CD}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{AA23AE06-0396-406E-9F69-D79AD5BE2B1F}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | "UDP Query User{AB0DC069-042D-41DB-B60D-B6985F34A4D3}C:\program files (x86)\msi\live update 5\lu5.exe" = protocol=17 | dir=in | app=c:\program files (x86)\msi\live update 5\lu5.exe | "UDP Query User{B8E9AAC8-21B1-4B7C-AC0B-97CE4B807C52}D:\spiele\renegade x black dawn\binaries\win32\udk.exe" = protocol=17 | dir=in | app=d:\spiele\renegade x black dawn\binaries\win32\udk.exe | "UDP Query User{BA48FA34-1182-42C0-956F-2DBA6E50D5A6}C:\program files (x86)\steam\steamapps\common\blur\blur.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe | "UDP Query User{BA66B97C-A93A-4B7C-857A-34AF9D748F6A}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | "UDP Query User{C0178890-7F72-4FD5-B64C-40F97760ABCA}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe | "UDP Query User{C9B6733F-F770-495C-B0A8-48E7FA6B61BC}C:\program files (x86)\twonky\twonkymanager\twonkyrenderer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkymanager\twonkyrenderer.exe | "UDP Query User{CABB1D7F-1287-4828-9F42-87EE438FDE89}C:\program files (x86)\twonky\twonkymanager\twonkymanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkymanager\twonkymanager.exe | "UDP Query User{CC31FB8D-670E-4F5C-AEDF-D20523994351}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe | "UDP Query User{D84BEDCC-AA3D-400D-8062-C9D5469191D2}D:\spiele\rockstar games\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=d:\spiele\rockstar games\max payne 3\maxpayne3.exe | "UDP Query User{D86DDAE0-08A5-414C-9F08-954D9EBDB152}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe | "UDP Query User{E65B0E4D-8946-4585-AB39-9910C70FCD1C}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{E927AC7D-4EA0-4015-9889-AFFEC858C7CD}C:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd.exe | "UDP Query User{EA185ACA-CC31-48B0-8920-E9C70E1B6E02}D:\spiele\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=d:\spiele\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | "UDP Query User{F0518E07-8581-4B23-99EF-7277A50B4C40}D:\spiele\flatout2\flatout2.exe" = protocol=17 | dir=in | app=d:\spiele\flatout2\flatout2.exe | "UDP Query User{F09D5FA8-88D3-4AE4-9F10-78D637D0D425}C:\program files (x86)\steam\steamapps\common\quantum of solace\jb_liveengine_s.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum of solace\jb_liveengine_s.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode "{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10 "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{23170F69-40C1-2702-0921-000001000000}" = 7-Zip 9.21 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit) "{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}" = Logitech G35 "{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8A61B820-598D-05B2-5F8D-7388E15AE2DB}" = AMD Drag and Drop Transcoding "{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4 "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{BC39713D-B14D-4BB0-9663-BC9F7B8AB1F2}" = O&O Defrag Professional "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "CPUID HWMonitor_is1" = CPUID HWMonitor 1.17 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "R for Windows 2.13.0_is1" = R for Windows 2.13.0 "sp6" = Logitech SetPoint 6.30 "TeamSpeak 3 Client" = TeamSpeak 3 Client "UDK-1a471f6e-c50d-494a-a882-bedeb3d55b0d" = Renegade X Black Dawn "Unlocker" = Unlocker 1.9.1-x64 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5 "{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}" = Need for Speed™ The Run "{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian "{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3 "{1B0FBB9A-995D-47CD-87CD-13E68B676E4F}" = Mass Effect "{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{281EBDB4-E1DC-48AD-AA21-1F18BC22C49E}" = Brother HL-2140 "{28526951-55EF-4901-A0CA-B9AC966D1DD1}" = Split/Second "{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3 "{2C87389F-F0B3-4F7B-BCDD-96E3571AECD4}" = Zinio Tablet Reader "{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish "{2FC7CE3A-23E5-41E8-975B-AA0236D649FD}" = Quicken DELUXE 2012 "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All "{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.03 "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3BB70E64-28C9-4FA9-B702-C30D29CC7B74}_is1" = Broken Sword 2 Remastered version 1.0 "{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3 "{434D0FA0-AB8C-497F-B30A-7A1000018201}" = DiRT 3 "{450008C6-3722-4214-AB4F-9E45B57CB422}" = DDBAC "{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.0.25 "{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese "{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3 "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City "{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional "{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German "{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit "{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek "{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade "{68DED384-1F74-4AEE-8B8E-95AF15572FE3}" = Port Royale 3 "{698B7D8B-0F43-4A19-8B9B-47F1EFEB858F}_is1" = ControlCenter "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75EA97E2-BAD7-45DF-8196-82A828BF47DC}" = Royal Doppelkopf "{761E061F-FB8E-BBB4-69A4-B1DEF3640DB7}" = Zinio Reader 4 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7CC673E7-5271-409D-B196-BB76DA60300B}" = Twonky Windows Components "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit "{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English "{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D746EA3-4D2C-4A2F-BB99-BF235EB46370}" = GO Contact Sync Mod "{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish "{A1644527-B0FF-485B-8412-3C7504A2F188}" = Quantum of Solace(TM) 1.1 Patch "{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{B02A7816-AA3D-4BCB-9FEC-3ED4D5CC6E5C}" = Royal Skat "{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3 "{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish "{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French "{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT "{C3A3F865-CB15-4218-89CF-B23DA3FD1E42}_is1" = A Stroke Of Fate. Operation Valkyrie "{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}" = Application Profiles "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C908A5AC-4F61-4B9A-8A51-48B5696C53B1}" = Lexware online banking "{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath "{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel "{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean "{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game "{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center "{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian "{DB451A33-A351-4936-83E2-08B424445766}" = Qw Update "{DDE59617-F59A-473B-BC4E-C2B81F6CD38D}" = Command & Conquer™ Red Alert™ 3 Uprising "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E3BF6182-0310-49C2-A926-8A75516337F3}_is1" = Pole Position 2012 Version 1.0 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover "{E8828ACA-EB7B-4412-856D-E79318840919}" = MusicBee "{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™ "{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish "{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12 "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11 "{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II "{F66CEEED-256F-4DD6-9AD9-50ECF89CB286}" = ncid.Net 2.7.21 "{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "33B31D6D-7EFB-45A3-AC50-4DAF98042443_is1" = The Book Of Unwritten Tales: Die Vieh Chroniken Version 1.2 "Adobe AIR" = Adobe AIR "Alan Wake_is1" = Alan Wake "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "ArtMoney PRO_is1" = ArtMoney PRO v7.38 "Captain Morgane1.0" = Captain Morgane "DAEMON Tools Lite" = DAEMON Tools Lite "DivX Setup" = DivX-Setup "Downloader" = Downloader "eMule" = eMule "ESN Sonar-0.70.4" = ESN Sonar "Exact Audio Copy" = Exact Audio Copy 1.0beta3 "Gabriel Knight - Sins of the Fathers_is1" = Gabriel Knight - Sins of the Fathers "Gabriel Knight 2 - The Beast Within_is1" = Gabriel Knight 2 - The Beast Within "Gabriel Knight 3 - Blood of the Sacred, Blood of~B6A61117_is1" = Gabriel Knight 3 - Blood of the Sacred, Blood of the Damned "GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3 "Google Calendar Sync" = Google Calendar Sync "HackerEvolutionDuality" = Hacker Evolution Duality(remove only) "Haunted_is1" = Haunted "InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "InstallShield_{A1644527-B0FF-485B-8412-3C7504A2F188}" = Quantum of Solace(TM) 1.1 Patch "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11 "JDownloader" = JDownloader "KeePassPasswordSafe2_is1" = KeePass Password Safe 2.16 "Law and Order - Legacies" = Law and Order - Legacies "Lost Chronicles of Zerzura_is1" = Lost Chronicles of Zerzura "MagniDriver" = marvell 91xx driver "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Miranda IM" = Miranda IM 0.9.48 "MKVToolNix" = MKVToolNix 5.3.0 "Mozart, Das letzte Geheimnis…_is1" = MOZART de 1.0 "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.49b "NAVIGON Fresh" = NAVIGON Fresh 3.4.1 "nbi-glassfish-mod-3.0.1.22.0" = GlassFish Server Open Source Edition 3.0.1 "nbi-nb-base-6.9.1.0.0" = NetBeans IDE 6.9.1 "Notepad++" = Notepad++ "Office14.SingleImage" = Microsoft Office Professional 2010 "OpenAL" = OpenAL "Origin" = Origin "pcsx2-r3878" = PCSX2 - Playstation 2 Emulator "pcsx2-r4600" = PCSX2 - Playstation 2 Emulator "Picasa 3" = Picasa 3 "PokerStars" = PokerStars "PokerStars.net" = PokerStars.net "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "PunkBusterSvc" = PunkBuster Services "Puzzle Agent 2" = Puzzle Agent 2 "Rockstar Games Social Club" = Rockstar Games Social Club "Sniper Elite V2_is1" = Sniper Elite V2 "Songbird-release-2160" = Songbird 1.10.1 (Build 2160) "Steam App 10080" = Quantum of Solace "Steam App 10180" = Call of Duty: Modern Warfare 2 "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "Steam App 107100" = Bastion "Steam App 11440" = DiRT "Steam App 12750" = GRID "Steam App 17470" = Dead Space "Steam App 201280" = Deus Ex: Human Revolution - The Missing Link "Steam App 20540" = Company of Heroes: Tales of Valor "Steam App 207270" = DiRT Showdown Demo "Steam App 20930" = The Witcher 2: Bonus Content "Steam App 21780" = Driver: Parallel Lines "Steam App 22330" = The Elder Scrolls IV: Oblivion "Steam App 22885" = Dragon Age: Origins - Ultimate - Prima Official Strategy Guide "Steam App 22896" = Tropico 4: Prima Official Strategy Guide "Steam App 28050" = Deus Ex: Human Revolution "Steam App 32370" = Star Wars: Knights of the Old Republic "Steam App 33440" = Driver San Francisco "Steam App 33460" = From Dust "Steam App 35140" = Batman: Arkham Asylum GOTY Edition "Steam App 39160" = Dungeon Siege III "Steam App 42640" = Blur "Steam App 42710" = Call of Duty: Black Ops - Multiplayer "Steam App 4560" = Company of Heroes "Steam App 46500" = Syberia "Steam App 46510" = Syberia 2 "Steam App 47810" = Dragon Age: Origins - Ultimate Edition "Steam App 48000" = LIMBO "Steam App 48240" = Anno 2070 "Steam App 55110" = Red Faction: Armageddon "Steam App 57400" = Batman: Arkham City™ "Steam App 57690" = Tropico 4 "Steam App 6860" = Hitman: Blood Money "Steam App 71390" = Virtua Tennis 4 "Steam App 7210" = Runaway: A Road Adventure "Steam App 7220" = Runaway: The Dream of the Turtle "Steam App 72850" = The Elder Scrolls V: Skyrim "Steam App 7940" = Call of Duty 4: Modern Warfare "Steam App 8930" = Sid Meier's Civilization V "Tatort London 2" = Tatort London 2 "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "The Rockin' Dead" = The Rockin' Dead "The Witcher 2 - Assassins of Kings Enhanced Edition_is1" = The Witcher 2 - Assassins of Kings Enhanced Edition "TVgenial" = TVgenial 4.10 "TwonkyManager" = TwonkyManager "uTorrent" = µTorrent "Video Strip Poker Supreme" = Video Strip Poker Supreme "VLC media player" = VLC media player 2.0.1 "webmmf" = WebM Media Foundation Components "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinGimp-2.0_is1" = GIMP 2.6.11 "xp-AntiSpy" = xp-AntiSpy 3.97-11 "Yesterday (de)" = Der Fall John Yesterday (Deutsch) "Zinio Reader" = Zinio Reader "ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{17E73B15-62D2-43FD-B851-ACF86A8C9D25}_is1" = Ruby 1.9.3-p194 "Dropbox" = Dropbox "FileZilla Client" = FileZilla Client 3.5.3 "Google Chrome" = Google Chrome "UnityWebPlayer" = Unity Web Player ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
|
08.06.2012, 14:39
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Infizierung mit locked-Trojaner Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
08.06.2012, 20:16
| #3 |
| | Infizierung mit locked-Trojaner Hier die beiden Logs. wobei die von eset wohl nicht so ganz den Erwartungen entsprechen dürfte...
