Microsoft Security Essentials scannt nicht mehr

blawa · 29.04.2013, 22:17

Hallo,

MSE macht mir seit heute Probleme:

Egal welchen Scan ich auswähle, MSE scannt einfach nicht.

Die verstrichene Zeit bleibt bei 0:00 und er zeigt immer die gleiche Datei an die er untersucht: "HKCU@S-1-5-18\CONTROL PANNEL\DESKTOP\\Wallpaper"

Kennt jemand das Problem / die Lösung ?

mfg,
blawa

cosinus · 01.05.2013, 22:15

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

blawa · 02.05.2013, 10:03

Ich habe sowohl mit Avast als auch mit Malwarebytes gescannt und nichts gefunden - sry atte vergessen das zu erwähnen

cosinus · 02.05.2013, 13:06

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

blawa · 02.05.2013, 17:07

Hallo,

hier die Logs:

OTL.txt

Code:

ATTFilter

OTL logfile created on: 02.05.2013 17:21:21 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\blawa\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 32,12% Memory free
11,98 Gb Paging File | 7,21 Gb Available in Paging File | 60,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1387,39 Gb Total Space | 725,20 Gb Free Space | 52,27% Space Free | Partition Type: NTFS
Drive F: | 621,85 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 299,62 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: BLAWA-PC | User Name: blawa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\blawa\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\NAMCO BANDAI Games\DarkSouls\DATA.exe (NAMCO BANDAI Games Inc.)
PRC - C:\Program Files (x86)\NAMCO BANDAI Games\DarkSouls\DARKSOULS.exe (NAMCO BANDAI Games Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
PRC - C:\Program Files (x86)\AlienRespawn\sftservice.EXE (SoftThinks SAS)
PRC - c:\Program Files (x86)\Microsoft Games for Windows - LIVE\Client\GFWLClient.exe (Microsoft® Corporation)
PRC - C:\Programme\Alienware\Command Center\AWCCApplicationWatcher32.exe (Alienware)
PRC - C:\Programme\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
PRC - C:\Programme\Alienware\Command Center\AlienFusionController.exe ()
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - c:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\3b1d7952215bc34df472d77057fb9a95\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\83596232d0f20049567d6cc181b83fcf\System.ServiceModel.Routing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\28ec5c157703b1816451954d6c52d5a4\System.ServiceModel.Discovery.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\cc4f8731475c522e454265d5b1da958d\System.ServiceModel.Channels.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\2024a7339aa5ad2712d239d454d3c355\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e8488b8ed53ddd598c6d7d799ca54f28\System.ServiceModel.Activities.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\dd086a3d9a4dc355816ce6da8c6517d0\System.IdentityModel.Selectors.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\e464dc608a88955a0edccba917d207de\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\8e092d89921648308ac103bb08bfd370\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\edf6ed0d469ab0053a56ec64be932f7d\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\22c60ca3c2b18e041ebff2578c90cba3\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\48ee0e1de873152ec7e85d7456c1cc09\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\62d047ff6c2865139d95eb19545b1cc6\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cbb7db665b3ba25a931258eb702527f5\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\254b179f13a4bbae7e5aa2f9a9231604\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9fe8c27f7d33440089db00fa170f95f9\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\e99728014e52a3a04bf7933c64be8d6a\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f28a346ae10e2eec581608f591cf7116\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8983c040161b34c64474f195bff5e2de\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\8167f7d08668a5859e76aa9a1124a42f\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\806c4ba7d696ab586ffd774a31f1a66b\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\08bebcf66ad666dfdf2a4a934d79c0f9\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d884c684ee3f738a60e3c50dd5d88caa\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\5dbabea688adfc665e3453561736699a\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\cb72ac8478a5ea7e2d570bb710ecb1c1\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\2953bd325cbadeb5da550379e3185950\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b83993cc955262507c8ead67567c8060\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\df418085cedae9fa2efee87e20a419a4\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\c41a7a0a68540e43d10389646e84e3d1\System.Numerics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\60c214b6ad5691e368a16ec65d127c27\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll ()
MOD - C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll ()
MOD - C:\Programme\TortoiseSVN\bin\libsasl32.dll ()
MOD - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
MOD - C:\Programme\Alienware\Command Center\AlienFusionController.exe ()
MOD - c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (BEService) -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe ()
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV - (Guard.Mail.ru) -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
SRV - (MSSQL$SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SftService) -- C:\Program Files (x86)\AlienRespawn\sftservice.EXE (SoftThinks SAS)
SRV - (AlienFusionService) -- C:\Programme\Alienware\Command Center\AlienFusionService.exe (Alienware)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (BPowMon) -- C:\Programme\Broadcom\BPowMon\BPowMon.exe (Broadcom Corp.)
SRV - (wlidsvc) -- c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (MSSQLServerADHelper100) -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation)
SRV - (btwdins) -- c:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (vmm) -- C:\Windows\SysNative\Treiber\VMM.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RsFx0105) -- C:\Windows\SysNative\drivers\RsFx0105.sys (Microsoft Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (AWOPFilterDriver) -- C:\Windows\SysNative\drivers\AWOPFilterDriver.sys ()
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (mio) -- C:\Windows\SysNative\drivers\mio.sys (Dell/Alienware)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (SI3132) -- C:\Windows\SysNative\drivers\SI3132.sys (Silicon Image, Inc)
DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\drivers\SiWinAcc.sys (Silicon Image, Inc)
DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\drivers\SiRemFil.sys (Silicon Image, Inc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (VPCNetS2) -- C:\Windows\SysNative\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2209728477-714789964-3075794624-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2209728477-714789964-3075794624-1000\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2209728477-714789964-3075794624-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2209728477-714789964-3075794624-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-2209728477-714789964-3075794624-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
IE - HKU\S-1-5-21-2209728477-714789964-3075794624-1000\..\SearchScopes\{D9D5C728-36EA-40FF-BD8A-DB0A2767DDED}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYAT&apn_uid=2E431424-39A8-4A15-95AD-3FB96736765A&apn_sauid=87A3A694-2004-4631-81E4-D69F70606F8A
IE - HKU\S-1-5-21-2209728477-714789964-3075794624-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.startup.homepage: "google.at"
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.25 18:40:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 01:30:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 01:29:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 01:30:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 01:29:51 | 000,000,000 | ---D | M]
 
[2011.07.07 19:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\blawa\AppData\Roaming\mozilla\Extensions
[2013.04.01 02:33:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\blawa\AppData\Roaming\mozilla\Firefox\Profiles\n18ln615.default\extensions
[2013.04.01 02:33:45 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\blawa\AppData\Roaming\mozilla\Firefox\Profiles\n18ln615.default\extensions\toolbar@ask.com
[2013.03.17 22:05:45 | 000,021,579 | ---- | M] () (No name found) -- C:\Users\blawa\AppData\Roaming\mozilla\firefox\profiles\n18ln615.default\extensions\leethax@leethax.net.xpi
[2013.02.17 16:36:19 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\blawa\AppData\Roaming\mozilla\firefox\profiles\n18ln615.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.07 15:05:20 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\blawa\AppData\Roaming\mozilla\firefox\profiles\n18ln615.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2013.04.01 02:33:45 | 000,002,308 | ---- | M] () -- C:\Users\blawa\AppData\Roaming\mozilla\firefox\profiles\n18ln615.default\searchplugins\askcom.xml
[2011.07.08 14:30:56 | 000,002,059 | ---- | M] () -- C:\Users\blawa\AppData\Roaming\mozilla\firefox\profiles\n18ln615.default\searchplugins\daemon-search.xml
[2012.06.14 17:36:56 | 000,003,915 | ---- | M] () -- C:\Users\blawa\AppData\Roaming\mozilla\firefox\profiles\n18ln615.default\searchplugins\sweetim.xml
[2013.04.12 01:29:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.12 01:29:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.25 18:40:35 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013.04.12 01:30:08 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.13 15:06:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.13 15:06:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.13 15:06:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.13 15:06:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.25 18:35:33 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
[2012.09.13 15:06:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.13 15:06:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2012.05.13 21:45:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Command Center Controllers] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Microsoft)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-2209728477-714789964-3075794624-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2209728477-714789964-3075794624-1000..\Run: [EAUpdater] C:\Users\blawa\AppData\Roaming\EA\ea_updater.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2209728477-714789964-3075794624-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\blawa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2209728477-714789964-3075794624-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2209728477-714789964-3075794624-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90456561-14A2-458A-9C08-2EE9CD27CE06}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADC455F9-F27A-46AA-9B8E-26D4D7BEACF8}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.03.06 13:14:23 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2001.09.27 05:31:38 | 000,045,056 | R--- | M] () - F:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2001.09.27 05:31:38 | 000,007,358 | R--- | M] () - F:\AUTORUN.ICO -- [ CDFS ]
O32 - AutoRun File - [2001.09.27 06:07:36 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2002.06.04 02:57:28 | 000,000,057 | R--- | M] () - G:\AutoRun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.01 03:55:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.01 03:55:25 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.01 03:55:25 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.01 03:55:24 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.01 03:55:24 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.01 03:55:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.01 03:55:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.01 03:55:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.01 03:55:23 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.01 03:55:23 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.01 03:55:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.01 03:55:23 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.01 03:55:22 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.01 03:55:22 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.01 03:55:22 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.01 03:54:03 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.05.01 03:54:02 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.05.01 03:54:02 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.05.01 03:54:02 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.05.01 03:54:02 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.05.01 03:54:01 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.29 22:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.29 22:51:54 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.29 22:51:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.29 02:48:33 | 000,000,000 | ---D | C] -- C:\Users\blawa\AppData\Local\SplitMediaLabs
[2013.04.29 02:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2013.04.29 02:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SplitMediaLabs
[2013.04.29 02:48:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SplitMediaLabs
[2013.04.29 02:47:32 | 000,000,000 | ---D | C] -- C:\Users\blawa\AppData\Roaming\SplitMediaLabs
[2013.04.26 10:55:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.21 15:10:15 | 000,000,000 | ---D | C] -- C:\Users\blawa\Desktop\Dino
[2013.04.18 16:17:18 | 000,000,000 | ---D | C] -- C:\Users\blawa\Documents\My Kindle Content
[2013.04.18 16:17:12 | 000,000,000 | ---D | C] -- C:\Users\blawa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2013.04.18 16:17:06 | 000,000,000 | ---D | C] -- C:\Users\blawa\AppData\Local\Amazon
[2013.04.16 12:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013.04.16 12:58:52 | 000,000,000 | ---D | C] -- C:\Users\blawa\AppData\Local\Programs
[2013.04.15 21:27:56 | 000,000,000 | ---D | C] -- C:\Users\blawa\Desktop\FTB
[2013.04.15 21:27:39 | 000,000,000 | ---D | C] -- C:\Users\blawa\AppData\Roaming\ftblauncher
[2013.04.15 20:57:13 | 000,000,000 | ---D | C] -- C:\Users\blawa\Desktop\Neuer Ordner
[2013.04.15 20:56:29 | 000,000,000 | ---D | C] -- C:\Users\blawa\Desktop\backup
[2013.04.12 01:29:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.07 18:37:05 | 000,000,000 | ---D | C] -- C:\Users\blawa\Desktop\Archive
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.02 17:05:34 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.05.02 16:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.02 06:13:32 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.02 06:13:32 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.01 11:09:47 | 001,800,066 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.01 11:09:47 | 000,764,706 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.01 11:09:47 | 000,719,022 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.01 11:09:47 | 000,174,132 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.01 11:09:47 | 000,147,044 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.01 11:04:11 | 000,370,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.01 11:04:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.01 11:03:29 | 529,711,103 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.29 22:51:59 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.26 10:52:52 | 000,000,536 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013.04.18 17:20:33 | 000,028,462 | ---- | M] () -- C:\Users\blawa\D3.jpg
[2013.04.18 16:17:12 | 000,002,231 | ---- | M] () -- C:\Users\blawa\Desktop\Kindle.lnk
[2013.04.14 03:42:42 | 000,009,729 | ---- | M] () -- C:\Users\blawa\Desktop\Mats.ods
[2013.04.07 18:35:56 | 002,110,466 | ---- | M] () -- C:\Users\blawa\Desktop\Archive.zip
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.29 22:51:59 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.18 17:20:33 | 000,028,462 | ---- | C] () -- C:\Users\blawa\D3.jpg
[2013.04.18 16:17:12 | 000,002,231 | ---- | C] () -- C:\Users\blawa\Desktop\Kindle.lnk
[2013.04.16 12:59:36 | 000,000,894 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2013.04.12 15:25:00 | 000,009,729 | ---- | C] () -- C:\Users\blawa\Desktop\Mats.ods
[2013.04.01 01:48:23 | 000,002,343 | ---- | C] () -- C:\Users\blawa\test.jpeg
[2013.04.01 01:46:56 | 000,248,543 | ---- | C] () -- C:\Users\blawa\strange.jpg
[2013.02.08 22:47:33 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\libmySQL.dll
[2013.02.08 22:47:33 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\TrackerNET.dll
[2013.02.08 22:46:37 | 000,000,080 | ---- | C] () -- C:\Windows\sierra.ini
[2012.06.24 17:36:51 | 000,016,559 | ---- | C] () -- C:\Users\blawa\Sims_Abgabe.rar
[2012.06.24 01:12:19 | 000,000,769 | ---- | C] () -- C:\Users\blawa\SciTE.session
[2012.06.19 14:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.05.13 21:38:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.05.13 21:38:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.05.13 21:38:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.05.13 21:38:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.05.13 21:38:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.03.13 13:28:14 | 000,002,161 | ---- | C] () -- C:\Users\blawa\Vector3.java
[2012.02.21 13:10:15 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012.02.21 13:10:15 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012.02.21 13:10:15 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012.02.21 13:01:02 | 000,039,237 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2012.02.18 19:10:19 | 000,000,889 | ---- | C] () -- C:\Windows\eReg.dat
[2011.11.30 17:32:36 | 000,002,180 | ---- | C] () -- C:\Users\blawa\UE2_2.m
[2011.11.30 17:19:08 | 000,000,394 | ---- | C] () -- C:\Users\blawa\euler_rot.m
[2011.11.29 17:46:00 | 000,000,181 | ---- | C] () -- C:\Users\blawa\kreis_z.m
[2011.11.29 17:45:33 | 000,000,183 | ---- | C] () -- C:\Users\blawa\kreis_y.m
[2011.11.29 17:43:45 | 000,000,338 | ---- | C] () -- C:\Users\blawa\UE2_5.m
[2011.11.29 17:39:32 | 000,000,185 | ---- | C] () -- C:\Users\blawa\kreis_x.m
[2011.11.20 18:13:11 | 000,000,218 | ---- | C] () -- C:\Users\blawa\.recently-used.xbel
[2011.11.17 14:10:13 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.11.17 14:10:12 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.11 18:48:24 | 000,000,000 | ---- | C] () -- C:\Users\blawa\jagex_runescape_preferences.dat
[2011.08.06 02:12:08 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2011.07.08 15:40:44 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011.07.08 14:34:05 | 000,032,829 | ---- | C] () -- C:\Windows\scunin.dat
[2011.07.02 13:33:53 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011.07.02 13:33:53 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011.07.02 13:33:53 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011.07.02 13:33:52 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.07.02 13:33:52 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