__________________Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.08.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: COMPUTER677 [Administrator] Schutz: Aktiviert 08.06.2012 15:55:35 mbam-log-2012-06-08 (15-55-35).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 871320 Laufzeit: 1 Stunde(n), 3 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.06.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: COMPUTER677 [Administrator] Schutz: Aktiviert 06.06.2012 14:36:37 mbam-log-2012-06-06 (14-36-37).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 877732 Laufzeit: 1 Stunde(n), 52 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|363CE251 (Trojan.Ransom) -> Daten: C:\Users\***\AppData\Roaming\Rprmdwdo\4AECC10A363CE25178AE.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\***\AppData\Roaming\Rprmdwdo\4AECC10A363CE25178AE.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Steam\SteamApps\common\mafia\nmss.mafia1.3trnr.exe (HackTool.GamesCheat.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\3a622bd4-4557fc13 (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\Downloads\DecryptHelper-0.5.3.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
08.06.2012, 20:36
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierung mit locked-TrojanerZitat:
 ESET hast du wahrscheinlich falsch gemacht, da gab es extra einen dicken Hinweis zu Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
09.06.2012, 00:24
| #5 |
| | Infizierung mit locked-Trojaner Verdammt, hatte Chrome noch als Admin gestartet, da es aber da nicht ging hab ich den IE benutzt und dann vergessen, den als Admin zu starten. Naja, beim zweiten Mal hats jetzt geklappt. Ist der Trainer wirklich gefährlich? Ich ging davon aus, dass das ein Gamehack wie tausend andere ist. Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-08 11:18:25
# local_time=2012-06-09 01:18:25 (+0100, Mitteleuropäische Sommerzeit)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 37057990 90813306 0 0
# compatibility_mode=8192 67108863 100 0 15479 15479 0 0
# scanned=655288
# found=6
# cleaned=0
# scan_time=14049
C:\Program Files (x86)\Steam\SteamApps\hypocrite666\bloody good time\bin\unitlib.dll probably a variant of Win32/TrojanDownloader.Agent.ISBBRGK trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Stefan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D8WUYDWE\advlive_biz[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\Stefan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D8WUYDWE\legitonlinejobs_com[1].htm HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\Stefan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\67200140-56d36bb7 Java/Exploit.Agent.NBW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Stefan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\5062998-1539eb6a a variant of Java/Agent.DM trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Stefan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\3bea1ec7-566f8acc multiple threats (unable to clean) 00000000000000000000000000000000 I
|
|
09.06.2012, 22:46
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierung mit locked-Trojaner Trainer sind idR ein unnötiges Risiko, hab schon oft infizierte Dinger gesehen. Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ --> Infizierung mit locked-Trojaner |
|
09.06.2012, 23:03
| #7 |
| | Infizierung mit locked-Trojaner Scheint alles zu laufen, habe nach dem Wiederherstellen keine Probleme mehr gehabt, Icons sind auch alle da. |
|
10.06.2012, 00:33
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierung mit locked-Trojaner Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.06.2012, 09:05
| #9 |
| | Infizierung mit locked-Trojaner OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.06.2012 09:50:48 - Run 2 OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\***\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,97 Gb Total Physical Memory | 5,92 Gb Available Physical Memory | 74,23% Memory free 15,94 Gb Paging File | 13,68 Gb Available in Paging File | 85,86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 240,53 Gb Free Space | 25,82% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 93,20 Gb Free Space | 10,01% Space Free | Partition Type: NTFS Drive Z: | 2,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: COMPUTER677 | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.06 14:51:41 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2012.05.07 21:49:40 | 002,240,512 | ---- | M] (Gerhard Junker) -- C:\Program Files (x86)\ncid.Net\ncid.Net.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.03.29 13:45:40 | 001,626,952 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe PRC - [2012.03.29 13:43:16 | 000,545,608 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe PRC - [2012.03.29 13:43:16 | 000,267,080 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe PRC - [2012.03.29 13:43:14 | 000,537,416 | ---- | M] (PacketVideo) -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe PRC - [2012.03.23 18:49:19 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\***\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe PRC - [2012.03.20 00:58:52 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe PRC - [2012.02.14 21:25:37 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2012.02.14 21:25:28 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.09.14 15:48:20 | 000,230,696 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.03.31 16:08:14 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2010.11.17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.10.05 09:32:58 | 001,811,800 | ---- | M] (Logitech(c)) -- C:\Program Files (x86)\Logitech\G35\G35.exe PRC - [2008.10.17 16:52:16 | 000,099,632 | ---- | M] (brother) -- C:\Program Files (x86)\Brownie\brpjp04a.exe ========== Modules (No Company Name) ========== MOD - [2012.05.20 02:02:30 | 001,604,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ncid.Net.resources\dc1c80a5364aa7b7ea356603d508b309\ncid.Net.resources.ni.dll MOD - [2012.05.20 02:02:29 | 000,021,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ncid.Net.PhoneNumber\39224a61e5ce3f5a01892361d7bea07f\ncid.Net.PhoneNumber.ni.dll MOD - [2012.05.20 02:02:28 | 002,476,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ncid.Net\423441128e84a7f3673ac1b5f66e518d\ncid.Net.ni.exe MOD - [2012.05.10 00:05:16 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.ni.dll MOD - [2012.05.10 00:05:16 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.Wrapper.dll MOD - [2012.05.10 00:05:15 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\67a386434938003bceb0752e979dabb3\System.Transactions.ni.dll MOD - [2012.05.10 00:04:57 | 001,880,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\75b4d98f7c7a434aff4e18cb724deae4\System.Deployment.ni.dll MOD - [2012.05.09 15:17:22 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll MOD - [2012.05.09 15:17:22 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll MOD - [2012.05.09 15:17:19 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll MOD - [2012.05.09 15:17:18 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll MOD - [2012.05.09 15:17:16 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll MOD - [2012.05.09 15:17:15 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll MOD - [2012.05.09 15:17:15 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll MOD - [2012.05.09 15:17:11 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll MOD - [2012.02.13 17:32:24 | 000,501,760 | R--- | M] () -- C:\Program Files (x86)\ncid.Net\irrKlang.NET4.dll MOD - [2012.02.13 17:32:24 | 000,159,744 | R--- | M] () -- C:\Program Files (x86)\ncid.Net\ikpflac.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc) SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.05.19 16:42:43 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.05.06 02:47:33 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.29 13:43:16 | 000,545,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe -- (TwonkyProxy) SRV - [2012.03.29 13:43:16 | 000,267,080 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe -- (TwonkyWebDav) SRV - [2012.03.29 13:43:14 | 000,537,416 | ---- | M] (PacketVideo) [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe -- (TwonkyServer) SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.02.28 00:06:48 | 003,280,208 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\Defrag\oodag.exe -- (OODefragAgent) SRV - [2012.02.14 21:25:37 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2012.02.14 21:25:28 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.22 15:59:00 | 000,024,576 | ---- | M] (Realtek Semiconductor.) [Auto | Stopped] -- C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe -- (SetupARService) SRV - [2011.09.02 06:13:49 | 000,292,136 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service) SRV - [2011.09.02 06:13:47 | 000,075,048 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service) SRV - [2011.08.24 03:13:43 | 000,083,240 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD) SRV - [2011.06.17 09:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011.05.03 19:57:33 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc) SRV - [2011.03.31 16:08:14 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010.11.20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.01 15:02:56 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.08.23 22:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.04.30 13:59:32 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2011.04.30 13:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.04.30 13:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.12.10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.11.22 09:09:06 | 000,303,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx) DRV:64bit: - [2010.11.22 09:09:06 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons) DRV:64bit: - [2010.11.20 15:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 15:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 13:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd) DRV:64bit: - [2010.11.20 13:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.09 14:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2010.10.19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.09.29 11:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys -- (LADF_SBVM) DRV:64bit: - [2010.09.29 11:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys -- (LADF_DHP2) DRV:64bit: - [2010.09.07 04:37:26 | 000,121,432 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2010.08.24 19:28:24 | 000,030,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd) DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010.06.09 18:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nm3.sys -- (nm3) DRV:64bit: - [2010.04.27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid) DRV:64bit: - [2010.04.27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum) DRV:64bit: - [2010.04.27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore) DRV:64bit: - [2010.04.27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter) DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.11.01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl) DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV - [2011.10.25 12:14:06 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2011.09.02 12:08:46 | 000,148,976 | ---- | M] (CyberLink Corp.) [2011/10/20 10:54:49] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) DRV - [2011.08.24 03:13:44 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD) DRV - [2011.01.06 12:06:56 | 000,011,888 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Setup Files\Ms7681v1G0\NTIOLib_X64.sys -- (NTIOLib_1_0_6) DRV - [2010.10.22 10:37:36 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys -- (NTIOLib_1_0_4) DRV - [2010.07.01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2010.05.10 10:44:40 | 000,033,592 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys -- (MSI_MSIBIOS_010507) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C5 AF DA FE E7 F4 CB 01 [binary data] IE - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\..\SearchScopes,DefaultScope = {5E0392FD-BFF4-4931-AFF0-2B13B19635EC} IE - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\..\SearchScopes\{5E0392FD-BFF4-4931-AFF0-2B13B19635EC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files (x86)\Downloader\npdd.dll (Metaboli) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.18 19:47:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.20 01:58:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.19 16:20:44 | 000,000,000 | ---D | M] [2011.11.08 18:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.11.08 18:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [2012.05.20 01:58:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\y418s5aa.default\extensions [2011.04.07 11:20:20 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\y418s5aa.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB} [2011.05.26 11:02:50 | 000,000,000 | ---D | M] ("DHL Packstation Bestellhelfer") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\y418s5aa.default\extensions\{ff0981f1-9827-44a3-88cd-e760430793c9} [2011.08.09 12:16:31 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\y418s5aa.default\extensions\DeviceDetection@logitech.com [2011.08.05 22:26:12 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\y418s5aa.default\extensions\https-everywhere@eff.org [2012.05.20 01:58:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.05 10:13:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {D6E0063B-7B09-45C9-A51D-1FB51840EBE0} - No CLSID value found. O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [OODefragTray] C:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c)) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000..\Run: [KeePass Password Safe 2] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000..\Run: [ncid.Net] "C:\Program Files (x86)\ncid.Net\ncid.Net.exe" wait File not found O4 - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000..\Run: [TVgenial] C:\Program Files (x86)\TVgenial\TVgenial.exe (ARAKON TVgenial Systems GbR) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O7 - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O7 - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Add to Playlist - res://C:\Program Files (x86)\Twonky\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/314 File not found O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Add to Playlist - res://C:\Program Files (x86)\Twonky\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/314 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{351D8CE3-E5D2-4ED1-8315-AA4EDD4663F1}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64B4B76D-4E68-4B4E-B387-020CD9EC3264}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.06.28 19:48:59 | 000,000,000 | R--D | M] - Z:\AutoRun -- [ UDF ] O32 - AutoRun File - [2005.11.01 06:09:50 | 000,729,088 | R--- | M] (Electronic Arts Inc.) - Z:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2005.11.01 06:43:36 | 000,000,160 | R--- | M] () - Z:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2005.10.14 11:02:16 | 000,585,728 | R--- | M] (Electronic Arts Inc.) - Z:\AutoRunGUI.dll -- [ UDF ] O33 - MountPoints2\{2388cac6-ffb7-11e0-852f-6c626d39f87a}\Shell - "" = AutoRun O33 - MountPoints2\{2388cac6-ffb7-11e0-852f-6c626d39f87a}\Shell\AutoRun\command - "" = Z:\AutoRun.exe -- [2005.11.01 06:09:50 | 000,729,088 | R--- | M] (Electronic Arts Inc.) O33 - MountPoints2\{63d9be46-6082-11e0-8228-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{63d9be46-6082-11e0-8228-806e6f6e6963}\Shell\AutoRun\command - "" = E:\DVDSetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk - C:\PROGRA~2\Google\GOOGLE~2\GOOGLE~1.EXE - (Google) MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: LexwareInfoService - hkey= - key= - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) MsConfig:64bit - StartUpReg: LGODDFU - hkey= - key= - C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader) MsConfig:64bit - StartUpReg: Live Update 5 - hkey= - key= - C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe () MsConfig:64bit - StartUpReg: Super-Charger - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.VSPX - C:\Windows\SysWow64\vspxvfw.dll () Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.09 11:16:26 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\NFS Most Wanted [2012.06.08 17:06:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.06.07 16:48:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\GOG.com [2012.06.06 14:33:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.06.06 14:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.06 14:33:29 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.06 14:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.06 14:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.06 11:32:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Rprmdwdo [2012.06.05 19:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Her Interactive [2012.06.05 18:34:36 | 000,000,000 | ---D | C] -- C:\CloneDVDTemp [2012.06.05 18:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Elaborate Bytes [2012.06.05 18:06:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes [2012.06.05 17:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft [2012.06.05 17:51:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlySoft [2012.06.01 15:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2012.05.26 20:08:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\FLT [2012.05.24 17:03:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ZinioTabletReader [2012.05.22 17:18:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1 [2012.05.20 01:58:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.05.20 01:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.05.19 16:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.05.19 16:20:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.10 09:54:05 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2332116217-2143763194-2837301324-1000UA.job [2012.06.10 09:52:17 | 000,000,250 | ---- | M] () -- C:\Windows\Brownie.ini [2012.06.10 09:49:47 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.10 09:49:47 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.10 09:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.10 09:46:26 | 001,805,536 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.10 09:46:26 | 000,774,964 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.10 09:46:26 | 000,716,104 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.10 09:46:26 | 000,175,598 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.10 09:46:26 | 000,143,440 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.10 09:42:50 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.10 09:41:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.10 09:41:56 | 2122,235,903 | -HS- | M] () -- C:\hiberfil.sys [2012.06.10 09:41:55 | 000,125,481 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2012.06.10 00:04:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.09 17:54:27 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2332116217-2143763194-2837301324-1000Core.job [2012.06.09 15:18:13 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk [2012.06.07 17:14:48 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\Episode 4 - Blackwell Deception.lnk [2012.06.07 17:14:42 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\Episode 3 - Blackwell Convergence.lnk [2012.06.06 21:49:39 | 000,000,168 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.06.06 21:06:36 | 000,002,739 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2012 Zahlungserinnerung.lnk [2012.06.06 21:01:08 | 000,000,083 | ---- | M] () -- C:\ProgramData\.zreglib [2012.06.06 21:01:08 | 000,000,011 | ---- | M] () -- C:\ProgramData\.tv6 [2012.06.06 19:20:52 | 000,007,604 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.06.06 19:20:49 | 000,000,847 | ---- | M] () -- C:\Users\***\.recently-used.xbel [2012.06.06 11:44:50 | 000,007,604 | ---- | M] () -- C:\Users\***\AppData\Local\locked-Resmon.ResmonCfg.xgpf [2012.06.06 11:43:54 | 000,000,847 | ---- | M] () -- C:\Users\***\locked-.recently-used.xbel.anxj [2012.06.06 11:43:22 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\locked-00002C3C.LCS.tkfo [2012.06.06 11:42:24 | 000,000,083 | ---- | M] () -- C:\ProgramData\locked-.zreglib.cyyp [2012.06.06 11:42:24 | 000,000,011 | ---- | M] () -- C:\ProgramData\locked-.tv6.rntp [2012.06.05 18:26:31 | 1805,090,816 | ---- | M] () -- C:\Users\***\Documents\DVD.ISO [2012.06.05 18:26:31 | 000,004,316 | ---- | M] () -- C:\Users\***\Documents\DVD.MDS [2012.06.05 18:21:54 | 2578,579,455 | ---- | M] () -- C:\Users\***\Documents\SAFE_FACHPUBLIKUM.ISO [2012.06.05 18:21:54 | 000,008,430 | ---- | M] () -- C:\Users\***\Documents\SAFE_FACHPUBLIKUM.MDS [2012.06.04 17:33:35 | 000,000,040 | ---- | M] () -- C:\Windows\RUNAWAY2.INI [2012.06.01 15:10:31 | 000,000,856 | ---- | M] () -- C:\Users\***\Desktop\Max Payne 3.lnk [2012.05.26 20:08:39 | 000,001,155 | ---- | M] () -- C:\Users\***\Desktop\DiRT Showdown.lnk [2012.05.25 18:12:16 | 000,000,220 | ---- | M] () -- C:\Users\***\Desktop\Sid Meier's Civilization V.url [2012.05.22 20:55:33 | 000,000,220 | ---- | M] () -- C:\Users\***\Desktop\Hitman Blood Money.url [2012.05.19 16:11:11 | 000,001,061 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.09 11:07:18 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk [2012.06.07 17:14:48 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\Episode 4 - Blackwell Deception.lnk [2012.06.07 17:14:42 | 000,001,054 | ---- | C] () -- C:\Users\Public\Desktop\Episode 3 - Blackwell Convergence.lnk [2012.06.06 21:49:39 | 000,000,168 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.06.06 21:01:08 | 000,000,083 | ---- | C] () -- C:\ProgramData\.zreglib [2012.06.06 21:01:08 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv6 [2012.06.06 19:20:52 | 000,007,604 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.06.06 19:20:49 | 000,000,847 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2012.06.05 18:26:31 | 000,004,316 | ---- | C] () -- C:\Users\***\Documents\DVD.MDS [2012.06.05 18:23:16 | 1805,090,816 | ---- | C] () -- C:\Users\***\Documents\DVD.ISO [2012.06.05 18:21:54 | 000,008,430 | ---- | C] () -- C:\Users\***\Documents\SAFE_FACHPUBLIKUM.MDS [2012.06.05 18:08:36 | 2578,579,455 | ---- | C] () -- C:\Users\***\Documents\SAFE_FACHPUBLIKUM.ISO [2012.06.05 17:54:50 | 000,000,083 | ---- | C] () -- C:\ProgramData\locked-.zreglib.cyyp [2012.06.04 17:33:35 | 000,000,040 | ---- | C] () -- C:\Windows\RUNAWAY2.INI [2012.06.01 15:31:40 | 000,000,856 | ---- | C] () -- C:\Users\***\Desktop\Max Payne 3.lnk [2012.05.26 20:08:39 | 000,001,155 | ---- | C] () -- C:\Users\***\Desktop\DiRT Showdown.lnk [2012.05.25 18:12:16 | 000,000,220 | ---- | C] () -- C:\Users\***\Desktop\Sid Meier's Civilization V.url [2012.05.22 20:55:33 | 000,000,220 | ---- | C] () -- C:\Users\***\Desktop\Hitman Blood Money.url [2012.05.19 16:11:11 | 000,001,061 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.02.17 18:03:35 | 000,000,087 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.12.22 15:58:26 | 000,000,974 | ---- | C] () -- C:\Windows\SysWow64\setup.ini [2011.12.22 15:58:26 | 000,000,473 | ---- | C] () -- C:\Windows\SysWow64\layout.bin [2011.12.11 05:03:58 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.12.11 05:03:58 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.10.28 11:40:48 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.10.01 00:01:25 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.07.28 23:35:45 | 000,000,040 | ---- | C] () -- C:\Windows\RUNAWAY.INI [2011.07.27 12:50:24 | 000,007,604 | ---- | C] () -- C:\Users\***\AppData\Local\locked-Resmon.ResmonCfg.xgpf [2011.07.25 13:51:40 | 000,038,439 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2011.06.29 15:24:56 | 000,000,371 | ---- | C] () -- C:\Windows\lgfwup.ini [2011.06.15 21:31:58 | 000,000,011 | ---- | C] () -- C:\ProgramData\locked-.tv6.rntp [2011.05.14 02:52:16 | 000,000,000 | ---- | C] () -- C:\Windows\Secrets.INI [2011.05.09 02:53:32 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011.04.29 10:43:46 | 000,000,087 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc [2011.04.24 00:27:28 | 000,000,062 | ---- | C] () -- C:\Windows\nfsc_patch.ini [2011.04.17 08:21:56 | 000,000,021 | ---- | C] () -- C:\Windows\Quicken.ini [2011.04.09 22:03:14 | 000,005,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.07 23:30:24 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2011.04.07 23:30:24 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini [2011.04.07 23:30:24 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2011.04.07 23:30:22 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2140.INI [2011.04.07 23:29:39 | 000,000,250 | ---- | C] () -- C:\Windows\Brownie.ini [2011.04.07 23:27:07 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.04.07 23:27:07 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2140.DAT [2011.04.07 13:50:15 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.04.07 13:50:13 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.04.06 22:14:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.04.06 21:44:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.04.06 21:43:32 | 001,830,866 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.10.21 14:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll [2010.10.21 14:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll [2010.10.21 14:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll ========== LOP Check ========== [2012.05.07 00:48:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.mono [2011.10.23 23:06:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\2K Sports [2011.06.23 14:29:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Activision [2012.02.08 21:34:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2012.01.18 12:06:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BigHugeEngine [2012.04.04 15:57:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\bizarre creations [2011.10.23 15:46:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BlackBean [2011.07.08 12:44:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Brawsome [2011.08.04 17:15:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Kane's Wrath [2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command and Conquer 4 [2011.07.31 14:40:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ContentGuard [2012.06.06 19:08:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2011.04.17 08:30:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DataDesign [2012.06.10 09:44:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2011.05.26 14:55:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EAC [2011.07.26 23:50:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ESM-Tools [2012.06.02 15:01:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2011.07.28 11:57:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GoContactSyncMOD [2012.06.07 16:48:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GOG.com [2012.04.03 01:38:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2011.08.15 19:11:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ivacy [2012.06.08 10:31:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Kalypso Media [2012.06.10 09:49:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass [2011.04.06 22:22:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2012.04.11 13:56:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LegacyInteractive [2011.04.17 08:28:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexware [2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LucasArts [2012.04.27 17:01:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda [2012.02.29 14:05:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mkvtoolnix [2012.03.05 20:43:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag [2011.05.13 14:51:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MusicBee [2012.04.18 21:27:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MysteryStudio [2012.03.27 15:19:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2011.10.21 14:40:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin [2011.07.28 11:27:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Outlook [2012.05.07 00:51:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pole Position 2012 [2011.04.22 01:35:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PQube [2011.12.07 16:56:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDISC [2011.12.03 11:36:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PunkBuster [2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Red Alert 3 [2012.04.15 22:52:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Red Alert 3 Uprising [2012.06.06 19:01:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rprmdwdo [2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\runic games [2011.11.08 18:21:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Songbird2 [2012.03.30 10:54:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tropico 4 [2011.08.10 09:47:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tropico 4 Demo [2011.12.19 21:40:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2012.06.10 09:48:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TVgenial [2012.04.28 17:13:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TwonkyMedia [2012.04.28 17:10:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TwonkyServer [2012.03.16 22:00:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft [2012.06.05 19:14:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent [2012.05.22 17:18:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1 [2011.12.08 13:10:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1.bak [2012.04.01 01:42:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1.sic [2012.03.15 00:50:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1.sic2 [2009.07.14 07:08:49 | 000,028,350 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.05.07 00:48:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.mono [2011.10.23 23:06:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\2K Sports [2011.05.26 16:17:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AccurateRip [2011.06.23 14:29:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Activision [2012.03.15 00:49:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe [2012.02.08 21:34:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2011.11.16 12:11:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer [2011.04.06 21:45:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ATI [2012.01.18 12:06:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BigHugeEngine [2012.04.04 15:57:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\bizarre creations [2011.10.23 15:46:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BlackBean [2011.07.08 12:44:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Brawsome [2011.04.08 00:09:02 | 000,000,000 | R--D | M] -- C:\Users\***\AppData\Roaming\Brother [2011.08.04 17:15:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Kane's Wrath [2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command and Conquer 4 [2011.07.31 14:40:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ContentGuard [2011.10.20 10:58:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CyberLink [2012.06.06 19:08:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2011.04.17 08:30:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DataDesign [2011.04.18 14:02:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX [2012.06.10 09:44:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2012.06.05 18:51:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss [2011.05.26 14:55:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EAC [2011.07.26 23:50:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ESM-Tools [2012.06.02 15:01:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2011.07.28 11:57:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GoContactSyncMOD [2012.06.07 16:48:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GOG.com [2012.04.03 01:38:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2011.04.06 21:22:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities [2011.04.12 22:43:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IDMComp [2011.04.17 08:27:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield [2011.08.15 19:11:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ivacy [2012.06.08 10:31:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Kalypso Media [2012.06.10 09:49:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass [2011.04.06 22:22:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2012.04.11 13:56:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LegacyInteractive [2011.04.17 08:28:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexware [2011.04.06 22:17:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logishrd [2011.04.07 11:03:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logitech [2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LucasArts [2011.04.07 12:07:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia [2012.06.06 14:33:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes [2009.07.14 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs [2012.06.04 11:00:15 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft [2012.04.27 17:01:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda [2012.02.29 14:05:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mkvtoolnix [2011.04.07 11:20:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla [2012.03.05 20:43:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag [2011.05.13 14:51:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MusicBee [2012.04.18 21:27:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MysteryStudio [2012.03.27 15:19:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2011.10.21 14:40:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin [2011.07.28 11:27:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Outlook [2012.05.07 00:51:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pole Position 2012 [2011.04.22 01:35:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PQube [2011.12.07 16:56:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDISC [2011.12.03 11:36:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PunkBuster [2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Red Alert 3 [2012.04.15 22:52:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Red Alert 3 Uprising [2012.06.06 19:01:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rprmdwdo [2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\runic games [2011.04.26 00:48:28 | 000,000,000 | RH-D | M] -- C:\Users\***\AppData\Roaming\SecuROM [2012.06.10 09:48:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype [2011.04.06 22:14:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM [2011.11.08 18:21:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Songbird2 [2011.12.22 23:28:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\teamspeak2 [2012.03.30 10:54:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tropico 4 [2011.08.10 09:47:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tropico 4 Demo [2011.12.19 21:40:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2012.06.10 09:48:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TVgenial [2012.04.28 17:13:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TwonkyMedia [2012.04.28 17:10:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TwonkyServer [2012.03.16 22:00:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft [2012.06.05 19:14:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent [2012.06.05 18:51:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc [2011.04.07 21:42:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR [2012.05.22 17:18:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1 [2011.12.08 13:10:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1.bak [2012.04.01 01:42:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1.sic [2012.03.15 00:50:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1.sic2 < %APPDATA%\*.exe /s > [2012.05.04 20:41:36 | 027,087,944 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012.04.12 08:46:46 | 000,872,040 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe [2012.05.04 20:42:16 | 000,177,240 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Uninstall.exe [2012.04.07 12:31:56 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.12.08 13:09:45 | 015,160,720 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe [2011.07.17 13:10:04 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2011.07.28 11:57:32 | 000,353,118 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{9D746EA3-4D2C-4A2F-BB99-BF235EB46370}\_01B942A374BD1A39BADF98.exe [2011.07.28 11:57:32 | 000,353,118 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{9D746EA3-4D2C-4A2F-BB99-BF235EB46370}\_853F67D554F05449430E7E.exe [2011.07.28 11:57:32 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{9D746EA3-4D2C-4A2F-BB99-BF235EB46370}\_D55E299B89DAEF192CB6EB.exe [2011.11.18 18:59:47 | 000,088,102 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}\ARPPRODUCTICON.exe [2011.04.17 08:21:56 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{DB451A33-A351-4936-83E2-08B424445766}\ARPPRODUCTICON.exe [2011.04.11 16:57:24 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2011.03.27 18:27:32 | 000,188,152 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\y418s5aa.default\FlashGot.exe [2011.10.18 21:47:26 | 003,123,272 | R--- | M] () -- C:\Users\***\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe < %SYSTEMDRIVE%\*.exe > [2008.04.11 08:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [2 C:\*.tmp files -> C:\*.tmp -> ] < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Program Files (x86)\Realtek\Audio\Drivers\HDADrv\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Program Files (x86)\Realtek\Audio\Drivers\HDADrv\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Program Files (x86)\Realtek\Audio\Drivers\HDADrv\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Program Files (x86)\Realtek\Audio\Drivers\HDADrv\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Program Files (x86)\Realtek\Audio\Drivers\HDADrv\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Program Files (x86)\Realtek\Audio\Drivers\HDADrv\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:364682BC < End of report > |
|
10.06.2012, 15:54
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierung mit locked-TrojanerZitat:
Wenn ja: in Zukunft Finger weg, diese illegalen Portale verbreiten Malware und wenn du in Zukunft malwarefrei sein wilst, musst du auf legale Alternativen ausweichen und auf solche riskanten Streamingseiten verzichten! Gerade solche Streamingseiten sind für die aktuelle Welle der Erpresserschädlinge verantwortlich, die Windows blockieren und 50 oder 100 EUR erpressen wollen!! Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
O2 - BHO: (no name) - {D6E0063B-7B09-45C9-A51D-1FB51840EBE0} - No CLSID value found.O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.06.28 19:48:59 | 000,000,000 | R--D | M] - Z:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2005.11.01 06:09:50 | 000,729,088 | R--- | M] (Electronic Arts Inc.) - Z:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2005.11.01 06:43:36 | 000,000,160 | R--- | M] () - Z:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2005.10.14 11:02:16 | 000,585,728 | R--- | M] (Electronic Arts Inc.) - Z:\AutoRunGUI.dll -- [ UDF ]
O33 - MountPoints2\{2388cac6-ffb7-11e0-852f-6c626d39f87a}\Shell - "" = AutoRun
O33 - MountPoints2\{2388cac6-ffb7-11e0-852f-6c626d39f87a}\Shell\AutoRun\command - "" = Z:\AutoRun.exe -- [2005.11.01 06:09:50 | 000,729,088 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\{63d9be46-6082-11e0-8228-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{63d9be46-6082-11e0-8228-806e6f6e6963}\Shell\AutoRun\command - "" = E:\DVDSetup.exe
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:364682BC
:Files
C:\Users\***\AppData\Roaming\Rprmdwdo
C:\Windows\SysWow64\kdbsdk32.dll
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann! Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen! 2.) Ordner movedfiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.06.2012, 16:53
| #11 |
| | Infizierung mit locked-Trojaner So, Datei ist hochgeladen. Beim Neustart nach dem Fix wurde die kdbsync.exe vermisst, die von OTL verschoben wurde. Scheint mit den Grafiktreibern zusammenzuhängen, war die tatsächlich infiziert? Streamingportale benutze ich keine, zumindest schon ein paar Jahre nicht mehr und auf meinem aktuellen System noch nie. Ich danke schonmal herzlich für Deine Mühe, es ist gut zu wissen, dass da draußen Menschen sind, die einem helfen, wenn man in der Scheiße sitzt  |
|
10.06.2012, 17:14
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierung mit locked-Trojaner Sry ich hatte micht mit meinem Baustein verklickt, der Fix sollte ganz normal über OTL und nicht über OTLPE laufen  Zitat:
Zudem seh ich hier weder die kompette Fehlermeldung noch das komplette Log vom Fix 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.06.2012, 19:38
| #13 |
| | Infizierung mit locked-Trojaner OTL hab ich benutzt, Schwein gehabt... Ich dachte, die Logdatei wäre in der hochgeladenen ZIP mit dabei gewesen. Code:
ATTFilter ========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D6E0063B-7B09-45C9-A51D-1FB51840EBE0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6E0063B-7B09-45C9-A51D-1FB51840EBE0}\ not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-21-2332116217-2143763194-2837301324-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2332116217-2143763194-2837301324-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableLockWorkstation deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File not found.
File move failed. Z:\AutoRun.exe scheduled to be moved on reboot.
File move failed. Z:\autorun.inf scheduled to be moved on reboot.
File move failed. Z:\AutoRunGUI.dll scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2388cac6-ffb7-11e0-852f-6c626d39f87a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2388cac6-ffb7-11e0-852f-6c626d39f87a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2388cac6-ffb7-11e0-852f-6c626d39f87a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2388cac6-ffb7-11e0-852f-6c626d39f87a}\ not found.
File move failed. Z:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63d9be46-6082-11e0-8228-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63d9be46-6082-11e0-8228-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63d9be46-6082-11e0-8228-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63d9be46-6082-11e0-8228-806e6f6e6963}\ not found.
File E:\DVDSetup.exe not found.
ADS C:\ProgramData\TEMP:364682BC deleted successfully.