blawa · 02.05.2013, 17:12

Und hier die Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 02.05.2013 17:26:41 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\blawa\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 32,12% Memory free
11,98 Gb Paging File | 7,21 Gb Available in Paging File | 60,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1387,39 Gb Total Space | 725,20 Gb Free Space | 52,27% Space Free | Partition Type: NTFS
Drive F: | 621,85 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 299,62 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: BLAWA-PC | User Name: blawa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2209728477-714789964-3075794624-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E700065-E47D-471D-B3B7-040820468A3B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6315B8ED-896C-4093-8570-D4E5A6F48141}" = rport=138 | protocol=17 | dir=out | app=system | 
"{663CBDFE-F086-477D-B03C-556D376E64C9}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{76A764B1-8E3A-48C3-9D7B-B0B148D2D782}" = rport=80 | protocol=6 | dir=out | name=port 80 | 
"{84D6F7A1-B487-4FDB-A59A-D38784835104}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{948AF787-3E96-4396-85E9-8E34CEBA5CC8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{978FC2B8-D1AA-42F6-A619-408782F1AF50}" = lport=137 | protocol=17 | dir=in | app=system | 
"{986AE7A9-2E04-40F3-A29F-3736297A4A8A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A22E7309-93E8-4294-A076-2568DDFE10D7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AA2DEDFB-B842-4313-AD61-73030AFEB165}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C11CE1DD-FC4E-47A6-8685-239A96B5DE86}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CC41A8D6-CDAE-4E48-99FA-6AEAD3C4819F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EAB77F5F-8443-40A9-BEAE-CE314AC2705E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F0F295FB-5FBD-42A8-9B55-4FC8DCBDF7F7}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01630518-4CC9-44AC-A83B-7967812D6CCC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{017E3476-A78E-4CE5-9D2D-DC13FBFC5631}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{023A1113-B55B-49CB-93D0-6700FD2229BA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{028258EE-C2D4-40A7-9E2B-8237E9EC1775}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{052132F1-9F9B-4B32-AEE4-02512C1459F6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{057E96B6-918A-4A69-B589-7A474C7F51BA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{063DDF80-C7D5-4506-8871-E1E549346A4E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief_2\thief2.exe | 
"{0A0D5CD8-525C-41F1-815C-A429C1782DCF}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | 
"{0CE8C6BA-1980-46B4-B5FD-043245F5A087}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{0DC06DF6-C227-4BC6-92E9-1621BC9FB80D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{0DEDD9B7-37FC-409F-8479-CF8A45D054B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief_gold\thief.exe | 
"{0E008291-43FF-410F-B304-0E527576AE50}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic.exe | 
"{0E2A29BE-F9C2-4DB1-90CD-7867959B4168}" = dir=out | app=%programfiles% (x86)\ubisoft\related designs\anno 2070\awesomiumprocess.exe | 
"{0FD919A5-7149-4A3E-A9F4-936B5B8548C1}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 ftp\a1ftp.exe | 
"{1386D1A7-3AC9-4A74-880A-3889F337A34A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe | 
"{13C43411-F59A-41D2-BBF2-2406A55A8127}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"{144A2687-EE76-448C-88A5-CBB5ECBC82A4}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii public test\diablo iii.exe | 
"{180D9AAC-E495-4AC9-B4B2-18F256C528D5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe | 
"{192293A3-82E4-4B24-AAF9-2A0915FB08AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{1933EBFA-8163-4417-8B82-C3E1592F0B0D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3 alpha lite\arma3demo.exe | 
"{1B0D3E49-CF0C-48A5-9325-5D345612F191}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic.exe | 
"{1B7EA239-CCC0-488C-9086-DBEC5BB0C3C3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief_2\thief2.exe | 
"{1CFA5F43-AF20-4276-BAB3-03F7F5C719CD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | 
"{1D83057A-4516-4FE2-A2CE-DF3115382BAD}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe | 
"{1EBBC2A2-67D8-4E08-A00A-63153C70895F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{1F14F26E-BBEF-40F0-95E1-9E9BA241011E}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{2159C777-6CA3-42AA-946C-31F0AB6BA9DD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{2230C62C-963C-4E14-A2D9-B1AB6654E346}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 ftp\a1ftp.exe | 
"{2276D3FD-0ABE-4E47-B85D-B76993FA7F2C}" = dir=in | app=c:\program files (x86)\microsoft xna\xna game studio\v4.0\bin\xnaliveproxy.exe | 
"{22E369F5-0240-49D7-9B44-FE85808A9F56}" = dir=out | app=%programfiles% (x86)\ubisoft\related designs\anno 2070\initengine.exe | 
"{241DBAA0-4325-40D2-A32D-E640613A585A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe | 
"{2571E9A5-B6B7-44C1-A806-4CB824296FCA}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{298C444A-692A-4727-AA36-1027DFCF4DB0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{2A21DB58-441B-483A-939E-5B419E60601C}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii public test\diablo iii.exe | 
"{2AD0A8B9-9C20-4441-A080-71EDA74BE216}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{2F639656-0C0C-4949-BD99-963ABB562FDA}" = dir=in | app=%userprofile%\desktop\techniclauncher.exe | 
"{344242A2-6EAF-4B16-B729-1DC9C443419F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{3596D3D7-8395-46B3-AD6E-1F3D9C0BE92A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | 
"{35D104F2-6C31-4E02-AAD7-14DA209B7B47}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{3DADB44B-E838-477A-AE5E-F158CD5553D8}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe | 
"{3DB1EE18-A656-4A3A-B0B5-7E629B7B9F73}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief deadly shadows\system\runme.exe | 
"{3E8CDF66-C63D-4301-A552-DB4B70CCDACD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{3F87F580-B666-4257-9B54-0CA9F029A8FC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of mythology\aomx.exe | 
"{4152F89C-1838-40E3-A3E9-B1BAA40AB02C}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe | 
"{428163BC-34C2-42C8-BD6F-1F47637F303E}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{42E9866B-F039-474A-A73D-6576CB9DB2AB}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{442D5C99-33F8-4115-BEED-D0C2ED26C588}" = dir=out | app=%programfiles% (x86)\fox\aliens versus predator 2 - primal hunt\primalhunt.exe | 
"{44414B58-5A62-4ED5-A816-4265D868A964}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | 