========== FILES ==========
C:\Users\Stefan\AppData\Roaming\Rprmdwdo folder moved successfully.
C:\Windows\SysWow64\kdbsdk32.dll moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.46.1 log created on 06102012_173853
Files\Folders moved on Reboot...
File move failed. Z:\AutoRun.exe scheduled to be moved on reboot.
File move failed. Z:\autorun.inf scheduled to be moved on reboot.
File move failed. Z:\AutoRunGUI.dll scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
10.06.2012, 20:38
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierung mit locked-Trojaner Das mag sein, dass das Log dabei ist, ich habs aber lieber ewnn man das Log direkt im Beitrag sieht! Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.06.2012, 20:46
| #15 |
| | Infizierung mit locked-TrojanerCode:
ATTFilter
21:43:26.0142 2264 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
21:43:26.0205 2264 ============================================================
21:43:26.0205 2264 Current date / time: 2012/06/10 21:43:26.0205
21:43:26.0205 2264 SystemInfo:
21:43:26.0205 2264
21:43:26.0205 2264 OS Version: 6.1.7601 ServicePack: 1.0
21:43:26.0205 2264 Product type: Workstation
21:43:26.0205 2264 ComputerName: COMPUTER677
21:43:26.0205 2264 UserName: ***
21:43:26.0205 2264 Windows directory: C:\Windows
21:43:26.0205 2264 System windows directory: C:\Windows
21:43:26.0205 2264 Running under WOW64
21:43:26.0205 2264 Processor architecture: Intel x64
21:43:26.0205 2264 Number of processors: 4
21:43:26.0205 2264 Page size: 0x1000
21:43:26.0205 2264 Boot type: Normal boot
21:43:26.0205 2264 ============================================================
21:43:27.0422 2264 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:43:27.0422 2264 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:43:27.0422 2264 ============================================================
21:43:27.0422 2264 \Device\Harddisk0\DR0:
21:43:27.0422 2264 MBR partitions:
21:43:27.0422 2264 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:43:27.0422 2264 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
21:43:27.0422 2264 \Device\Harddisk1\DR1:
21:43:27.0422 2264 MBR partitions:
21:43:27.0422 2264 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
21:43:27.0422 2264 ============================================================
21:43:27.0422 2264 C: <-> \Device\Harddisk0\DR0\Partition1
21:43:27.0422 2264 D: <-> \Device\Harddisk1\DR1\Partition0
21:43:27.0422 2264 ============================================================
21:43:27.0422 2264 Initialize success
21:43:27.0422 2264 ============================================================
21:44:25.0795 3204 ============================================================
21:44:25.0795 3204 Scan started
21:44:25.0795 3204 Mode: Manual; SigCheck; TDLFS;
21:44:25.0795 3204 ============================================================
21:44:26.0172 3204 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
21:44:26.0221 3204 1394ohci - ok
21:44:26.0275 3204 acedrv11 (a3769020f7e8a70fd3e824c050f33306) C:\Windows\system32\drivers\acedrv11.sys
21:44:26.0305 3204 acedrv11 - ok
21:44:26.0327 3204 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:44:26.0344 3204 ACPI - ok
21:44:26.0369 3204 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:44:26.0378 3204 AcpiPmi - ok
21:44:26.0440 3204 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:44:26.0451 3204 AdobeARMservice - ok
21:44:26.0566 3204 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:44:26.0579 3204 AdobeFlashPlayerUpdateSvc - ok
21:44:26.0649 3204 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:44:26.0668 3204 adp94xx - ok
21:44:26.0687 3204 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:44:26.0698 3204 adpahci - ok
21:44:26.0708 3204 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:44:26.0716 3204 adpu320 - ok
21:44:26.0734 3204 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:44:26.0757 3204 AeLookupSvc - ok
21:44:26.0805 3204 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:44:26.0826 3204 AFD - ok
21:44:26.0832 3204 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:44:26.0838 3204 agp440 - ok
21:44:26.0846 3204 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:44:26.0859 3204 ALG - ok
21:44:26.0862 3204 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:44:26.0868 3204 aliide - ok
21:44:26.0905 3204 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
21:44:26.0916 3204 AMD External Events Utility - ok
21:44:26.0919 3204 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:44:26.0925 3204 amdide - ok
21:44:26.0930 3204 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:44:26.0937 3204 AmdK8 - ok
21:44:27.0242 3204 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
21:44:27.0430 3204 amdkmdag - ok
21:44:27.0676 3204 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
21:44:27.0697 3204 amdkmdap - ok
21:44:27.0704 3204 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:44:27.0711 3204 AmdPPM - ok
21:44:27.0734 3204 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:44:27.0747 3204 amdsata - ok
21:44:27.0776 3204 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:44:27.0793 3204 amdsbs - ok
21:44:27.0819 3204 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:44:27.0831 3204 amdxata - ok
21:44:27.0892 3204 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
21:44:27.0914 3204 AppHostSvc - ok
21:44:27.0959 3204 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:44:28.0001 3204 AppID - ok
21:44:28.0031 3204 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:44:28.0069 3204 AppIDSvc - ok
21:44:28.0073 3204 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:44:28.0093 3204 Appinfo - ok
21:44:28.0138 3204 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:44:28.0148 3204 Apple Mobile Device - ok
21:44:28.0186 3204 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
21:44:28.0212 3204 AppMgmt - ok
21:44:28.0219 3204 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:44:28.0226 3204 arc - ok
21:44:28.0232 3204 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:44:28.0240 3204 arcsas - ok
21:44:28.0341 3204 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:44:28.0352 3204 aspnet_state - ok
21:44:28.0364 3204 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:44:28.0398 3204 AsyncMac - ok
21:44:28.0427 3204 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:44:28.0432 3204 atapi - ok
21:44:28.0479 3204 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
21:44:28.0487 3204 AtiHDAudioService - ok
21:44:28.0548 3204 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:44:28.0600 3204 AudioEndpointBuilder - ok
21:44:28.0605 3204 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:44:28.0629 3204 AudioSrv - ok
21:44:28.0645 3204 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:44:28.0693 3204 AxInstSV - ok
21:44:28.0731 3204 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:44:28.0752 3204 b06bdrv - ok
21:44:28.0825 3204 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:44:28.0843 3204 b57nd60a - ok
21:44:28.0889 3204 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:44:28.0910 3204 BDESVC - ok
21:44:28.0921 3204 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:44:28.0963 3204 Beep - ok
21:44:29.0015 3204 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:44:29.0057 3204 BFE - ok
21:44:29.0090 3204 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:44:29.0117 3204 BITS - ok
21:44:29.0141 3204 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:44:29.0154 3204 blbdrive - ok
21:44:29.0321 3204 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:44:29.0338 3204 Bonjour Service - ok
21:44:29.0362 3204 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:44:29.0370 3204 bowser - ok
21:44:29.0377 3204 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:44:29.0386 3204 BrFiltLo - ok
21:44:29.0388 3204 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:44:29.0398 3204 BrFiltUp - ok
21:44:29.0419 3204 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:44:29.0443 3204 Browser - ok
21:44:29.0460 3204 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:44:29.0481 3204 Brserid - ok
21:44:29.0485 3204 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:44:29.0493 3204 BrSerWdm - ok
21:44:29.0495 3204 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:44:29.0503 3204 BrUsbMdm - ok
21:44:29.0505 3204 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:44:29.0511 3204 BrUsbSer - ok
21:44:29.0516 3204 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:44:29.0524 3204 BTHMODEM - ok
21:44:29.0580 3204 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:44:29.0611 3204 bthserv - ok
21:44:29.0638 3204 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:44:29.0659 3204 cdfs - ok
21:44:29.0709 3204 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:44:29.0722 3204 cdrom - ok
21:44:29.0730 3204 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:44:29.0756 3204 CertPropSvc - ok
21:44:29.0760 3204 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:44:29.0769 3204 circlass - ok
21:44:29.0784 3204 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:44:29.0794 3204 CLFS - ok
21:44:29.0824 3204 CLHNServiceForPowerDVD (db26c2ba2ac0ab6be1cfa59f61ce22da) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
21:44:29.0829 3204 CLHNServiceForPowerDVD - ok
21:44:29.0915 3204 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:44:29.0925 3204 clr_optimization_v2.0.50727_32 - ok
21:44:29.0967 3204 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:44:29.0979 3204 clr_optimization_v2.0.50727_64 - ok
21:44:30.0048 3204 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:44:30.0061 3204 clr_optimization_v4.0.30319_32 - ok
21:44:30.0097 3204 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:44:30.0109 3204 clr_optimization_v4.0.30319_64 - ok
21:44:30.0130 3204 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:44:30.0143 3204 CmBatt - ok
21:44:30.0166 3204 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:44:30.0178 3204 cmdide - ok
21:44:30.0229 3204 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:44:30.0255 3204 CNG - ok
21:44:30.0258 3204 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:44:30.0264 3204 Compbatt - ok
21:44:30.0277 3204 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:44:30.0285 3204 CompositeBus - ok
21:44:30.0287 3204 COMSysApp - ok
21:44:30.0317 3204 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
21:44:30.0326 3204 cpuz135 - ok
21:44:30.0330 3204 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:44:30.0342 3204 crcdisk - ok
21:44:30.0373 3204 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:44:30.0409 3204 CryptSvc - ok
21:44:30.0428 3204 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:44:30.0439 3204 CSC - ok
21:44:30.0481 3204 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
21:44:30.0494 3204 CscService - ok
21:44:30.0552 3204 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
21:44:30.0561 3204 CVirtA - ok
21:44:30.0603 3204 CyberLink PowerDVD 11.0 Monitor Service (e27d60e5a51eedf9a57f5b69a9a6457d) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
21:44:30.0612 3204 CyberLink PowerDVD 11.0 Monitor Service - ok
21:44:30.0632 3204 CyberLink PowerDVD 11.0 Service (857943a77b06ac056771a3b12cd318dd) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
21:44:30.0644 3204 CyberLink PowerDVD 11.0 Service - ok
21:44:30.0742 3204 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe
21:44:30.0751 3204 DAUpdaterSvc - ok
21:44:30.0791 3204 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:44:30.0831 3204 DcomLaunch - ok
21:44:30.0850 3204 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:44:30.0873 3204 defragsvc - ok
21:44:30.0914 3204 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:44:30.0948 3204 DfsC - ok
21:44:30.0976 3204 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:44:30.0999 3204 Dhcp - ok
21:44:31.0020 3204 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:44:31.0040 3204 discache - ok
21:44:31.0051 3204 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:44:31.0058 3204 Disk - ok
21:44:31.0098 3204 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
21:44:31.0111 3204 DNE - ok
21:44:31.0162 3204 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:44:31.0185 3204 Dnscache - ok
21:44:31.0203 3204 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:44:31.0236 3204 dot3svc - ok
21:44:31.0246 3204 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:44:31.0267 3204 DPS - ok
21:44:31.0306 3204 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:44:31.0321 3204 drmkaud - ok
21:44:31.0386 3204 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:44:31.0399 3204 dtsoftbus01 - ok
21:44:31.0445 3204 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:44:31.0467 3204 DXGKrnl - ok
21:44:31.0476 3204 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:44:31.0507 3204 EapHost - ok
21:44:31.0617 3204 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:44:31.0703 3204 ebdrv - ok
21:44:31.0782 3204 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:44:31.0799 3204 EFS - ok
21:44:31.0855 3204 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:44:31.0895 3204 ehRecvr - ok
21:44:31.0909 3204 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:44:31.0925 3204 ehSched - ok
21:44:31.0977 3204 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:44:31.0997 3204 elxstor - ok
21:44:32.0021 3204 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:44:32.0030 3204 ErrDev - ok
21:44:32.0084 3204 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:44:32.0122 3204 EventSystem - ok
21:44:32.0145 3204 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:44:32.0167 3204 exfat - ok
21:44:32.0205 3204 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:44:32.0241 3204 fastfat - ok
21:44:32.0284 3204 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:44:32.0315 3204 Fax - ok
21:44:32.0318 3204 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:44:32.0325 3204 fdc - ok
21:44:32.0342 3204 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:44:32.0364 3204 fdPHost - ok
21:44:32.0367 3204 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:44:32.0390 3204 FDResPub - ok
21:44:32.0406 3204 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:44:32.0412 3204 FileInfo - ok
21:44:32.0415 3204 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:44:32.0435 3204 Filetrace - ok
21:44:32.0438 3204 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:44:32.0444 3204 flpydisk - ok
21:44:32.0457 3204 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:44:32.0465 3204 FltMgr - ok
21:44:32.0550 3204 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:44:32.0601 3204 FontCache - ok
21:44:32.0730 3204 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:44:32.0740 3204 FontCache3.0.0.0 - ok
21:44:32.0770 3204 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:44:32.0782 3204 FsDepends - ok
21:44:32.0818 3204 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:44:32.0830 3204 Fs_Rec - ok
21:44:32.0844 3204 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:44:32.0865 3204 fvevol - ok
21:44:32.0871 3204 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:44:32.0884 3204 gagp30kx - ok
21:44:32.0917 3204 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:44:32.0926 3204 GEARAspiWDM - ok
21:44:32.0956 3204 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:44:32.0995 3204 gpsvc - ok
21:44:33.0041 3204 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:44:33.0051 3204 gupdate - ok
21:44:33.0064 3204 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:44:33.0074 3204 gupdatem - ok
21:44:33.0115 3204 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:44:33.0129 3204 gusvc - ok
21:44:33.0147 3204 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:44:33.0176 3204 hcw85cir - ok
21:44:33.0227 3204 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:44:33.0249 3204 HdAudAddService - ok
21:44:33.0265 3204 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:44:33.0274 3204 HDAudBus - ok
21:44:33.0277 3204 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:44:33.0284 3204 HidBatt - ok
21:44:33.0291 3204 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:44:33.0300 3204 HidBth - ok
21:44:33.0305 3204 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:44:33.0314 3204 HidIr - ok
21:44:33.0371 3204 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:44:33.0407 3204 hidserv - ok
21:44:33.0427 3204 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:44:33.0434 3204 HidUsb - ok
21:44:33.0449 3204 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:44:33.0480 3204 hkmsvc - ok
21:44:33.0497 3204 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:44:33.0518 3204 HomeGroupListener - ok
21:44:33.0542 3204 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:44:33.0552 3204 HomeGroupProvider - ok
21:44:33.0559 3204 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:44:33.0567 3204 HpSAMD - ok
21:44:33.0603 3204 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
21:44:33.0636 3204 HTCAND64 - ok
21:44:33.0661 3204 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
21:44:33.0671 3204 htcnprot - ok
21:44:33.0711 3204 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:44:33.0744 3204 HTTP - ok
21:44:33.0763 3204 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:44:33.0768 3204 hwpolicy - ok
21:44:33.0774 3204 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:44:33.0781 3204 i8042prt - ok
21:44:33.0813 3204 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:44:33.0824 3204 iaStorV - ok
21:44:33.0923 3204 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:44:33.0947 3204 idsvc - ok
21:44:33.0951 3204 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:44:33.0957 3204 iirsp - ok
21:44:33.0994 3204 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:44:34.0022 3204 IKEEXT - ok
21:44:34.0040 3204 IntcAzAudAddService - ok
21:44:34.0044 3204 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:44:34.0049 3204 intelide - ok
21:44:34.0074 3204 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:44:34.0080 3204 intelppm - ok
21:44:34.0093 3204 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:44:34.0114 3204 IPBusEnum - ok
21:44:34.0133 3204 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:44:34.0153 3204 IpFilterDriver - ok
21:44:34.0185 3204 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:44:34.0211 3204 iphlpsvc - ok
21:44:34.0218 3204 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:44:34.0225 3204 IPMIDRV - ok
21:44:34.0240 3204 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:44:34.0260 3204 IPNAT - ok
21:44:34.0345 3204 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
21:44:34.0367 3204 iPod Service - ok
21:44:34.0370 3204 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:44:34.0381 3204 IRENUM - ok
21:44:34.0384 3204 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:44:34.0391 3204 isapnp - ok
21:44:34.0410 3204 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:44:34.0419 3204 iScsiPrt - ok
21:44:34.0471 3204 JRAID (50de7dd7edb1b512b13666588aefbf6f) C:\Windows\system32\DRIVERS\jraid.sys
21:44:34.0482 3204 JRAID - ok
21:44:34.0487 3204 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:44:34.0495 3204 kbdclass - ok
21:44:34.0514 3204 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:44:34.0523 3204 kbdhid - ok
21:44:34.0545 3204 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:44:34.0554 3204 KeyIso - ok
21:44:34.0562 3204 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:44:34.0571 3204 KSecDD - ok
21:44:34.0581 3204 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:44:34.0593 3204 KSecPkg - ok
21:44:34.0608 3204 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:44:34.0635 3204 ksthunk - ok
21:44:34.0681 3204 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:44:34.0719 3204 KtmRm - ok
21:44:34.0749 3204 L8042Kbd (df6b07438c9709336b32481feb57dd21) C:\Windows\system32\DRIVERS\L8042Kbd.sys
21:44:34.0758 3204 L8042Kbd - ok
21:44:34.0782 3204 LADF_DHP2 (86dcbf8a41c78561a1da07ab5e7b1ccc) C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys
21:44:34.0792 3204 LADF_DHP2 - ok
21:44:34.0812 3204 LADF_SBVM (175c04c7813ce64616b5cb046e5e1383) C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys
21:44:34.0829 3204 LADF_SBVM - ok
21:44:34.0853 3204 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:44:34.0878 3204 LanmanServer - ok
21:44:34.0897 3204 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:44:34.0919 3204 LanmanWorkstation - ok
21:44:35.0019 3204 LBTServ (19eff704cd16dd0429e128431f1dd631) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
21:44:35.0037 3204 LBTServ - ok
21:44:35.0061 3204 LHidFilt (1074c77a47835e03c15bf92452f9a750) C:\Windows\system32\DRIVERS\LHidFilt.Sys
21:44:35.0068 3204 LHidFilt - ok
21:44:35.0084 3204 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:44:35.0111 3204 lltdio - ok
21:44:35.0142 3204 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:44:35.0180 3204 lltdsvc - ok
21:44:35.0183 3204 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:44:35.0204 3204 lmhosts - ok
21:44:35.0209 3204 LMouFilt (96999c364c649e2866a268f7420a304a) C:\Windows\system32\DRIVERS\LMouFilt.Sys
21:44:35.0214 3204 LMouFilt - ok
21:44:35.0239 3204 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:44:35.0246 3204 LSI_FC - ok
21:44:35.0272 3204 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:44:35.0279 3204 LSI_SAS - ok