"{4974BE52-DF92-4BA1-987D-3956D79A9B65}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{49DB99B8-AD66-4EA4-8C2B-C160A2572630}" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe | 
"{50654975-0128-4007-99D4-0E8301A8B662}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | 
"{50D45C0A-1C8D-443F-81CF-6F3B502CFA31}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | 
"{50E16F8F-F3FD-44D5-9906-78F4F1D4B772}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{51051FD7-733B-4DBC-8A13-4B3DC084C7B9}" = dir=out | app=%programfiles% (x86)\ubisoft\related designs\anno 2070\anno5.exe | 
"{511ACF47-744E-4BD8-BBB6-400AF1CBDD92}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{51FCC137-FAB3-447D-ADAE-7DAEB4D41107}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"{5281A2DF-4D42-47E3-9963-6F390AAF2892}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{57C56966-DCAF-406A-8B2F-AEE77997C813}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe | 
"{59561606-3DE0-44DC-B097-85AF44DC7378}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | 
"{5BB88785-B95A-42E0-9B0E-A9FA54E2978F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{5D88EA32-AF0A-4748-BC60-258B6EBDEF88}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{608A2F2B-69FB-4A26-9DE2-1548AC8892AF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{65BAF7E9-14D7-4981-B950-05CE4ED8F65B}" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe | 
"{69C34B8B-68A6-48A1-9286-7136E4EE03BF}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | 
"{6A36D59D-00AD-4189-9BF6-E69DD2756393}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe | 
"{6A62B805-D77B-4A29-8568-73712627A7BB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{6E323A8C-B597-4783-B0B8-EBF3A9105679}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_ds.exe | 
"{6F0CABFF-6B6F-455E-836B-1B97AA9704F7}" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\warcraft iii.exe | 
"{6F79A243-0548-4FC7-ACE9-3F8C4828D1AE}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{7001B34E-EE37-443E-8EF3-5D9238FEFBE9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{71C3E774-E95D-4D6C-B2B0-5581DF02C686}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{72085606-5AC4-40F8-886B-E0CBA7E600CF}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"{737BC501-836D-4E00-B7CC-98777C439E8A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{7489BCE7-DE69-4C97-927B-04E512E667E6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe | 
"{758D6307-E7EA-4091-A2CA-325F383201BA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{7690004E-82EE-429C-A094-32832080A007}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{7A2DAF77-677D-44E5-838D-F178CD0E28A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{7A87F324-E2D1-4D18-8BC2-0BF9B187577B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | 
"{7B527D1B-5249-4372-8720-453826070E3C}" = dir=out | app=%userprofile%\downloads\minecraft.exe | 
"{7B6A9052-D995-4831-853E-EDC7200D5EF1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe | 
"{7C18C8A3-D650-4778-82F5-BEDEB03BA301}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{7D95DD49-0844-421D-BF67-62226CFB3938}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe | 
"{808E6C1F-3440-4E35-989E-46943717070A}" = protocol=17 | dir=in | app=c:\program files (x86)\a1\a1 ftp\a1ftp.exe | 
"{80A765F4-E958-4266-8CA1-42787736FBE2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe | 
"{83EF9FBB-18E9-4032-95D5-42D18AA99723}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{8547D95D-2BE3-4E96-9C13-732F600CDE34}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{895938D8-EE8B-48DD-8781-70E1766F2EFC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{89EF8479-1F28-47CB-97B7-AE3F91E4171C}" = dir=out | app=%programfiles% (x86)\ubisoft\related designs\anno 2070\autopatcher.exe | 
"{8A72A703-20AA-499E-B1D5-D0C885547151}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{8A749661-3BD6-46AF-8F47-BA5C9A9479B3}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{8CEB0AE4-A9ED-4E27-8B17-C501335BB2AC}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{8D452A99-E738-4973-80D2-C45096F7CA79}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | 
"{8FA6B544-C20F-4D51-9F21-4953EDEC1F3E}" = protocol=6 | dir=in | app=c:\program files (x86)\a1\a1 ftp\a1ftp.exe | 
"{907079C5-98E4-44F5-9066-82EB6E794C3D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{9258AC1D-8B7B-47C0-9677-D24E5EE08BE1}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{9321033F-651B-4903-8616-A6BAE972F46A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{939A95A8-1AA6-40AF-9A5E-8B26CED40506}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{9435D12B-9E0E-46B6-8112-B3E251E0CE08}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{9788B4FC-1F30-4735-B2F7-1FE5527EFFF5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{9849BEB6-3356-42C4-9245-723A83E8CB74}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_online.exe | 
"{996AA2AF-A154-44F8-B2B8-0B55191D02C8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe | 
"{9D049B3B-AD76-4946-8291-7EE798D74209}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe | 
"{9D18FF9E-FFD6-47BB-8849-026ABDF23752}" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\warcraft iii.exe | 
"{9F266FCE-FE11-488B-9933-8540AB748D29}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe | 
"{A2B32DCB-8B28-4BE1-9ABD-38769069EFFD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A2C37B80-E6C8-4342-94EA-8958746D897B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of mythology\aomx.exe | 
"{A2CBDB2C-08AE-4244-ABCD-D82ADFC31029}" = dir=out | app=%programfiles% (x86)\cockatrice\cockatrice.exe | 
"{A2F42E64-5129-4A89-B4DB-B02A70463DB7}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_ds.exe | 
"{A4C4995A-03BA-4DD3-A9E1-7D5694E7E02C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{A55ABEA7-8EC6-4A97-9651-2C10E61F6BF6}" = protocol=1 | dir=in | name=hlsw icmp | 
"{A5748B11-419C-4439-834B-ADDEEBDB2C74}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{A765AEFA-8D3B-4F69-9983-98C0E5D6AB01}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{AC94FB57-FF81-48C7-A045-7BF70F28EC96}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{AD6F2669-FF04-49EF-A730-F87B3BA2054F}" = dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.8\cnc3game.dat | 
"{AE91B846-06A9-4413-958A-03FFA3C7813C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{AFA986D3-3159-411C-AAF8-8F3D40488263}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | 
"{B75F0905-B371-4D71-AB57-426B7C2B9344}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{B7BB2140-0BBF-4444-A795-9F9BF199B13C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{B7CDA1F6-DBB4-4655-9E15-EED9E6B39C0E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | 
"{B80F3C07-DD0B-413D-89ED-27772196BC02}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{BB4D5B47-E9E6-4C27-94E4-9D3B6D55EC1F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{BBBC6906-3809-4387-BD9F-F4658C1C5080}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war of the roses\run_game.exe | 
"{BD0D13BC-275D-4186-8363-417A779A7529}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{BFA893A0-F90F-4E8B-9773-EA8FAC59A19E}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | 
"{C0F90E8B-32C2-44FE-8444-F9C952320547}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | 
"{C2C16D4A-6518-4FB4-8250-1B2162B12AB6}" = dir=in | app=c:\program files (x86)\namco bandai games\darksouls\darksouls.exe | 
"{C31EFB2D-A0F8-4DAD-8BF9-36CE19BD6A65}" = dir=in | app=c:\program files (x86)\common files\microsoft shared\xna\xnatrans\v3.0\xnatransx.exe | 
"{C4807F74-DB45-41E5-879F-C14BF32EBE42}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief_gold\thief.exe | 
"{C89771A5-0FDA-491D-A4DC-7D9D8EA91C47}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{CAFA2377-36C2-4F9B-B705-5FCE8FBC639E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{CCBD70B7-C60C-44A2-8032-372C1E0570BD}" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\frozen throne.exe | 
"{CECF9F3A-8055-471C-A5E4-8B8AD11DF89C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"{D086DC76-C56C-4860-B2B4-52F597579157}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{D19C78EE-41A9-4BCA-87C5-BAC70C4B87D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief deadly shadows\system\runme.exe | 
"{D1A9A835-C9C4-4410-88C5-8D67BF522EC3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3 alpha lite\arma3demo.exe | 
"{D2A7E216-86A2-4E96-8D19-C05FDFA1DB3D}" = dir=out | app=%userprofile%\desktop\techniclauncher.exe | 
"{D493D18D-41CD-4768-ADE8-368FE8A39B5A}" = dir=in | app=%programfiles% (x86)\cockatrice\cockatrice.exe | 
"{D7B22726-C65A-4E51-9660-237163B59AE9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{D7ECF31C-1BE5-42CE-A6D4-828435B57AC0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{D9DDC4DB-DBD5-4A14-8D73-9AE65D1B85A6}" = protocol=1 | dir=in | name=hlsw icmp | 
"{DE27461A-C01E-4A78-AFBE-CF14FBCE6E2C}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{DEBF5419-F3FA-4812-A865-C788E8437806}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{DF424F7F-F9AC-48BF-B87C-B4774EC1CD55}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{E037A23B-4483-4775-94E6-8BAA4958053C}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{E0D9F09D-EC2D-41B0-99E9-96C65F13056B}" = dir=in | app=%programfiles% (x86)\fox\aliens versus predator 2 - primal hunt\primalhunt.exe | 
"{E13579A6-B2F9-406D-B779-A48CFEC22EEC}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{E3129497-0A72-4A88-A9F2-CECD4B7D9D35}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_online.exe | 
"{E314487C-C2B9-483C-8284-C297F1A04437}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{E569F785-7F8E-4513-A4B8-5221835B186C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{E6425E2A-D2E0-4578-8263-D9D3BC5B35B4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E7597212-D847-4354-A0F0-D48396CBBC7C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{EC84C690-13B2-4199-AB10-7CF17D339D42}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{EDD0C9CF-CE79-4F83-8804-FA9564F0513A}" = dir=out | app=%programfiles% (x86)\fox\aliens versus predator 2 - primal hunt\avp2xserv.exe | 
"{EE85E2AE-4DF8-4170-8BCB-BF048FEC6333}" = dir=in | name=gatherer | 
"{F015BEF8-0032-45F1-865B-205C01A7F76A}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{F0D7ED3E-1962-4E5E-B94B-9B8558AA7A0B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war of the roses\run_game.exe | 
"{F277DF52-3CBF-43C5-8091-AB9C550BC328}" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\frozen throne.exe | 
"{F35303CA-17F6-4081-8B45-77384C46F3DD}" = dir=in | app=%programfiles% (x86)\fox\aliens versus predator 2 - primal hunt\avp2xserv.exe | 
"{F692B829-17B5-49FD-A917-3E38A8FB58A7}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{F70BA3C7-FFEF-4B40-8462-41FD6183AD61}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{F85F0872-EC4D-4E2D-A718-601C372D0E8B}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | 
"{F86AD522-C3E0-47A3-9B11-6942EED29AB1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F9A8CFD0-010D-4C29-A61A-1A0D32AD5B4C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe | 
"{FB0300D7-9AD2-4E5E-B95A-AD1F2F071A02}" = dir=in | app=%userprofile%\downloads\minecraft.exe | 
"{FFA2F17A-FF02-408D-AACC-52C76D2656EF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | 
"TCP Query User{188EE7CA-9C27-4B0C-890C-70B61CF714D4}C:\users\blawa\downloads\diablo-iii-8370-engb-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\blawa\downloads\diablo-iii-8370-engb-installer-downloader.exe | 
"TCP Query User{18B18ABA-0363-4384-8DC3-4A7DB2C5295D}C:\users\blawa\desktop\cryengine_pc_v3_4_0_3696_freesdk\bin64\launcher.exe" = protocol=6 | dir=in | app=c:\users\blawa\desktop\cryengine_pc_v3_4_0_3696_freesdk\bin64\launcher.exe | 
"TCP Query User{19EBC4CE-770D-43B1-BA34-B45FF20691D4}C:\users\blawa\appdata\local\temp\dsoclient\app.n3app" = protocol=6 | dir=in | app=c:\users\blawa\appdata\local\temp\dsoclient\app.n3app | 
"TCP Query User{1EC85CCF-5E02-4BD0-AAD8-E0ECF4FE7EA7}C:\program files (x86)\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\runes of magic\client.exe | 
"TCP Query User{27B29E8E-0D5B-40D6-80D3-5FCF7F0668B7}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
"TCP Query User{291A3186-8BDB-4E5D-943E-3FE87FA5590D}C:\users\blawa\downloads\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=6 | dir=in | app=c:\users\blawa\downloads\downloader_warcraft3_the_frozen_throne_dede.exe | 
"TCP Query User{2CC04FE1-AA74-4E41-90D9-F668AA9DE56F}C:\users\blawa\desktop\cryengine_pc_v3_4_0_3696_freesdk - kopie\bin32\launcher.exe" = protocol=6 | dir=in | app=c:\users\blawa\desktop\cryengine_pc_v3_4_0_3696_freesdk - kopie\bin32\launcher.exe | 
"TCP Query User{335A445B-54FC-46C5-A42F-325F482095C1}C:\users\blawa\desktop\cryengine_pc_v3_4_0_3696_freesdk\bin32\launcher.exe" = protocol=6 | dir=in | app=c:\users\blawa\desktop\cryengine_pc_v3_4_0_3696_freesdk\bin32\launcher.exe | 
"TCP Query User{3C4CFEA6-A269-4A94-A34F-78F7FBA77F27}C:\program files (x86)\baldur's gate enhanced edition\bgee.exe" = protocol=6 | dir=in | app=c:\program files (x86)\baldur's gate enhanced edition\bgee.exe | 
"TCP Query User{4AEB582F-4E0D-46DF-8CB1-665DD3A1B3A5}C:\program files (x86)\croteam\serious sam - the second encounter\bin\serioussam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\croteam\serious sam - the second encounter\bin\serioussam.exe | 