21:44:35.0283 3204 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:44:35.0290 3204 LSI_SAS2 - ok
21:44:35.0294 3204 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:44:35.0301 3204 LSI_SCSI - ok
21:44:35.0324 3204 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:44:35.0345 3204 luafv - ok
21:44:35.0353 3204 LUsbFilt (11ddb1d900078fbe3691df7b878aec28) C:\Windows\system32\Drivers\LUsbFilt.Sys
21:44:35.0358 3204 LUsbFilt - ok
21:44:35.0423 3204 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
21:44:35.0435 3204 MBAMProtector - ok
21:44:35.0497 3204 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:44:35.0514 3204 MBAMService - ok
21:44:35.0517 3204 MBfilt - ok
21:44:35.0547 3204 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:44:35.0560 3204 Mcx2Svc - ok
21:44:35.0564 3204 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:44:35.0573 3204 megasas - ok
21:44:35.0589 3204 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:44:35.0603 3204 MegaSR - ok
21:44:35.0654 3204 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
21:44:35.0663 3204 MEIx64 - ok
21:44:35.0674 3204 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:44:35.0700 3204 MMCSS - ok
21:44:35.0719 3204 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:44:35.0739 3204 Modem - ok
21:44:35.0766 3204 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:44:35.0776 3204 monitor - ok
21:44:35.0810 3204 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:44:35.0822 3204 mouclass - ok
21:44:35.0835 3204 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:44:35.0847 3204 mouhid - ok
21:44:35.0874 3204 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:44:35.0887 3204 mountmgr - ok
21:44:35.0939 3204 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:44:35.0952 3204 MozillaMaintenance - ok
21:44:36.0011 3204 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
21:44:36.0028 3204 MpFilter - ok
21:44:36.0056 3204 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:44:36.0072 3204 mpio - ok
21:44:36.0113 3204 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:44:36.0156 3204 mpsdrv - ok
21:44:36.0208 3204 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:44:36.0257 3204 MpsSvc - ok
21:44:36.0277 3204 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:44:36.0287 3204 MRxDAV - ok
21:44:36.0312 3204 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:44:36.0320 3204 mrxsmb - ok
21:44:36.0342 3204 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:44:36.0351 3204 mrxsmb10 - ok
21:44:36.0356 3204 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:44:36.0363 3204 mrxsmb20 - ok
21:44:36.0366 3204 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\DRIVERS\msahci.sys
21:44:36.0372 3204 msahci - ok
21:44:36.0381 3204 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:44:36.0389 3204 msdsm - ok
21:44:36.0416 3204 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:44:36.0424 3204 MSDTC - ok
21:44:36.0429 3204 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:44:36.0449 3204 Msfs - ok
21:44:36.0470 3204 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:44:36.0490 3204 mshidkmdf - ok
21:44:36.0497 3204 MSICDSetup - ok
21:44:36.0501 3204 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:44:36.0507 3204 msisadrv - ok
21:44:36.0547 3204 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:44:36.0585 3204 MSiSCSI - ok
21:44:36.0587 3204 msiserver - ok
21:44:36.0665 3204 MSI_MSIBIOS_010507 (192476c10371dc83243d67432b2cdcbf) C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys
21:44:36.0674 3204 MSI_MSIBIOS_010507 - ok
21:44:36.0716 3204 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:44:36.0750 3204 MSKSSRV - ok
21:44:36.0828 3204 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:44:36.0840 3204 MsMpSvc - ok
21:44:36.0844 3204 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:44:36.0882 3204 MSPCLOCK - ok
21:44:36.0885 3204 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:44:36.0904 3204 MSPQM - ok
21:44:36.0922 3204 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:44:36.0932 3204 MsRPC - ok
21:44:36.0945 3204 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:44:36.0951 3204 mssmbios - ok
21:44:36.0953 3204 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:44:36.0973 3204 MSTEE - ok
21:44:36.0975 3204 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:44:36.0981 3204 MTConfig - ok
21:44:36.0991 3204 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:44:36.0997 3204 Mup - ok
21:44:37.0007 3204 mv91cons (e53d9ab63917338d7ffe12e85310a636) C:\Windows\system32\DRIVERS\mv91cons.sys
21:44:37.0012 3204 mv91cons - ok
21:44:37.0032 3204 mv91xx (38b4c95e821528fb91df16a78e04450f) C:\Windows\system32\DRIVERS\mv91xx.sys
21:44:37.0040 3204 mv91xx - ok
21:44:37.0072 3204 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:44:37.0097 3204 napagent - ok
21:44:37.0134 3204 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:44:37.0147 3204 NativeWifiP - ok
21:44:37.0201 3204 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:44:37.0225 3204 NDIS - ok
21:44:37.0230 3204 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:44:37.0253 3204 NdisCap - ok
21:44:37.0270 3204 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:44:37.0291 3204 NdisTapi - ok
21:44:37.0368 3204 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:44:37.0400 3204 Ndisuio - ok
21:44:37.0433 3204 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:44:37.0455 3204 NdisWan - ok
21:44:37.0475 3204 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:44:37.0497 3204 NDProxy - ok
21:44:37.0501 3204 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:44:37.0521 3204 NetBIOS - ok
21:44:37.0531 3204 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:44:37.0553 3204 NetBT - ok
21:44:37.0575 3204 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:44:37.0581 3204 Netlogon - ok
21:44:37.0610 3204 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:44:37.0634 3204 Netman - ok
21:44:37.0947 3204 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:44:37.0958 3204 NetMsmqActivator - ok
21:44:37.0962 3204 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:44:37.0972 3204 NetPipeActivator - ok
21:44:37.0995 3204 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:44:38.0031 3204 netprofm - ok
21:44:38.0033 3204 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:44:38.0038 3204 NetTcpActivator - ok
21:44:38.0040 3204 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:44:38.0045 3204 NetTcpPortSharing - ok
21:44:38.0062 3204 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:44:38.0068 3204 nfrd960 - ok
21:44:38.0111 3204 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:44:38.0123 3204 NisDrv - ok
21:44:38.0187 3204 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
21:44:38.0205 3204 NisSrv - ok
21:44:38.0223 3204 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:44:38.0265 3204 NlaSvc - ok
21:44:38.0290 3204 nm3 (f554c5fd7bd1efa4da5cfe2eed86391f) C:\Windows\system32\DRIVERS\nm3.sys
21:44:38.0296 3204 nm3 - ok
21:44:38.0325 3204 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:44:38.0346 3204 Npfs - ok
21:44:38.0349 3204 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:44:38.0370 3204 nsi - ok
21:44:38.0373 3204 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:44:38.0393 3204 nsiproxy - ok
21:44:38.0476 3204 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:44:38.0524 3204 Ntfs - ok
21:44:38.0544 3204 NTIOLib_1_0_3 - ok
21:44:38.0603 3204 NTIOLib_1_0_4 (1b32c54b95121ab1683c7b83b2db4b96) C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys
21:44:38.0613 3204 NTIOLib_1_0_4 - ok
21:44:38.0665 3204 NTIOLib_1_0_6 (c02f70960fa934b8defa16a03d7f6556) C:\Program Files (x86)\Setup Files\Ms7681v1G0\NTIOLib_X64.sys
21:44:38.0672 3204 NTIOLib_1_0_6 ( UnsignedFile.Multi.Generic ) - warning
21:44:38.0672 3204 NTIOLib_1_0_6 - detected UnsignedFile.Multi.Generic (1)
21:44:38.0723 3204 ntk_PowerDVD (7420b2e1f65642129b6e23bd42f752aa) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys
21:44:38.0733 3204 ntk_PowerDVD - ok
21:44:38.0807 3204 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:44:38.0841 3204 Null - ok
21:44:38.0866 3204 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
21:44:38.0873 3204 nusb3hub - ok
21:44:38.0897 3204 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:44:38.0905 3204 nusb3xhc - ok
21:44:38.0940 3204 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:44:38.0948 3204 nvraid - ok
21:44:38.0980 3204 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:44:38.0995 3204 nvstor - ok
21:44:39.0053 3204 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:44:39.0067 3204 nv_agp - ok
21:44:39.0082 3204 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:44:39.0096 3204 ohci1394 - ok
21:44:39.0270 3204 OODefragAgent (edd196bf2ee1f18af1bedcf68d12025f) C:\Program Files\OO Software\Defrag\oodag.exe
21:44:39.0310 3204 OODefragAgent - ok
21:44:39.0414 3204 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:44:39.0425 3204 ose - ok
21:44:39.0555 3204 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:44:39.0607 3204 osppsvc - ok
21:44:39.0679 3204 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:44:39.0708 3204 p2pimsvc - ok
21:44:39.0732 3204 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:44:39.0752 3204 p2psvc - ok
21:44:39.0766 3204 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:44:39.0774 3204 Parport - ok
21:44:39.0809 3204 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:44:39.0816 3204 partmgr - ok
21:44:39.0871 3204 PassThru Service (a1e779a0cf7a21b42e8fd3e8856d8481) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
21:44:39.0875 3204 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
21:44:39.0875 3204 PassThru Service - detected UnsignedFile.Multi.Generic (1)
21:44:39.0888 3204 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:44:39.0910 3204 PcaSvc - ok
21:44:39.0942 3204 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:44:39.0957 3204 pci - ok
21:44:39.0961 3204 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:44:39.0972 3204 pciide - ok
21:44:39.0986 3204 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:44:39.0995 3204 pcmcia - ok
21:44:39.0998 3204 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:44:40.0004 3204 pcw - ok
21:44:40.0021 3204 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:44:40.0046 3204 PEAUTH - ok
21:44:40.0132 3204 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
21:44:40.0187 3204 PeerDistSvc - ok
21:44:40.0238 3204 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:44:40.0252 3204 PerfHost - ok
21:44:40.0350 3204 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:44:40.0433 3204 pla - ok
21:44:40.0462 3204 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:44:40.0484 3204 PlugPlay - ok
21:44:40.0496 3204 PnkBstrA - ok
21:44:40.0503 3204 PnkBstrB - ok
21:44:40.0507 3204 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:44:40.0514 3204 PNRPAutoReg - ok
21:44:40.0535 3204 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:44:40.0544 3204 PNRPsvc - ok
21:44:40.0568 3204 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:44:40.0596 3204 PolicyAgent - ok
21:44:40.0609 3204 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:44:40.0632 3204 Power - ok
21:44:40.0663 3204 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:44:40.0698 3204 PptpMiniport - ok
21:44:40.0722 3204 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:44:40.0728 3204 Processor - ok
21:44:40.0740 3204 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:44:40.0761 3204 ProfSvc - ok
21:44:40.0796 3204 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:44:40.0802 3204 ProtectedStorage - ok
21:44:40.0845 3204 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:44:40.0879 3204 Psched - ok
21:44:40.0969 3204 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:44:41.0027 3204 ql2300 - ok
21:44:41.0077 3204 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:44:41.0084 3204 ql40xx - ok
21:44:41.0109 3204 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:44:41.0121 3204 QWAVE - ok
21:44:41.0125 3204 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:44:41.0135 3204 QWAVEdrv - ok
21:44:41.0176 3204 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
21:44:41.0191 3204 RapiMgr - ok
21:44:41.0209 3204 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:44:41.0242 3204 RasAcd - ok
21:44:41.0265 3204 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:44:41.0287 3204 RasAgileVpn - ok
21:44:41.0295 3204 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:44:41.0319 3204 RasAuto - ok
21:44:41.0327 3204 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:44:41.0347 3204 Rasl2tp - ok
21:44:41.0368 3204 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:44:41.0391 3204 RasMan - ok
21:44:41.0397 3204 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:44:41.0418 3204 RasPppoe - ok
21:44:41.0428 3204 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:44:41.0449 3204 RasSstp - ok
21:44:41.0473 3204 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:44:41.0494 3204 rdbss - ok
21:44:41.0497 3204 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:44:41.0505 3204 rdpbus - ok
21:44:41.0517 3204 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:44:41.0536 3204 RDPCDD - ok
21:44:41.0567 3204 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
21:44:41.0596 3204 RDPDR - ok
21:44:41.0599 3204 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:44:41.0631 3204 RDPENCDD - ok
21:44:41.0634 3204 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:44:41.0654 3204 RDPREFMP - ok
21:44:41.0688 3204 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
21:44:41.0710 3204 RdpVideoMiniport - ok
21:44:41.0750 3204 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
21:44:41.0766 3204 RDPWD - ok
21:44:41.0790 3204 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:44:41.0801 3204 rdyboost - ok
21:44:41.0819 3204 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:44:41.0847 3204 RemoteAccess - ok
21:44:41.0857 3204 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:44:41.0886 3204 RemoteRegistry - ok
21:44:41.0892 3204 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:44:41.0913 3204 RpcEptMapper - ok
21:44:41.0921 3204 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:44:41.0928 3204 RpcLocator - ok
21:44:41.0950 3204 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:44:41.0973 3204 RpcSs - ok
21:44:41.0979 3204 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:44:41.0999 3204 rspndr - ok
21:44:42.0025 3204 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:44:42.0035 3204 RTL8167 - ok
21:44:42.0061 3204 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
21:44:42.0091 3204 s3cap - ok
21:44:42.0120 3204 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:44:42.0133 3204 SamSs - ok
21:44:42.0158 3204 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:44:42.0169 3204 sbp2port - ok
21:44:42.0181 3204 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:44:42.0209 3204 SCardSvr - ok
21:44:42.0230 3204 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:44:42.0252 3204 scfilter - ok
21:44:42.0296 3204 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:44:42.0354 3204 Schedule - ok
21:44:42.0372 3204 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:44:42.0392 3204 SCPolicySvc - ok
21:44:42.0408 3204 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:44:42.0416 3204 SDRSVC - ok
21:44:42.0455 3204 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:44:42.0475 3204 secdrv - ok
21:44:42.0479 3204 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:44:42.0499 3204 seclogon - ok
21:44:42.0514 3204 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:44:42.0535 3204 SENS - ok
21:44:42.0538 3204 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:44:42.0556 3204 SensrSvc - ok
21:44:42.0566 3204 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:44:42.0573 3204 Serenum - ok
21:44:42.0603 3204 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:44:42.0610 3204 Serial - ok
21:44:42.0613 3204 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:44:42.0620 3204 sermouse - ok
21:44:42.0687 3204 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:44:42.0731 3204 SessionEnv - ok
21:44:42.0780 3204 SetupARService (18a4eb256e35a6dd233c4d005835879a) C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe
21:44:42.0784 3204 SetupARService ( UnsignedFile.Multi.Generic ) - warning
21:44:42.0784 3204 SetupARService - detected UnsignedFile.Multi.Generic (1)
21:44:42.0788 3204 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:44:42.0802 3204 sffdisk - ok
21:44:42.0806 3204 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:44:42.0816 3204 sffp_mmc - ok
21:44:42.0819 3204 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:44:42.0828 3204 sffp_sd - ok
21:44:42.0831 3204 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:44:42.0837 3204 sfloppy - ok
21:44:42.0854 3204 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:44:42.0879 3204 SharedAccess - ok
21:44:42.0902 3204 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:44:42.0949 3204 ShellHWDetection - ok
21:44:42.0953 3204 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:44:42.0959 3204 SiSRaid2 - ok
21:44:42.0963 3204 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:44:42.0970 3204 SiSRaid4 - ok
21:44:43.0027 3204 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:44:43.0038 3204 SkypeUpdate - ok
21:44:43.0058 3204 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:44:43.0094 3204 Smb - ok
21:44:43.0117 3204 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:44:43.0125 3204 SNMPTRAP - ok
21:44:43.0137 3204 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:44:43.0144 3204 spldr - ok
21:44:43.0172 3204 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:44:43.0202 3204 Spooler - ok
21:44:43.0337 3204 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:44:43.0415 3204 sppsvc - ok
21:44:43.0480 3204 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:44:43.0515 3204 sppuinotify - ok
21:44:43.0548 3204 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:44:43.0558 3204 srv - ok
21:44:43.0588 3204 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:44:43.0603 3204 srv2 - ok
21:44:43.0636 3204 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:44:43.0650 3204 srvnet - ok
21:44:43.0680 3204 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:44:43.0724 3204 SSDPSRV - ok
21:44:43.0736 3204 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:44:43.0757 3204 SstpSvc - ok
21:44:43.0781 3204 Steam Client Service - ok
21:44:43.0785 3204 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:44:43.0790 3204 stexstor - ok
21:44:43.0816 3204 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:44:43.0832 3204 stisvc - ok
21:44:43.0852 3204 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
21:44:43.0858 3204 storflt - ok
21:44:43.0862 3204 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
21:44:43.0868 3204 storvsc - ok
21:44:43.0876 3204 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:44:43.0881 3204 swenum - ok
21:44:43.0923 3204 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:44:43.0949 3204 swprv - ok
21:44:43.0958 3204 Synth3dVsc - ok
21:44:44.0068 3204 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:44:44.0124 3204 SysMain - ok
21:44:44.0149 3204 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:44:44.0163 3204 TabletInputService - ok
21:44:44.0180 3204 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:44:44.0210 3204 TapiSrv - ok
21:44:44.0216 3204 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:44:44.0240 3204 TBS - ok
21:44:44.0309 3204 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:44:44.0383 3204 Tcpip - ok
21:44:44.0497 3204 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:44:44.0523 3204 TCPIP6 - ok
21:44:44.0582 3204 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:44:44.0616 3204 tcpipreg - ok
21:44:44.0640 3204 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:44:44.0646 3204 TDPIPE - ok
21:44:44.0685 3204 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:44:44.0698 3204 TDTCP - ok
21:44:44.0727 3204 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:44:44.0763 3204 tdx - ok
21:44:44.0772 3204 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:44:44.0778 3204 TermDD - ok
21:44:44.0808 3204 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:44:44.0835 3204 TermService - ok
21:44:44.0839 3204 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:44:44.0848 3204 Themes - ok
21:44:44.0880 3204 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:44:44.0901 3204 THREADORDER - ok
21:44:44.0908 3204 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:44:44.0929 3204 TrkWks - ok
21:44:44.0960 3204 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:44:44.0980 3204 TrustedInstaller - ok
21:44:44.0986 3204 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:44:45.0005 3204 tssecsrv - ok
21:44:45.0030 3204 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:44:45.0057 3204 TsUsbFlt - ok
21:44:45.0060 3204 tsusbhub - ok
21:44:45.0089 3204 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:44:45.0127 3204 tunnel - ok
21:44:45.0203 3204 TwonkyProxy - ok
21:44:45.0239 3204 TwonkyServer - ok
21:44:45.0244 3204 TwonkyWebDav - ok
21:44:45.0288 3204 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:44:45.0301 3204 uagp35 - ok