"TCP Query User{532A992A-42BF-45BE-B672-74B8C56D44E2}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"TCP Query User{57163DBE-3626-495D-9364-19C13E44BCDC}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{5B33AB27-5940-4C24-80B0-5E5E0B6C3D81}C:\bluebyte\siedler3\s3.exe" = protocol=6 | dir=in | app=c:\bluebyte\siedler3\s3.exe | 
"TCP Query User{6033224A-9285-478C-B69B-9FAB2CF15804}C:\program files (x86)\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hlsw\hlsw.exe | 
"TCP Query User{64717BFC-A99F-4C31-9E9E-62665E8C1BB9}C:\users\blawa\downloads\downloader_warcraft3_reign_of_chaos_dede.exe" = protocol=6 | dir=in | app=c:\users\blawa\downloads\downloader_warcraft3_reign_of_chaos_dede.exe | 
"TCP Query User{7D84BA23-B79A-4E53-AF98-50FC6CA7BE1B}C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe | 
"TCP Query User{80500AA1-4B00-4C8E-BF99-C0C2F15FC90D}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{8B6920E7-AEAC-45F1-9E1D-7A3FF1E6AB0B}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe | 
"TCP Query User{8E78605A-AD5E-4216-B39A-19DAE1FC3B17}C:\ut2004\system\ut2004.exe" = protocol=6 | dir=in | app=c:\ut2004\system\ut2004.exe | 
"TCP Query User{9390951A-91A2-4501-9E14-B3396090A08F}C:\program files (x86)\empire earth\emp.earth\ee\empire earth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\empire earth\emp.earth\ee\empire earth.exe | 
"TCP Query User{95FC3BD7-B19E-4B1E-94D1-A36C09DFBBB8}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | 
"TCP Query User{98C7D3E4-8556-4821-AD85-9253F8543508}C:\program files (x86)\activision\modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mp.exe | 
"TCP Query User{995B16DD-391C-4B52-8ABE-BB6B36E8CF2C}C:\users\blawa\appdata\local\play withsix\tools\mingw\bin\rsync.exe" = protocol=6 | dir=in | app=c:\users\blawa\appdata\local\play withsix\tools\mingw\bin\rsync.exe | 
"TCP Query User{A3F8731E-EFAB-4649-AE3D-B22896CBB0E8}C:\program files (x86)\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo ii\game.exe | 
"TCP Query User{B2B87C29-7D30-45DB-BFD7-7240F58A7535}C:\program files (x86)\namco bandai games\darksouls\data.exe" = protocol=6 | dir=in | app=c:\program files (x86)\namco bandai games\darksouls\data.exe | 
"TCP Query User{B300BD07-B6DA-45EE-A5F9-FE0D49E2E4D1}C:\quake iii arena\quake3\quake3.exe" = protocol=6 | dir=in | app=c:\quake iii arena\quake3\quake3.exe | 
"TCP Query User{B30B988A-2B02-4F61-ADFE-0D2A030895FD}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{B6D7F725-1E8C-459E-895E-057D4AEC3C0D}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"TCP Query User{B754B4F5-78A1-4A7E-8416-900AE923513D}C:\users\blawa\downloads\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\blawa\downloads\starcraft_2_eu_de-de.exe | 
"TCP Query User{BE187CFC-5575-433D-B84B-95234C7F99AE}C:\program files (x86)\sid meier's civilization v\civilizationv_dx11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sid meier's civilization v\civilizationv_dx11.exe | 
"TCP Query User{C0CB9731-08F9-4566-8E13-084D03E25826}C:\sierra\counter-strike\cstrike.exe" = protocol=6 | dir=in | app=c:\sierra\counter-strike\cstrike.exe | 
"TCP Query User{C12FFE99-5BD7-4E62-944C-5B9476EBED28}C:\program files (x86)\fox\aliens versus predator 2 - primal hunt\lithtech.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fox\aliens versus predator 2 - primal hunt\lithtech.exe | 
"TCP Query User{C15A4087-F8F6-4B84-B8D9-D0DD427BDD90}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"TCP Query User{C67D1A70-FB1E-486E-9F72-4328CD5B1BFC}C:\users\blawa\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\users\blawa\documents\arma 2\expansion\beta\arma2oa.exe | 
"TCP Query User{CD68E7E7-221A-471A-99A3-D9CB5FB4D1AE}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.12.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.12.game | 
"TCP Query User{D26BE6C1-74BF-49D9-8DCD-37C992DD533E}C:\program files (x86)\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty modern warfare 2\iw4mp.exe | 
"TCP Query User{DB52CD1C-FE86-45B4-B4C7-03C025AEB581}C:\users\blawa\desktop\cryengine_pc_v3_4_0_3696_freesdk\bin32\editor.exe" = protocol=6 | dir=in | app=c:\users\blawa\desktop\cryengine_pc_v3_4_0_3696_freesdk\bin32\editor.exe | 
"TCP Query User{DD812950-1241-4908-99C6-D83C914F5C65}C:\users\blawa\downloads\diablo-iii-8370-engb-installer-downloader(1).exe" = protocol=6 | dir=in | app=c:\users\blawa\downloads\diablo-iii-8370-engb-installer-downloader(1).exe | 
"TCP Query User{DF646F08-6958-4AA3-8C1B-2850628FEE0F}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{E23CF9B4-DAA8-4331-8D92-88FE48C2DBD1}C:\users\blawa\downloads\runes_of_magic_4_0_1_2430_eu_slim.exe" = protocol=6 | dir=in | app=c:\users\blawa\downloads\runes_of_magic_4_0_1_2430_eu_slim.exe | 
"TCP Query User{E55660BF-A107-4053-98A6-61380923F926}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"TCP Query User{E63E98A2-2972-43F6-826E-11EE517DE436}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe | 
"TCP Query User{E88CE1F3-4FED-4703-8CBD-5B371B309DE8}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{EAC77211-7D79-48CD-9251-9C6288B73F94}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{EE0C6C6E-D48A-4E97-B611-D850A95498E2}C:\users\blawa\downloads\downloader_diablo2_engb.exe" = protocol=6 | dir=in | app=c:\users\blawa\downloads\downloader_diablo2_engb.exe | 
"TCP Query User{F0D35877-DC82-4D8C-B8CA-96A7E048FDDA}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{FF7539BF-50CC-424A-AC53-3ADEA214936B}C:\program files (x86)\ea games\battlefield vietnam\bfvietnam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield vietnam\bfvietnam.exe | 
"UDP Query User{02BB3024-749E-4AA4-822F-8D4D72138826}C:\users\blawa\desktop\cryengine_pc_v3_4_0_3696_freesdk\bin32\editor.exe" = protocol=17 | dir=in | app=c:\users\blawa\desktop\cryengine_pc_v3_4_0_3696_freesdk\bin32\editor.exe | 
"UDP Query User{195BA500-B3C7-4A03-A491-AE54136DF44A}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{20B2DB8A-1F49-48A6-B39F-AF0F7DBDBC56}C:\users\blawa\desktop\cryengine_pc_v3_4_0_3696_freesdk - kopie\bin32\launcher.exe" = protocol=17 | dir=in | app=c:\users\blawa\desktop\cryengine_pc_v3_4_0_3696_freesdk - kopie\bin32\launcher.exe | 
"UDP Query User{25235967-0727-4E85-A22C-A9BA8CD43A12}C:\program files (x86)\empire earth\emp.earth\ee\empire earth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\empire earth\emp.earth\ee\empire earth.exe | 
"UDP Query User{2CD44A95-E39F-4963-B1F0-16FE06C3443F}C:\program files (x86)\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo ii\game.exe | 
"UDP Query User{2FD59DBA-869C-402C-A8A5-0F7449CD0949}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe | 
"UDP Query User{31975703-2610-43D0-BEC7-AE818E1BBA2C}C:\program files (x86)\activision\modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4mp.exe | 
"UDP Query User{4CD8CCBF-C2BC-402C-BAEB-42CB0FD1676B}C:\program files (x86)\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hlsw\hlsw.exe | 