21:44:45.0323 3204 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:44:45.0357 3204 udfs - ok
21:44:45.0442 3204 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:44:45.0459 3204 UI0Detect - ok
21:44:45.0485 3204 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:44:45.0498 3204 uliagpkx - ok
21:44:45.0529 3204 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:44:45.0543 3204 umbus - ok
21:44:45.0569 3204 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:44:45.0581 3204 UmPass - ok
21:44:45.0633 3204 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
21:44:45.0649 3204 UmRdpService - ok
21:44:45.0718 3204 UnlockerDriver5 (9dc07e73a4abb9acf692113b36a5009f) C:\Program Files\Unlocker\UnlockerDriver5.sys
21:44:45.0727 3204 UnlockerDriver5 - ok
21:44:45.0747 3204 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:44:45.0796 3204 upnphost - ok
21:44:45.0827 3204 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:44:45.0832 3204 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
21:44:45.0832 3204 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
21:44:45.0844 3204 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:44:45.0861 3204 usbaudio - ok
21:44:45.0899 3204 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:44:45.0921 3204 usbccgp - ok
21:44:45.0930 3204 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:44:45.0945 3204 usbcir - ok
21:44:45.0976 3204 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:44:45.0989 3204 usbehci - ok
21:44:46.0009 3204 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:44:46.0024 3204 usbhub - ok
21:44:46.0069 3204 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:44:46.0082 3204 usbohci - ok
21:44:46.0129 3204 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:44:46.0146 3204 usbprint - ok
21:44:46.0159 3204 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:44:46.0178 3204 USBSTOR - ok
21:44:46.0183 3204 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:44:46.0195 3204 usbuhci - ok
21:44:46.0227 3204 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
21:44:46.0244 3204 usb_rndisx - ok
21:44:46.0268 3204 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:44:46.0306 3204 UxSms - ok
21:44:46.0324 3204 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:44:46.0330 3204 VaultSvc - ok
21:44:46.0341 3204 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:44:46.0347 3204 vdrvroot - ok
21:44:46.0377 3204 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:44:46.0403 3204 vds - ok
21:44:46.0407 3204 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:44:46.0416 3204 vga - ok
21:44:46.0462 3204 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:44:46.0497 3204 VgaSave - ok
21:44:46.0499 3204 VGPU - ok
21:44:46.0512 3204 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:44:46.0520 3204 vhdmp - ok
21:44:46.0524 3204 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:44:46.0530 3204 viaide - ok
21:44:46.0541 3204 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
21:44:46.0549 3204 vmbus - ok
21:44:46.0553 3204 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
21:44:46.0560 3204 VMBusHID - ok
21:44:46.0566 3204 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:44:46.0572 3204 volmgr - ok
21:44:46.0606 3204 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:44:46.0626 3204 volmgrx - ok
21:44:46.0642 3204 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:44:46.0653 3204 volsnap - ok
21:44:46.0690 3204 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
21:44:46.0704 3204 vpcbus - ok
21:44:46.0740 3204 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
21:44:46.0752 3204 vpcnfltr - ok
21:44:46.0762 3204 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
21:44:46.0775 3204 vpcusb - ok
21:44:46.0779 3204 vpcuxd (63f4e10873beb4124028c6d1a66b0968) C:\Windows\system32\DRIVERS\vpcuxd.sys
21:44:46.0787 3204 vpcuxd - ok
21:44:46.0824 3204 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
21:44:46.0834 3204 vpcvmm - ok
21:44:46.0863 3204 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:44:46.0872 3204 vsmraid - ok
21:44:46.0948 3204 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:44:47.0017 3204 VSS - ok
21:44:47.0082 3204 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:44:47.0099 3204 vwifibus - ok
21:44:47.0136 3204 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:44:47.0178 3204 W32Time - ok
21:44:47.0220 3204 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
21:44:47.0231 3204 W3SVC - ok
21:44:47.0234 3204 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:44:47.0241 3204 WacomPen - ok
21:44:47.0257 3204 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:44:47.0277 3204 WANARP - ok
21:44:47.0279 3204 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:44:47.0299 3204 Wanarpv6 - ok
21:44:47.0303 3204 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
21:44:47.0311 3204 WAS - ok
21:44:47.0383 3204 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:44:47.0430 3204 WatAdminSvc - ok
21:44:47.0531 3204 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:44:47.0587 3204 wbengine - ok
21:44:47.0686 3204 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:44:47.0709 3204 WbioSrvc - ok
21:44:47.0746 3204 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
21:44:47.0765 3204 WcesComm - ok
21:44:47.0785 3204 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:44:47.0799 3204 wcncsvc - ok
21:44:47.0802 3204 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:44:47.0817 3204 WcsPlugInService - ok
21:44:47.0844 3204 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:44:47.0850 3204 Wd - ok
21:44:47.0885 3204 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:44:47.0900 3204 Wdf01000 - ok
21:44:47.0908 3204 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:44:47.0981 3204 WdiServiceHost - ok
21:44:47.0984 3204 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:44:48.0003 3204 WdiSystemHost - ok
21:44:48.0020 3204 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:44:48.0034 3204 WebClient - ok
21:44:48.0048 3204 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:44:48.0072 3204 Wecsvc - ok
21:44:48.0079 3204 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:44:48.0101 3204 wercplsupport - ok
21:44:48.0117 3204 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:44:48.0138 3204 WerSvc - ok
21:44:48.0151 3204 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:44:48.0171 3204 WfpLwf - ok
21:44:48.0194 3204 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:44:48.0200 3204 WIMMount - ok
21:44:48.0203 3204 WinDefend - ok
21:44:48.0206 3204 WinHttpAutoProxySvc - ok
21:44:48.0251 3204 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:44:48.0289 3204 Winmgmt - ok
21:44:48.0349 3204 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:44:48.0406 3204 WinRM - ok
21:44:48.0476 3204 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:44:48.0492 3204 WinUsb - ok
21:44:48.0534 3204 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:44:48.0557 3204 Wlansvc - ok
21:44:48.0648 3204 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:44:48.0681 3204 wlidsvc - ok
21:44:48.0733 3204 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
21:44:48.0742 3204 WmBEnum - ok
21:44:48.0787 3204 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
21:44:48.0795 3204 WmFilter - ok
21:44:48.0823 3204 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:44:48.0829 3204 WmiAcpi - ok
21:44:48.0855 3204 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:44:48.0863 3204 wmiApSrv - ok
21:44:48.0900 3204 WMPNetworkSvc - ok
21:44:48.0904 3204 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
21:44:48.0908 3204 WmVirHid - ok
21:44:48.0914 3204 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
21:44:48.0919 3204 WmXlCore - ok
21:44:48.0928 3204 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:44:48.0943 3204 WPCSvc - ok
21:44:48.0969 3204 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:44:48.0984 3204 WPDBusEnum - ok
21:44:49.0005 3204 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:44:49.0039 3204 ws2ifsl - ok
21:44:49.0045 3204 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
21:44:49.0055 3204 wscsvc - ok
21:44:49.0056 3204 WSearch - ok
21:44:49.0126 3204 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:44:49.0199 3204 wuauserv - ok
21:44:49.0244 3204 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:44:49.0279 3204 WudfPf - ok
21:44:49.0306 3204 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:44:49.0327 3204 WUDFRd - ok
21:44:49.0332 3204 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:44:49.0353 3204 wudfsvc - ok
21:44:49.0365 3204 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:44:49.0376 3204 WwanSvc - ok
21:44:49.0429 3204 {329F96B6-DF1E-4328-BFDA-39EA953C1312} (1870a74ee2901ca09ffbfe79a5ee0e94) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
21:44:49.0441 3204 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
21:44:49.0480 3204 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:44:49.0658 3204 \Device\Harddisk0\DR0 - ok
21:44:49.0661 3204 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
21:44:49.0714 3204 \Device\Harddisk1\DR1 - ok
21:44:49.0717 3204 Boot (0x1200) (6112cfafcb084d9fa421e9a45a3432f0) \Device\Harddisk0\DR0\Partition0
21:44:49.0718 3204 \Device\Harddisk0\DR0\Partition0 - ok
21:44:49.0745 3204 Boot (0x1200) (44ae5cabcda59a4331db0737efc80198) \Device\Harddisk0\DR0\Partition1
21:44:49.0748 3204 \Device\Harddisk0\DR0\Partition1 - ok
21:44:49.0751 3204 Boot (0x1200) (e8ab15c8c510644298abc8bd7049d262) \Device\Harddisk1\DR1\Partition0
21:44:49.0752 3204 \Device\Harddisk1\DR1\Partition0 - ok
21:44:49.0753 3204 ============================================================
21:44:49.0753 3204 Scan finished
21:44:49.0753 3204 ============================================================
21:44:49.0764 6304 Detected object count: 4
21:44:49.0764 6304 Actual detected object count: 4
21:45:01.0969 6304 NTIOLib_1_0_6 ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:01.0969 6304 NTIOLib_1_0_6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:01.0970 6304 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:01.0970 6304 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:01.0971 6304 SetupARService ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:01.0971 6304 SetupARService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:01.0972 6304 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:01.0972 6304 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:13.0908 6636 ============================================================
21:45:13.0908 6636 Scan started
21:45:13.0908 6636 Mode: Manual; SigCheck; TDLFS;
21:45:13.0908 6636 ============================================================
21:45:14.0318 6636 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
21:45:14.0342 6636 1394ohci - ok
21:45:14.0371 6636 acedrv11 (a3769020f7e8a70fd3e824c050f33306) C:\Windows\system32\drivers\acedrv11.sys
21:45:14.0381 6636 acedrv11 - ok
21:45:14.0398 6636 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:45:14.0407 6636 ACPI - ok
21:45:14.0425 6636 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:45:14.0434 6636 AcpiPmi - ok
21:45:14.0479 6636 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:45:14.0489 6636 AdobeARMservice - ok
21:45:14.0580 6636 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:45:14.0594 6636 AdobeFlashPlayerUpdateSvc - ok
21:45:14.0638 6636 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:45:14.0658 6636 adp94xx - ok
21:45:14.0676 6636 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:45:14.0691 6636 adpahci - ok
21:45:14.0702 6636 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:45:14.0713 6636 adpu320 - ok
21:45:14.0741 6636 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:45:14.0777 6636 AeLookupSvc - ok
21:45:14.0816 6636 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:45:14.0826 6636 AFD - ok
21:45:14.0831 6636 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:45:14.0837 6636 agp440 - ok
21:45:14.0852 6636 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:45:14.0860 6636 ALG - ok
21:45:14.0862 6636 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:45:14.0868 6636 aliide - ok
21:45:14.0895 6636 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
21:45:14.0906 6636 AMD External Events Utility - ok
21:45:14.0909 6636 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:45:14.0915 6636 amdide - ok
21:45:14.0920 6636 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:45:14.0926 6636 AmdK8 - ok
21:45:15.0184 6636 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
21:45:15.0266 6636 amdkmdag - ok
21:45:15.0268 6636 Scan interrupted by user!
21:45:15.0268 6636 Scan interrupted by user!
21:45:15.0268 6636 Scan interrupted by user!
21:45:15.0268 6636 ============================================================
21:45:15.0268 6636 Scan finished
21:45:15.0268 6636 ============================================================
21:45:15.0272 7056 Detected object count: 0
21:45:15.0272 7056 Actual detected object count: 0
21:45:17.0575 6716 ============================================================
21:45:17.0575 6716 Scan started
21:45:17.0575 6716 Mode: Manual; SigCheck; TDLFS;
21:45:17.0575 6716 ============================================================
21:45:17.0865 6716 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
21:45:17.0881 6716 1394ohci - ok
21:45:17.0918 6716 acedrv11 (a3769020f7e8a70fd3e824c050f33306) C:\Windows\system32\drivers\acedrv11.sys
21:45:17.0930 6716 acedrv11 - ok
21:45:17.0945 6716 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:45:17.0958 6716 ACPI - ok
21:45:17.0979 6716 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:45:17.0991 6716 AcpiPmi - ok
21:45:18.0026 6716 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:45:18.0032 6716 AdobeARMservice - ok
21:45:18.0119 6716 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:45:18.0132 6716 AdobeFlashPlayerUpdateSvc - ok
21:45:18.0177 6716 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:45:18.0195 6716 adp94xx - ok
21:45:18.0214 6716 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:45:18.0225 6716 adpahci - ok
21:45:18.0235 6716 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:45:18.0244 6716 adpu320 - ok
21:45:18.0279 6716 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:45:18.0317 6716 AeLookupSvc - ok
21:45:18.0350 6716 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:45:18.0369 6716 AFD - ok
21:45:18.0375 6716 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:45:18.0384 6716 agp440 - ok
21:45:18.0407 6716 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:45:18.0418 6716 ALG - ok
21:45:18.0421 6716 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:45:18.0429 6716 aliide - ok
21:45:18.0458 6716 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
21:45:18.0477 6716 AMD External Events Utility - ok
21:45:18.0480 6716 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:45:18.0492 6716 amdide - ok
21:45:18.0497 6716 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:45:18.0503 6716 AmdK8 - ok
21:45:18.0764 6716 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
21:45:18.0846 6716 amdkmdag - ok
21:45:18.0922 6716 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
21:45:18.0942 6716 amdkmdap - ok
21:45:18.0948 6716 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:45:18.0954 6716 AmdPPM - ok
21:45:18.0978 6716 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:45:18.0985 6716 amdsata - ok
21:45:18.0998 6716 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:45:19.0005 6716 amdsbs - ok
21:45:19.0064 6716 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:45:19.0076 6716 amdxata - ok
21:45:19.0112 6716 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
21:45:19.0122 6716 AppHostSvc - ok
21:45:19.0154 6716 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:45:19.0188 6716 AppID - ok
21:45:19.0191 6716 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:45:19.0211 6716 AppIDSvc - ok
21:45:19.0216 6716 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:45:19.0235 6716 Appinfo - ok
21:45:19.0274 6716 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:45:19.0284 6716 Apple Mobile Device - ok
21:45:19.0312 6716 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
21:45:19.0326 6716 AppMgmt - ok
21:45:19.0334 6716 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:45:19.0346 6716 arc - ok
21:45:19.0354 6716 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:45:19.0364 6716 arcsas - ok
21:45:19.0477 6716 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:45:19.0486 6716 aspnet_state - ok
21:45:19.0500 6716 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:45:19.0533 6716 AsyncMac - ok
21:45:19.0555 6716 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:45:19.0560 6716 atapi - ok
21:45:19.0582 6716 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
21:45:19.0587 6716 AtiHDAudioService - ok
21:45:19.0638 6716 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:45:19.0674 6716 AudioEndpointBuilder - ok
21:45:19.0679 6716 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:45:19.0702 6716 AudioSrv - ok
21:45:19.0721 6716 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:45:19.0731 6716 AxInstSV - ok
21:45:19.0758 6716 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:45:19.0767 6716 b06bdrv - ok
21:45:19.0785 6716 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:45:19.0792 6716 b57nd60a - ok
21:45:19.0827 6716 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:45:19.0834 6716 BDESVC - ok
21:45:19.0842 6716 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:45:19.0863 6716 Beep - ok
21:45:19.0896 6716 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:45:19.0924 6716 BFE - ok
21:45:19.0962 6716 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:45:19.0996 6716 BITS - ok
21:45:20.0021 6716 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:45:20.0027 6716 blbdrive - ok
21:45:20.0082 6716 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:45:20.0099 6716 Bonjour Service - ok
21:45:20.0115 6716 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:45:20.0122 6716 bowser - ok
21:45:20.0149 6716 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:45:20.0158 6716 BrFiltLo - ok
21:45:20.0161 6716 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:45:20.0170 6716 BrFiltUp - ok
21:45:20.0199 6716 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:45:20.0235 6716 Browser - ok
21:45:20.0250 6716 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:45:20.0258 6716 Brserid - ok
21:45:20.0262 6716 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:45:20.0270 6716 BrSerWdm - ok
21:45:20.0272 6716 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:45:20.0280 6716 BrUsbMdm - ok
21:45:20.0282 6716 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:45:20.0288 6716 BrUsbSer - ok
21:45:20.0292 6716 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:45:20.0300 6716 BTHMODEM - ok
21:45:20.0306 6716 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:45:20.0326 6716 bthserv - ok
21:45:20.0333 6716 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:45:20.0354 6716 cdfs - ok
21:45:20.0378 6716 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:45:20.0385 6716 cdrom - ok
21:45:20.0390 6716 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:45:20.0410 6716 CertPropSvc - ok
21:45:20.0413 6716 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:45:20.0421 6716 circlass - ok
21:45:20.0438 6716 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:45:20.0447 6716 CLFS - ok
21:45:20.0469 6716 CLHNServiceForPowerDVD (db26c2ba2ac0ab6be1cfa59f61ce22da) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
21:45:20.0474 6716 CLHNServiceForPowerDVD - ok
21:45:20.0553 6716 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:45:20.0563 6716 clr_optimization_v2.0.50727_32 - ok
21:45:20.0613 6716 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:45:20.0624 6716 clr_optimization_v2.0.50727_64 - ok
21:45:20.0678 6716 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:45:20.0689 6716 clr_optimization_v4.0.30319_32 - ok
21:45:20.0743 6716 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:45:20.0754 6716 clr_optimization_v4.0.30319_64 - ok
21:45:20.0787 6716 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:45:20.0799 6716 CmBatt - ok
21:45:20.0828 6716 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:45:20.0840 6716 cmdide - ok
21:45:20.0883 6716 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:45:20.0911 6716 CNG - ok
21:45:20.0916 6716 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:45:20.0924 6716 Compbatt - ok
21:45:20.0931 6716 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:45:20.0939 6716 CompositeBus - ok
21:45:20.0941 6716 COMSysApp - ok
21:45:20.0954 6716 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
21:45:20.0959 6716 cpuz135 - ok
21:45:20.0961 6716 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:45:20.0967 6716 crcdisk - ok
21:45:20.0993 6716 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:45:21.0013 6716 CryptSvc - ok
21:45:21.0053 6716 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:45:21.0072 6716 CSC - ok
21:45:21.0107 6716 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
21:45:21.0129 6716 CscService - ok
21:45:21.0156 6716 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
21:45:21.0160 6716 CVirtA - ok
21:45:21.0199 6716 CyberLink PowerDVD 11.0 Monitor Service (e27d60e5a51eedf9a57f5b69a9a6457d) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
21:45:21.0208 6716 CyberLink PowerDVD 11.0 Monitor Service - ok
21:45:21.0218 6716 CyberLink PowerDVD 11.0 Service (857943a77b06ac056771a3b12cd318dd) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
21:45:21.0231 6716 CyberLink PowerDVD 11.0 Service - ok
21:45:21.0329 6716 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe
21:45:21.0337 6716 DAUpdaterSvc - ok
21:45:21.0369 6716 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:45:21.0400 6716 DcomLaunch - ok
21:45:21.0423 6716 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:45:21.0446 6716 defragsvc - ok
21:45:21.0484 6716 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:45:21.0505 6716 DfsC - ok
21:45:21.0521 6716 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:45:21.0545 6716 Dhcp - ok
21:45:21.0560 6716 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:45:21.0580 6716 discache - ok
21:45:21.0586 6716 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:45:21.0592 6716 Disk - ok
21:45:21.0619 6716 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
21:45:21.0624 6716 DNE - ok
21:45:21.0649 6716 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:45:21.0657 6716 Dnscache - ok
21:45:21.0683 6716 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:45:21.0705 6716 dot3svc - ok
21:45:21.0716 6716 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:45:21.0737 6716 DPS - ok
21:45:21.0760 6716 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:45:21.0768 6716 drmkaud - ok
21:45:21.0814 6716 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:45:21.0821 6716 dtsoftbus01 - ok
21:45:21.0863 6716 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:45:21.0878 6716 DXGKrnl - ok
21:45:21.0886 6716 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:45:21.0907 6716 EapHost - ok
21:45:22.0011 6716 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:45:22.0047 6716 ebdrv - ok
21:45:22.0136 6716 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:45:22.0149 6716 EFS - ok
21:45:22.0208 6716 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:45:22.0231 6716 ehRecvr - ok
21:45:22.0247 6716 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:45:22.0256 6716 ehSched - ok
21:45:22.0288 6716 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:45:22.0301 6716 elxstor - ok
21:45:22.0317 6716 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:45:22.0324 6716 ErrDev - ok
21:45:22.0380 6716 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:45:22.0418 6716 EventSystem - ok
21:45:22.0429 6716 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:45:22.0458 6716 exfat - ok
21:45:22.0493 6716 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:45:22.0514 6716 fastfat - ok
21:45:22.0547 6716 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:45:22.0558 6716 Fax - ok
21:45:22.0562 6716 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:45:22.0568 6716 fdc - ok
21:45:22.0588 6716 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:45:22.0609 6716 fdPHost - ok
21:45:22.0612 6716 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:45:22.0633 6716 FDResPub - ok
21:45:22.0639 6716 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:45:22.0645 6716 FileInfo - ok
21:45:22.0648 6716 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:45:22.0667 6716 Filetrace - ok
21:45:22.0670 6716 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:45:22.0676 6716 flpydisk - ok
21:45:22.0689 6716 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:45:22.0697 6716 FltMgr - ok
21:45:22.0780 6716 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:45:22.0808 6716 FontCache - ok
21:45:22.0885 6716 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:45:22.0894 6716 FontCache3.0.0.0 - ok
21:45:22.0903 6716 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:45:22.0915 6716 FsDepends - ok
21:45:22.0956 6716 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:45:22.0968 6716 Fs_Rec - ok
21:45:22.0982 6716 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:45:22.0997 6716 fvevol - ok
21:45:23.0003 6716 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:45:23.0010 6716 gagp30kx - ok
21:45:23.0038 6716 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:45:23.0043 6716 GEARAspiWDM - ok
21:45:23.0067 6716 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:45:23.0095 6716 gpsvc - ok
21:45:23.0126 6716 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:45:23.0131 6716 gupdate - ok
21:45:23.0133 6716 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:45:23.0138 6716 gupdatem - ok
21:45:23.0161 6716 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:45:23.0167 6716 gusvc - ok
21:45:23.0185 6716 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:45:23.0191 6716 hcw85cir - ok
21:45:23.0230 6716 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:45:23.0249 6716 HdAudAddService - ok
21:45:23.0262 6716 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:45:23.0280 6716 HDAudBus - ok
21:45:23.0284 6716 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:45:23.0294 6716 HidBatt - ok
21:45:23.0301 6716 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:45:23.0309 6716 HidBth - ok
21:45:23.0313 6716 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:45:23.0321 6716 HidIr - ok
21:45:23.0335 6716 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:45:23.0355 6716 hidserv - ok
21:45:23.0365 6716 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:45:23.0372 6716 HidUsb - ok
21:45:23.0389 6716 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:45:23.0409 6716 hkmsvc - ok
21:45:23.0421 6716 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:45:23.0429 6716 HomeGroupListener - ok
21:45:23.0439 6716 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:45:23.0447 6716 HomeGroupProvider - ok
21:45:23.0454 6716 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:45:23.0460 6716 HpSAMD - ok
21:45:23.0491 6716 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
21:45:23.0498 6716 HTCAND64 - ok
21:45:23.0516 6716 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
21:45:23.0521 6716 htcnprot - ok
21:45:23.0556 6716 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:45:23.0584 6716 HTTP - ok
21:45:23.0601 6716 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:45:23.0607 6716 hwpolicy - ok
21:45:23.0613 6716 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:45:23.0620 6716 i8042prt - ok
21:45:23.0648 6716 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:45:23.0658 6716 iaStorV - ok
21:45:23.0795 6716 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:45:23.0816 6716 idsvc - ok
21:45:23.0821 6716 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:45:23.0830 6716 iirsp - ok
21:45:23.0871 6716 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:45:23.0907 6716 IKEEXT - ok
21:45:23.0910 6716 IntcAzAudAddService - ok
21:45:23.0913 6716 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:45:23.0919 6716 intelide - ok
21:45:23.0928 6716 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:45:23.0935 6716 intelppm - ok
21:45:23.0941 6716 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:45:23.0961 6716 IPBusEnum - ok
21:45:23.0979 6716 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:45:23.0998 6716 IpFilterDriver - ok
21:45:24.0023 6716 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:45:24.0049 6716 iphlpsvc - ok
21:45:24.0055 6716 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:45:24.0062 6716 IPMIDRV - ok
21:45:24.0071 6716 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:45:24.0094 6716 IPNAT - ok
21:45:24.0165 6716 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
21:45:24.0185 6716 iPod Service - ok
21:45:24.0189 6716 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:45:24.0198 6716 IRENUM - ok
21:45:24.0201 6716 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:45:24.0206 6716 isapnp - ok
21:45:24.0223 6716 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:45:24.0230 6716 iScsiPrt - ok
21:45:24.0259 6716 JRAID (50de7dd7edb1b512b13666588aefbf6f) C:\Windows\system32\DRIVERS\jraid.sys
21:45:24.0264 6716 JRAID - ok
21:45:24.0269 6716 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:45:24.0274 6716 kbdclass - ok
21:45:24.0286 6716 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:45:24.0292 6716 kbdhid - ok
21:45:24.0316 6716 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:45:24.0323 6716 KeyIso - ok
21:45:24.0334 6716 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:45:24.0340 6716 KSecDD - ok
21:45:24.0350 6716 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:45:24.0357 6716 KSecPkg - ok
21:45:24.0362 6716 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:45:24.0382 6716 ksthunk - ok
21:45:24.0411 6716 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:45:24.0434 6716 KtmRm - ok
21:45:24.0454 6716 L8042Kbd (df6b07438c9709336b32481feb57dd21) C:\Windows\system32\DRIVERS\L8042Kbd.sys
21:45:24.0459 6716 L8042Kbd - ok
21:45:24.0487 6716 LADF_DHP2 (86dcbf8a41c78561a1da07ab5e7b1ccc) C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys
21:45:24.0491 6716 LADF_DHP2 - ok
21:45:24.0502 6716 LADF_SBVM (175c04c7813ce64616b5cb046e5e1383) C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys
21:45:24.0509 6716 LADF_SBVM - ok
21:45:24.0541 6716 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:45:24.0564 6716 LanmanServer - ok
21:45:24.0576 6716 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:45:24.0598 6716 LanmanWorkstation - ok
21:45:24.0656 6716 LBTServ (19eff704cd16dd0429e128431f1dd631) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
21:45:24.0665 6716 LBTServ - ok
21:45:24.0691 6716 LHidFilt (1074c77a47835e03c15bf92452f9a750) C:\Windows\system32\DRIVERS\LHidFilt.Sys
21:45:24.0697 6716 LHidFilt - ok
21:45:24.0707 6716 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:45:24.0732 6716 lltdio - ok
21:45:24.0763 6716 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:45:24.0786 6716 lltdsvc - ok
21:45:24.0789 6716 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:45:24.0810 6716 lmhosts - ok
21:45:24.0814 6716 LMouFilt (96999c364c649e2866a268f7420a304a) C:\Windows\system32\DRIVERS\LMouFilt.Sys
21:45:24.0819 6716 LMouFilt - ok
21:45:24.0829 6716 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:45:24.0835 6716 LSI_FC - ok
21:45:24.0844 6716 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:45:24.0851 6716 LSI_SAS - ok
21:45:24.0855 6716 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:45:24.0862 6716 LSI_SAS2 - ok
21:45:24.0868 6716 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:45:24.0875 6716 LSI_SCSI - ok
21:45:24.0882 6716 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:45:24.0903 6716 luafv - ok
21:45:24.0907 6716 LUsbFilt (11ddb1d900078fbe3691df7b878aec28) C:\Windows\system32\Drivers\LUsbFilt.Sys
21:45:24.0912 6716 LUsbFilt - ok
21:45:24.0945 6716 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
21:45:24.0950 6716 MBAMProtector - ok
21:45:25.0000 6716 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:45:25.0012 6716 MBAMService - ok
21:45:25.0014 6716 MBfilt - ok
21:45:25.0044 6716 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:45:25.0052 6716 Mcx2Svc - ok
21:45:25.0055 6716 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:45:25.0061 6716 megasas - ok
21:45:25.0076 6716 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:45:25.0085 6716 MegaSR - ok
21:45:25.0109 6716 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
21:45:25.0114 6716 MEIx64 - ok
21:45:25.0128 6716 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:45:25.0151 6716 MMCSS - ok
21:45:25.0175 6716 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:45:25.0195 6716 Modem - ok
21:45:25.0213 6716 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:45:25.0221 6716 monitor - ok
21:45:25.0249 6716 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:45:25.0254 6716 mouclass - ok
21:45:25.0257 6716 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:45:25.0264 6716 mouhid - ok
21:45:25.0281 6716 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:45:25.0287 6716 mountmgr - ok
21:45:25.0319 6716 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:45:25.0325 6716 MozillaMaintenance - ok
21:45:25.0365 6716 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
21:45:25.0373 6716 MpFilter - ok
21:45:25.0382 6716 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:45:25.0389 6716 mpio - ok
21:45:25.0409 6716 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:45:25.0430 6716 mpsdrv - ok
21:45:25.0478 6716 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:45:25.0506 6716 MpsSvc - ok
21:45:25.0642 6716 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:45:25.0662 6716 MRxDAV - ok
21:45:25.0695 6716 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:45:25.0708 6716 mrxsmb - ok
21:45:25.0773 6716 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:45:25.0790 6716 mrxsmb10 - ok
21:45:25.0800 6716 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:45:25.0813 6716 mrxsmb20 - ok
21:45:25.0818 6716 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\DRIVERS\msahci.sys
21:45:25.0829 6716 msahci - ok
21:45:25.0876 6716 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:45:25.0890 6716 msdsm - ok
21:45:25.0955 6716 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:45:25.0971 6716 MSDTC - ok
21:45:25.0979 6716 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:45:26.0006 6716 Msfs - ok
21:45:26.0017 6716 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:45:26.0037 6716 mshidkmdf - ok
21:45:26.0038 6716 MSICDSetup - ok
21:45:26.0041 6716 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:45:26.0046 6716 msisadrv - ok
21:45:26.0076 6716 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:45:26.0097 6716 MSiSCSI - ok
21:45:26.0098 6716 msiserver - ok
21:45:26.0153 6716 MSI_MSIBIOS_010507 (192476c10371dc83243d67432b2cdcbf) C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys
21:45:26.0164 6716 MSI_MSIBIOS_010507 - ok
21:45:26.0180 6716 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:45:26.0213 6716 MSKSSRV - ok
21:45:26.0267 6716 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:45:26.0278 6716 MsMpSvc - ok
21:45:26.0282 6716 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:45:26.0309 6716 MSPCLOCK - ok
21:45:26.0311 6716 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:45:26.0333 6716 MSPQM - ok
21:45:26.0352 6716 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:45:26.0361 6716 MsRPC - ok
21:45:26.0367 6716 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:45:26.0373 6716 mssmbios - ok
21:45:26.0375 6716 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:45:26.0395 6716 MSTEE - ok
21:45:26.0397 6716 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:45:26.0403 6716 MTConfig - ok
21:45:26.0413 6716 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:45:26.0418 6716 Mup - ok
21:45:26.0430 6716 mv91cons (e53d9ab63917338d7ffe12e85310a636) C:\Windows\system32\DRIVERS\mv91cons.sys
21:45:26.0434 6716 mv91cons - ok
21:45:26.0455 6716 mv91xx (38b4c95e821528fb91df16a78e04450f) C:\Windows\system32\DRIVERS\mv91xx.sys
21:45:26.0462 6716 mv91xx - ok
21:45:26.0535 6716 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:45:26.0571 6716 napagent - ok
21:45:26.0585 6716 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:45:26.0596 6716 NativeWifiP - ok
21:45:26.0627 6716 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:45:26.0641 6716 NDIS - ok
21:45:26.0645 6716 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:45:26.0665 6716 NdisCap - ok
21:45:26.0676 6716 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:45:26.0696 6716 NdisTapi - ok
21:45:26.0724 6716 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:45:26.0743 6716 Ndisuio - ok
21:45:26.0770 6716 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:45:26.0807 6716 NdisWan - ok
21:45:26.0823 6716 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:45:26.0842 6716 NDProxy - ok
21:45:26.0846 6716 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:45:26.0866 6716 NetBIOS - ok
21:45:26.0880 6716 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:45:26.0901 6716 NetBT - ok
21:45:26.0923 6716 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:45:26.0929 6716 Netlogon - ok
21:45:26.0962 6716 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:45:26.0985 6716 Netman - ok
21:45:27.0086 6716 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:45:27.0097 6716 NetMsmqActivator - ok
21:45:27.0101 6716 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:45:27.0109 6716 NetPipeActivator - ok
21:45:27.0133 6716 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:45:27.0169 6716 netprofm - ok
21:45:27.0172 6716 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:45:27.0179 6716 NetTcpActivator - ok
21:45:27.0181 6716 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:45:27.0188 6716 NetTcpPortSharing - ok
21:45:27.0203 6716 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:45:27.0209 6716 nfrd960 - ok
21:45:27.0241 6716 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:45:27.0247 6716 NisDrv - ok
21:45:27.0307 6716 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
21:45:27.0317 6716 NisSrv - ok
21:45:27.0332 6716 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:45:27.0354 6716 NlaSvc - ok
21:45:27.0371 6716 nm3 (f554c5fd7bd1efa4da5cfe2eed86391f) C:\Windows\system32\DRIVERS\nm3.sys
21:45:27.0377 6716 nm3 - ok
21:45:27.0384 6716 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:45:27.0405 6716 Npfs - ok
21:45:27.0408 6716 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:45:27.0428 6716 nsi - ok
21:45:27.0431 6716 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:45:27.0450 6716 nsiproxy - ok
21:45:27.0543 6716 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:45:27.0574 6716 Ntfs - ok
21:45:27.0583 6716 NTIOLib_1_0_3 - ok
21:45:27.0618 6716 NTIOLib_1_0_4 (1b32c54b95121ab1683c7b83b2db4b96) C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys
21:45:27.0623 6716 NTIOLib_1_0_4 - ok
21:45:27.0662 6716 NTIOLib_1_0_6 (c02f70960fa934b8defa16a03d7f6556) C:\Program Files (x86)\Setup Files\Ms7681v1G0\NTIOLib_X64.sys
21:45:27.0666 6716 NTIOLib_1_0_6 ( UnsignedFile.Multi.Generic ) - warning
21:45:27.0666 6716 NTIOLib_1_0_6 - detected UnsignedFile.Multi.Generic (1)
21:45:27.0704 6716 ntk_PowerDVD (7420b2e1f65642129b6e23bd42f752aa) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys
21:45:27.0714 6716 ntk_PowerDVD - ok
21:45:27.0749 6716 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:45:27.0785 6716 Null - ok
21:45:27.0805 6716 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
21:45:27.0811 6716 nusb3hub - ok
21:45:27.0844 6716 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:45:27.0850 6716 nusb3xhc - ok
21:45:27.0880 6716 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:45:27.0892 6716 nvraid - ok
21:45:27.0918 6716 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:45:27.0930 6716 nvstor - ok
21:45:27.0992 6716 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:45:28.0005 6716 nv_agp - ok
21:45:28.0013 6716 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:45:28.0025 6716 ohci1394 - ok
21:45:28.0170 6716 OODefragAgent (edd196bf2ee1f18af1bedcf68d12025f) C:\Program Files\OO Software\Defrag\oodag.exe
21:45:28.0209 6716 OODefragAgent - ok
21:45:28.0235 6716 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:45:28.0240 6716 ose - ok
21:45:28.0363 6716 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:45:28.0421 6716 osppsvc - ok
21:45:28.0466 6716 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:45:28.0477 6716 p2pimsvc - ok
21:45:28.0488 6716 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:45:28.0498 6716 p2psvc - ok
21:45:28.0514 6716 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:45:28.0521 6716 Parport - ok
21:45:28.0565 6716 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:45:28.0571 6716 partmgr - ok
21:45:28.0610 6716 PassThru Service (a1e779a0cf7a21b42e8fd3e8856d8481) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
21:45:28.0614 6716 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
21:45:28.0614 6716 PassThru Service - detected UnsignedFile.Multi.Generic (1)
21:45:28.0627 6716 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:45:28.0644 6716 PcaSvc - ok
21:45:28.0655 6716 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:45:28.0667 6716 pci - ok
21:45:28.0670 6716 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:45:28.0678 6716 pciide - ok
21:45:28.0691 6716 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:45:28.0698 6716 pcmcia - ok
21:45:28.0702 6716 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:45:28.0708 6716 pcw - ok
21:45:28.0727 6716 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:45:28.0752 6716 PEAUTH - ok
21:45:28.0827 6716 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
21:45:28.0849 6716 PeerDistSvc - ok
21:45:28.0894 6716 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:45:28.0902 6716 PerfHost - ok
21:45:29.0005 6716 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:45:29.0043 6716 pla - ok
21:45:29.0069 6716 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:45:29.0078 6716 PlugPlay - ok
21:45:29.0080 6716 PnkBstrA - ok
21:45:29.0083 6716 PnkBstrB - ok
21:45:29.0086 6716 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:45:29.0093 6716 PNRPAutoReg - ok
21:45:29.0124 6716 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:45:29.0133 6716 PNRPsvc - ok