"UDP Query User{4F108524-A1A4-4AF5-9CC6-0D77CEA0781E}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
"UDP Query User{52EC0A14-F38E-4134-B3A4-0937F0A4A25F}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | 
"UDP Query User{533F22E5-05DA-4522-9231-949C4C097EB2}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{58966F46-5F4D-4F68-9262-AE48C0AE374C}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"UDP Query User{5B28F7B0-0C23-417D-9F0E-74D2AEEA21BE}C:\bluebyte\siedler3\s3.exe" = protocol=17 | dir=in | app=c:\bluebyte\siedler3\s3.exe | 
"UDP Query User{5C6E858F-92AE-4485-934D-2FF2F967A57C}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"UDP Query User{62B5F559-3358-404E-9001-6F7B1DFA3A39}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe | 
"UDP Query User{631D7B99-4999-452C-A319-AF3D930A55FD}C:\program files (x86)\namco bandai games\darksouls\data.exe" = protocol=17 | dir=in | app=c:\program files (x86)\namco bandai games\darksouls\data.exe | 
"UDP Query User{67D5458E-5C4A-4EFE-AD55-B7B8DC37C918}C:\sierra\counter-strike\cstrike.exe" = protocol=17 | dir=in | app=c:\sierra\counter-strike\cstrike.exe | 
"UDP Query User{694D58D5-5A3A-4F83-AF5C-B0E423F19698}C:\users\blawa\downloads\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\blawa\downloads\starcraft_2_eu_de-de.exe | 
"UDP Query User{6E4243DA-D27E-4567-9702-DE815CD8BFD4}C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe | 
"UDP Query User{763DAACA-BB52-4176-A2AF-82E03AF20103}C:\program files (x86)\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\runes of magic\client.exe | 
"UDP Query User{76FAC1A7-3D64-446E-8B35-D3A0740C03AD}C:\program files (x86)\sid meier's civilization v\civilizationv_dx11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sid meier's civilization v\civilizationv_dx11.exe | 
"UDP Query User{7795041B-7F12-4C7C-9425-820E8CEABEFF}C:\users\blawa\downloads\downloader_diablo2_engb.exe" = protocol=17 | dir=in | app=c:\users\blawa\downloads\downloader_diablo2_engb.exe | 
"UDP Query User{89365058-3C77-4728-96FD-076D91534899}C:\program files (x86)\fox\aliens versus predator 2 - primal hunt\lithtech.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fox\aliens versus predator 2 - primal hunt\lithtech.exe | 
"UDP Query User{8E2F6CF9-BC27-45B3-8398-7F73B8B47630}C:\users\blawa\downloads\runes_of_magic_4_0_1_2430_eu_slim.exe" = protocol=17 | dir=in | app=c:\users\blawa\downloads\runes_of_magic_4_0_1_2430_eu_slim.exe | 
"UDP Query User{914DB0CF-575C-415E-90C0-6DECDCC0DD4A}C:\ut2004\system\ut2004.exe" = protocol=17 | dir=in | app=c:\ut2004\system\ut2004.exe | 
"UDP Query User{92512B88-A27B-490D-9E19-84739B4DE701}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{9706244D-902D-4212-811D-ECB29887F3E1}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{989A42DF-1667-44C6-895E-19A9C6DFAEA3}C:\program files (x86)\ea games\battlefield vietnam\bfvietnam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield vietnam\bfvietnam.exe | 
"UDP Query User{9BA4EB33-744F-42F2-AECB-B2854F608622}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"UDP Query User{9C06720A-774A-48D5-B2BE-EF6B10EB0908}C:\users\blawa\downloads\diablo-iii-8370-engb-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\blawa\downloads\diablo-iii-8370-engb-installer-downloader.exe | 
"UDP Query User{A15E3248-D135-4BD1-9FC4-15FF0799328B}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{A2E9786A-F527-439E-901A-30ECF25F54B3}C:\users\blawa\downloads\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=17 | dir=in | app=c:\users\blawa\downloads\downloader_warcraft3_the_frozen_throne_dede.exe | 
"UDP Query User{A678EC7A-F40D-48BE-A31E-045CEAEF004D}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{B01ECDE3-E081-4884-A141-2A68BBB11247}C:\users\blawa\desktop\cryengine_pc_v3_4_0_3696_freesdk\bin64\launcher.exe" = protocol=17 | dir=in | app=c:\users\blawa\desktop\cryengine_pc_v3_4_0_3696_freesdk\bin64\launcher.exe | 
"UDP Query User{B350B0BB-E447-4BC8-92FB-04B56836F7AA}C:\users\blawa\downloads\downloader_warcraft3_reign_of_chaos_dede.exe" = protocol=17 | dir=in | app=c:\users\blawa\downloads\downloader_warcraft3_reign_of_chaos_dede.exe | 
"UDP Query User{B863E915-691D-490F-8BAA-6F060113EC67}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.12.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.12.game | 
"UDP Query User{B9304D34-1996-44BF-B745-C3324BFFEB4C}C:\users\blawa\appdata\local\temp\dsoclient\app.n3app" = protocol=17 | dir=in | app=c:\users\blawa\appdata\local\temp\dsoclient\app.n3app | 
"UDP Query User{B95B3410-3639-43FB-842C-EFC0D8C5E07E}C:\users\blawa\downloads\diablo-iii-8370-engb-installer-downloader(1).exe" = protocol=17 | dir=in | app=c:\users\blawa\downloads\diablo-iii-8370-engb-installer-downloader(1).exe | 
"UDP Query User{C0571423-C1FE-42CD-B855-93C9584D0849}C:\program files (x86)\croteam\serious sam - the second encounter\bin\serioussam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\croteam\serious sam - the second encounter\bin\serioussam.exe | 
"UDP Query User{D59CE951-F36A-451E-923C-A68D87BD1B97}C:\program files (x86)\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty modern warfare 2\iw4mp.exe | 
"UDP Query User{DBCCB032-CE1A-441E-A527-8E242E4963C6}C:\program files (x86)\baldur's gate enhanced edition\bgee.exe" = protocol=17 | dir=in | app=c:\program files (x86)\baldur's gate enhanced edition\bgee.exe | 
"UDP Query User{E3CF4CAA-77E3-4CC7-AE0C-6836ABAFF9D1}C:\users\blawa\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\users\blawa\documents\arma 2\expansion\beta\arma2oa.exe | 
"UDP Query User{EB5E8B36-4427-4D25-83B9-4FD8049A5C12}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{F2808655-FBF7-4081-8060-C65836001960}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{F54A2888-8EA4-4C55-9508-7FF9886C814C}C:\users\blawa\appdata\local\play withsix\tools\mingw\bin\rsync.exe" = protocol=17 | dir=in | app=c:\users\blawa\appdata\local\play withsix\tools\mingw\bin\rsync.exe | 
"UDP Query User{FB057F53-47A2-4A14-8CFE-F3A1E24F28A2}C:\quake iii arena\quake3\quake3.exe" = protocol=17 | dir=in | app=c:\quake iii arena\quake3\quake3.exe | 
"UDP Query User{FED6EC8A-F265-4608-9C29-30F2D224BA1F}C:\users\blawa\desktop\cryengine_pc_v3_4_0_3696_freesdk\bin32\launcher.exe" = protocol=17 | dir=in | app=c:\users\blawa\desktop\cryengine_pc_v3_4_0_3696_freesdk\bin32\launcher.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = AlienAutopsy
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0D432429-C79C-462D-ABD8-4D82B83A954B}" = Microsoft SQL Server System CLR Types (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{12FE6AA6-65D2-40EE-B925-62193128A0E6}" = Microsoft SQL Server 2008 Native Client
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2A6823CE-23A8-35B3-8342-162A973CDD5B}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{470DA0AE-96BF-4F9C-888C-360DEF2DE71E}" = Autodesk DirectConnect 2010 R1 (64-bit)