21:45:29.0147 6716 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:45:29.0171 6716 PolicyAgent - ok
21:45:29.0181 6716 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:45:29.0203 6716 Power - ok
21:45:29.0218 6716 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:45:29.0238 6716 PptpMiniport - ok
21:45:29.0262 6716 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:45:29.0268 6716 Processor - ok
21:45:29.0280 6716 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:45:29.0301 6716 ProfSvc - ok
21:45:29.0327 6716 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:45:29.0334 6716 ProtectedStorage - ok
21:45:29.0350 6716 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:45:29.0371 6716 Psched - ok
21:45:29.0443 6716 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:45:29.0462 6716 ql2300 - ok
21:45:29.0558 6716 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:45:29.0571 6716 ql40xx - ok
21:45:29.0622 6716 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:45:29.0644 6716 QWAVE - ok
21:45:29.0650 6716 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:45:29.0668 6716 QWAVEdrv - ok
21:45:29.0698 6716 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
21:45:29.0712 6716 RapiMgr - ok
21:45:29.0732 6716 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:45:29.0775 6716 RasAcd - ok
21:45:29.0798 6716 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:45:29.0835 6716 RasAgileVpn - ok
21:45:29.0841 6716 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:45:29.0861 6716 RasAuto - ok
21:45:29.0865 6716 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:45:29.0885 6716 Rasl2tp - ok
21:45:29.0901 6716 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:45:29.0922 6716 RasMan - ok
21:45:29.0926 6716 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:45:29.0946 6716 RasPppoe - ok
21:45:29.0949 6716 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:45:29.0969 6716 RasSstp - ok
21:45:29.0979 6716 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:45:30.0000 6716 rdbss - ok
21:45:30.0003 6716 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:45:30.0011 6716 rdpbus - ok
21:45:30.0032 6716 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:45:30.0052 6716 RDPCDD - ok
21:45:30.0083 6716 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
21:45:30.0090 6716 RDPDR - ok
21:45:30.0093 6716 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:45:30.0112 6716 RDPENCDD - ok
21:45:30.0115 6716 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:45:30.0135 6716 RDPREFMP - ok
21:45:30.0161 6716 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
21:45:30.0167 6716 RdpVideoMiniport - ok
21:45:30.0214 6716 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
21:45:30.0222 6716 RDPWD - ok
21:45:30.0247 6716 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:45:30.0255 6716 rdyboost - ok
21:45:30.0275 6716 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:45:30.0299 6716 RemoteAccess - ok
21:45:30.0311 6716 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:45:30.0332 6716 RemoteRegistry - ok
21:45:30.0338 6716 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:45:30.0359 6716 RpcEptMapper - ok
21:45:30.0369 6716 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:45:30.0376 6716 RpcLocator - ok
21:45:30.0398 6716 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:45:30.0422 6716 RpcSs - ok
21:45:30.0427 6716 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:45:30.0447 6716 rspndr - ok
21:45:30.0481 6716 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:45:30.0491 6716 RTL8167 - ok
21:45:30.0518 6716 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
21:45:30.0528 6716 s3cap - ok
21:45:30.0560 6716 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:45:30.0573 6716 SamSs - ok
21:45:30.0597 6716 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:45:30.0610 6716 sbp2port - ok
21:45:30.0623 6716 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:45:30.0657 6716 SCardSvr - ok
21:45:30.0678 6716 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:45:30.0702 6716 scfilter - ok
21:45:30.0763 6716 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:45:30.0805 6716 Schedule - ok
21:45:30.0820 6716 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:45:30.0840 6716 SCPolicySvc - ok
21:45:30.0856 6716 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:45:30.0863 6716 SDRSVC - ok
21:45:30.0895 6716 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:45:30.0915 6716 secdrv - ok
21:45:30.0930 6716 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:45:30.0950 6716 seclogon - ok
21:45:30.0954 6716 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:45:30.0975 6716 SENS - ok
21:45:30.0978 6716 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:45:30.0984 6716 SensrSvc - ok
21:45:30.0987 6716 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:45:30.0993 6716 Serenum - ok
21:45:31.0008 6716 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:45:31.0014 6716 Serial - ok
21:45:31.0017 6716 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:45:31.0023 6716 sermouse - ok
21:45:31.0037 6716 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:45:31.0057 6716 SessionEnv - ok
21:45:31.0129 6716 SetupARService (18a4eb256e35a6dd233c4d005835879a) C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe
21:45:31.0132 6716 SetupARService ( UnsignedFile.Multi.Generic ) - warning
21:45:31.0133 6716 SetupARService - detected UnsignedFile.Multi.Generic (1)
21:45:31.0136 6716 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:45:31.0148 6716 sffdisk - ok
21:45:31.0151 6716 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:45:31.0163 6716 sffp_mmc - ok
21:45:31.0166 6716 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:45:31.0181 6716 sffp_sd - ok
21:45:31.0184 6716 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:45:31.0190 6716 sfloppy - ok
21:45:31.0209 6716 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:45:31.0232 6716 SharedAccess - ok
21:45:31.0249 6716 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:45:31.0271 6716 ShellHWDetection - ok
21:45:31.0274 6716 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:45:31.0280 6716 SiSRaid2 - ok
21:45:31.0285 6716 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:45:31.0290 6716 SiSRaid4 - ok
21:45:31.0333 6716 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:45:31.0344 6716 SkypeUpdate - ok
21:45:31.0352 6716 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:45:31.0393 6716 Smb - ok
21:45:31.0399 6716 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:45:31.0406 6716 SNMPTRAP - ok
21:45:31.0426 6716 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:45:31.0432 6716 spldr - ok
21:45:31.0457 6716 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:45:31.0481 6716 Spooler - ok
21:45:31.0576 6716 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:45:31.0623 6716 sppsvc - ok
21:45:31.0694 6716 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:45:31.0729 6716 sppuinotify - ok
21:45:31.0765 6716 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:45:31.0774 6716 srv - ok
21:45:31.0802 6716 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:45:31.0811 6716 srv2 - ok
21:45:31.0824 6716 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:45:31.0832 6716 srvnet - ok
21:45:31.0852 6716 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:45:31.0876 6716 SSDPSRV - ok
21:45:31.0892 6716 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:45:31.0913 6716 SstpSvc - ok
21:45:31.0917 6716 Steam Client Service - ok
21:45:31.0921 6716 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:45:31.0926 6716 stexstor - ok
21:45:31.0957 6716 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:45:31.0972 6716 stisvc - ok
21:45:31.0977 6716 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
21:45:31.0983 6716 storflt - ok
21:45:31.0986 6716 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
21:45:31.0992 6716 storvsc - ok
21:45:32.0007 6716 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:45:32.0012 6716 swenum - ok
21:45:32.0051 6716 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:45:32.0090 6716 swprv - ok
21:45:32.0092 6716 Synth3dVsc - ok
21:45:32.0332 6716 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:45:32.0363 6716 SysMain - ok
21:45:32.0406 6716 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:45:32.0420 6716 TabletInputService - ok
21:45:32.0437 6716 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:45:32.0470 6716 TapiSrv - ok
21:45:32.0476 6716 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:45:32.0497 6716 TBS - ok
21:45:32.0577 6716 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:45:32.0620 6716 Tcpip - ok
21:45:32.0710 6716 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:45:32.0741 6716 TCPIP6 - ok
21:45:32.0804 6716 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:45:32.0838 6716 tcpipreg - ok
21:45:32.0862 6716 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:45:32.0868 6716 TDPIPE - ok
21:45:32.0907 6716 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:45:32.0914 6716 TDTCP - ok
21:45:32.0940 6716 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:45:32.0960 6716 tdx - ok
21:45:32.0969 6716 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:45:32.0975 6716 TermDD - ok
21:45:33.0026 6716 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:45:33.0074 6716 TermService - ok
21:45:33.0079 6716 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:45:33.0090 6716 Themes - ok
21:45:33.0129 6716 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:45:33.0166 6716 THREADORDER - ok
21:45:33.0174 6716 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:45:33.0195 6716 TrkWks - ok
21:45:33.0225 6716 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:45:33.0259 6716 TrustedInstaller - ok
21:45:33.0264 6716 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:45:33.0283 6716 tssecsrv - ok
21:45:33.0311 6716 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:45:33.0323 6716 TsUsbFlt - ok
21:45:33.0327 6716 tsusbhub - ok
21:45:33.0353 6716 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:45:33.0385 6716 tunnel - ok
21:45:33.0434 6716 TwonkyProxy - ok
21:45:33.0438 6716 TwonkyServer - ok
21:45:33.0442 6716 TwonkyWebDav - ok
21:45:33.0502 6716 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:45:33.0514 6716 uagp35 - ok
21:45:33.0537 6716 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:45:33.0582 6716 udfs - ok
21:45:33.0587 6716 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:45:33.0595 6716 UI0Detect - ok
21:45:33.0599 6716 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:45:33.0605 6716 uliagpkx - ok
21:45:33.0709 6716 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:45:33.0723 6716 umbus - ok
21:45:33.0741 6716 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:45:33.0754 6716 UmPass - ok
21:45:33.0768 6716 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
21:45:33.0785 6716 UmRdpService - ok
21:45:33.0849 6716 UnlockerDriver5 (9dc07e73a4abb9acf692113b36a5009f) C:\Program Files\Unlocker\UnlockerDriver5.sys
21:45:33.0858 6716 UnlockerDriver5 - ok
21:45:33.0878 6716 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:45:33.0918 6716 upnphost - ok
21:45:33.0940 6716 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:45:33.0943 6716 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
21:45:33.0943 6716 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
21:45:33.0957 6716 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:45:33.0965 6716 usbaudio - ok
21:45:33.0978 6716 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:45:33.0984 6716 usbccgp - ok
21:45:33.0991 6716 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:45:33.0999 6716 usbcir - ok
21:45:34.0058 6716 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:45:34.0070 6716 usbehci - ok
21:45:34.0090 6716 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:45:34.0100 6716 usbhub - ok
21:45:34.0125 6716 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:45:34.0132 6716 usbohci - ok
21:45:34.0136 6716 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:45:34.0145 6716 usbprint - ok
21:45:34.0157 6716 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:45:34.0165 6716 USBSTOR - ok
21:45:34.0168 6716 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:45:34.0175 6716 usbuhci - ok
21:45:34.0200 6716 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
21:45:34.0209 6716 usb_rndisx - ok
21:45:34.0232 6716 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:45:34.0260 6716 UxSms - ok
21:45:34.0280 6716 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:45:34.0287 6716 VaultSvc - ok
21:45:34.0306 6716 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:45:34.0312 6716 vdrvroot - ok
21:45:34.0345 6716 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:45:34.0370 6716 vds - ok
21:45:34.0374 6716 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:45:34.0382 6716 vga - ok
21:45:34.0427 6716 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:45:34.0462 6716 VgaSave - ok
21:45:34.0464 6716 VGPU - ok
21:45:34.0477 6716 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:45:34.0485 6716 vhdmp - ok
21:45:34.0488 6716 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:45:34.0493 6716 viaide - ok
21:45:34.0506 6716 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
21:45:34.0513 6716 vmbus - ok
21:45:34.0516 6716 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
21:45:34.0522 6716 VMBusHID - ok
21:45:34.0528 6716 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:45:34.0534 6716 volmgr - ok
21:45:34.0557 6716 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:45:34.0565 6716 volmgrx - ok
21:45:34.0581 6716 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:45:34.0589 6716 volsnap - ok
21:45:34.0622 6716 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
21:45:34.0629 6716 vpcbus - ok
21:45:34.0645 6716 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
21:45:34.0652 6716 vpcnfltr - ok
21:45:34.0660 6716 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
21:45:34.0667 6716 vpcusb - ok
21:45:34.0670 6716 vpcuxd (63f4e10873beb4124028c6d1a66b0968) C:\Windows\system32\DRIVERS\vpcuxd.sys
21:45:34.0676 6716 vpcuxd - ok
21:45:34.0693 6716 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
21:45:34.0703 6716 vpcvmm - ok
21:45:34.0713 6716 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:45:34.0720 6716 vsmraid - ok
21:45:34.0796 6716 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:45:34.0834 6716 VSS - ok
21:45:34.0896 6716 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:45:34.0910 6716 vwifibus - ok
21:45:34.0931 6716 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:45:34.0966 6716 W32Time - ok
21:45:34.0995 6716 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
21:45:35.0004 6716 W3SVC - ok
21:45:35.0008 6716 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:45:35.0014 6716 WacomPen - ok
21:45:35.0030 6716 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:45:35.0050 6716 WANARP - ok
21:45:35.0052 6716 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:45:35.0071 6716 Wanarpv6 - ok
21:45:35.0074 6716 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
21:45:35.0083 6716 WAS - ok
21:45:35.0140 6716 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:45:35.0175 6716 WatAdminSvc - ok
21:45:35.0263 6716 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:45:35.0294 6716 wbengine - ok
21:45:35.0325 6716 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:45:35.0339 6716 WbioSrvc - ok
21:45:35.0387 6716 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
21:45:35.0405 6716 WcesComm - ok
21:45:35.0426 6716 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:45:35.0439 6716 wcncsvc - ok
21:45:35.0443 6716 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:45:35.0450 6716 WcsPlugInService - ok
21:45:35.0477 6716 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:45:35.0482 6716 Wd - ok
21:45:35.0518 6716 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:45:35.0529 6716 Wdf01000 - ok
21:45:35.0537 6716 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:45:35.0548 6716 WdiServiceHost - ok
21:45:35.0550 6716 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:45:35.0560 6716 WdiSystemHost - ok
21:45:35.0576 6716 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:45:35.0588 6716 WebClient - ok
21:45:35.0600 6716 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:45:35.0622 6716 Wecsvc - ok
21:45:35.0627 6716 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:45:35.0648 6716 wercplsupport - ok
21:45:35.0654 6716 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:45:35.0674 6716 WerSvc - ok
21:45:35.0684 6716 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:45:35.0703 6716 WfpLwf - ok
21:45:35.0727 6716 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:45:35.0733 6716 WIMMount - ok
21:45:35.0737 6716 WinDefend - ok
21:45:35.0740 6716 WinHttpAutoProxySvc - ok
21:45:35.0777 6716 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:45:35.0812 6716 Winmgmt - ok
21:45:35.0920 6716 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:45:35.0967 6716 WinRM - ok
21:45:36.0017 6716 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:45:36.0033 6716 WinUsb - ok
21:45:36.0077 6716 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:45:36.0106 6716 Wlansvc - ok
21:45:36.0234 6716 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:45:36.0268 6716 wlidsvc - ok
21:45:36.0314 6716 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
21:45:36.0324 6716 WmBEnum - ok
21:45:36.0345 6716 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
21:45:36.0354 6716 WmFilter - ok
21:45:36.0372 6716 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:45:36.0384 6716 WmiAcpi - ok
21:45:36.0413 6716 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:45:36.0430 6716 wmiApSrv - ok
21:45:36.0441 6716 WMPNetworkSvc - ok
21:45:36.0445 6716 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
21:45:36.0450 6716 WmVirHid - ok
21:45:36.0457 6716 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
21:45:36.0463 6716 WmXlCore - ok
21:45:36.0469 6716 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:45:36.0477 6716 WPCSvc - ok
21:45:36.0492 6716 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:45:36.0502 6716 WPDBusEnum - ok
21:45:36.0529 6716 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:45:36.0554 6716 ws2ifsl - ok
21:45:36.0561 6716 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
21:45:36.0571 6716 wscsvc - ok
21:45:36.0573 6716 WSearch - ok
21:45:36.0640 6716 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:45:36.0683 6716 wuauserv - ok
21:45:36.0727 6716 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:45:36.0751 6716 WudfPf - ok
21:45:36.0773 6716 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:45:36.0795 6716 WUDFRd - ok
21:45:36.0802 6716 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:45:36.0827 6716 wudfsvc - ok
21:45:36.0842 6716 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:45:36.0853 6716 WwanSvc - ok
21:45:36.0903 6716 {329F96B6-DF1E-4328-BFDA-39EA953C1312} (1870a74ee2901ca09ffbfe79a5ee0e94) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
21:45:36.0914 6716 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
21:45:36.0929 6716 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:45:37.0107 6716 \Device\Harddisk0\DR0 - ok
21:45:37.0110 6716 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
21:45:37.0139 6716 \Device\Harddisk1\DR1 - ok
21:45:37.0142 6716 Boot (0x1200) (6112cfafcb084d9fa421e9a45a3432f0) \Device\Harddisk0\DR0\Partition0
21:45:37.0143 6716 \Device\Harddisk0\DR0\Partition0 - ok
21:45:37.0170 6716 Boot (0x1200) (44ae5cabcda59a4331db0737efc80198) \Device\Harddisk0\DR0\Partition1
21:45:37.0172 6716 \Device\Harddisk0\DR0\Partition1 - ok
21:45:37.0175 6716 Boot (0x1200) (e8ab15c8c510644298abc8bd7049d262) \Device\Harddisk1\DR1\Partition0
21:45:37.0177 6716 \Device\Harddisk1\DR1\Partition0 - ok
21:45:37.0177 6716 ============================================================
21:45:37.0177 6716 Scan finished
21:45:37.0177 6716 ============================================================
21:45:37.0184 6324 Detected object count: 4
21:45:37.0184 6324 Actual detected object count: 4
21:45:44.0345 6324 NTIOLib_1_0_6 ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:44.0345 6324 NTIOLib_1_0_6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:44.0346 6324 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:44.0346 6324 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:44.0347 6324 SetupARService ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:44.0347 6324 SetupARService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:45:44.0348 6324 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:44.0349 6324 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
| Themen zu Infizierung mit locked-Trojaner |
| 7-zip, alternate, bho, bonjour, browser, call of duty, document, downloader, error, firefox, flash player, google, google earth, grand theft auto, helper, iexplore.exe, install.exe, jdownloader, langs, launch, locker, microsoft office word, monkey island, mozilla, mp3, plug-in, prima, realtek, registry, rundll, scan, searchscopes, security, senden, software, starten, svchost.exe, teamspeak, usb, usb 3.0, wieder herstellen, windows, windows xp |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