"{47374ACF-9023-40e7-9830-ECED0DCBC3DC}" = Autodesk Maya 2011 English Documentation 64-bit
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{5ADA62BD-2FC0-4ECE-93AA-C933E69B2AB5}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{688758A2-8520-4470-8FA6-765BAC86FC53}" = Broadcom Management Programs
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++  Compilers 2010 Standard - enu - x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8476A22A-405F-3DCB-96CA-D98C6418C89B}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - DEU
"{887CB4A1-5DB4-4924-A2C6-CDCB72376CC7}" = Autodesk Maya 2011 64-bit
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{B9E62002-BD74-30EC-9049-93E0E003C736}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D2D22BEE-B7F1-49D0-9ED6-86D0B2CEDFAD}" = TortoiseSVN 1.7.6.22632 (64 bit)
"{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{D8125A39-ADEE-4187-B04D-DB6CF489AF61}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DB87B1A6-8A3B-4F3D-9E83-CE0FD88DCDA9}" = Command Center
"{DBF6B4E9-CD43-476A-895D-4D688D41CE63}" = Composite 2011 (64-bit)
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DDE113EA-5DB0-4F68-BB58-5F67DD2308B4}" = Autodesk MatchMover 2011 64-bit
"{E1C1D175-C23E-38F4-9AC1-ABE5167022CF}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"AlienAutopsy" = AlienAutopsy
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.4
"Matlab R2011b" = MATLAB R2011b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools
"{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components)
"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = AlienRespawn
"{103A5E44-DD5B-46D5-AD1E-9DF2260CA023}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Projekt
"{103B6835-DCA0-413F-A99E-ECAD6622726E}" = Aliens versus Predator 2: Primal Hunt
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster für Battlefield 1942
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++  Compilers 2010 Standard - enu - x86
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite Closed Beta
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2011.0.0
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}" = Aliens vs. Predator 2
"{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4135C790-0387-36D7-9C2A-1B09A5900460}" = Microsoft Visual Studio 2010 Ultimate - DEU
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{42DCB650-F003-4535-A5CD-32AD815CD2DD}" = Play withSIX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E4D0FA1-6B85-4824-88FC-051000018201}" = Dark Souls Prepare to Die Edition
"{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}" = Serious Sam: The Second Encounter
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{628C3D50-F524-4C49-A958-672CE7953756}" = The Lord of the Rings - Conquest™
"{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}" = Die Siedler 7
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists)
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6B7FB3C4-E71B-478D-9E15-5AE97EAD67B8}" = A1 FTP
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry)
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E1FEE27-F869-4D4B-8AA3-64C7FD99BD7C}_is1" = SlimPDF Reader 1.0
"{7EE9145D-C430-44E6-B5ED-61FF9C332100}_is1" = Battle of the Immortals
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{803910CC-3A39-45E3-A594-0D5512A60A86}" = Microsoft Silverlight 4 SDK - Deutsch
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio)
"{919E5477-D20B-4F64-AE8B-8199469F7817}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed III 1.01
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = AlienRespawn - Support Software
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B001BC87-1A45-3656-AD07-213ED52F13E2}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{BB1E119E-CF4B-4183-910E-A8C2B379F2C6}" = Microsoft SQL Server 2008 R2 Transact-SQL-Sprachdienst
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C27FE0CD-51B3-4D2B-A0BD-EF87561429CB}" = Kodu Game Lab
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D07643A3-CE41-4286-8C78-EB9C83E76DDB}" = PunkBuster für Battlefield Vietnam
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DAA18A0D-A57C-4611-B135-46EA06990E7D}" = XSplit
"{DDEC4DE4-F0E5-410F-AD49-3D34EF97629B}" = Path of Exile
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = WORLD IN CONFLICT
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"A1 FTP" = A1 FTP
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold
"ATMA V" = ATMA V 5.05
"Audacity_is1" = Audacity 2.0
"AutoItv3" = AutoIt v3.3.8.1
"Baldur's Gate Enhanced Edition" = Baldur's Gate Enhanced Edition
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Cockatrice" = Cockatrice
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Dia" = Dia (nur entfernen)
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"Diablo III Public Test" = Diablo III Public Test
"DivX Setup" = DivX Setup
"ESET Online Scanner" = ESET Online Scanner v3
"ESN Sonar-0.70.4" = ESN Sonar
"FileZilla Client" = FileZilla Client 3.5.1
"FMOD Designer" = FMOD Designer
"FMOD Programmers API Windows" = FMOD Programmers API Windows
"Fraps" = Fraps (remove only)
"GameSpy Arcade" = GameSpy Arcade
"GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition
"Git_is1" = Git version 1.7.11-preview20120710
"Guard.Mail.ru" = Guard.ICQ
"Half-Life: Counter-Strike" = Half-Life: Counter-Strike
"HandBrake" = HandBrake 0.9.8
"HLSW_is1" = HLSW v1.4.0.2
"hon" = Heroes of Newerth
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{DB87B1A6-8A3B-4F3D-9E83-CE0FD88DCDA9}" = Command Center
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"LAME_is1" = LAME v3.99.3 (for Windows)
"Magic Workstation_is1" = Magic Workstation 0.94f
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Ultimate - DEU" = Microsoft Visual Studio 2010 Ultimate - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MTG GamePack for Magic Workstation_is1" = MTG GamePack for Magic Workstation
"NirSoft WebVideoCap" = NirSoft WebVideoCap
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"Postal 2_is1" = Portal 2
"PunkBusterSvc" = PunkBuster Services
"S3" = Die Siedler III Gold Edition
"ST6UNST #1" = Hero Editor V1.04
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"Steam App 200710" = Torchlight II
"Steam App 211600" = Thief Gold
"Steam App 211740" = Thief 2
"Steam App 219540" = ARMA 2: Operation Arrowhead Beta
"Steam App 224580" = Arma 2: DayZ Mod
"Steam App 228800" = Arma 3 Alpha Lite
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 400" = Portal
"Steam App 42160" = War of the Roses
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 550" = Left 4 Dead 2
"Steam App 570" = Dota 2
"Steam App 6980" = Thief: Deadly Shadows
"toolplugin" = toolplugin
"UltraISO_is1" = UltraISO Premium V9.53
"Uplay" = Uplay
"UT2004" = Unreal Tournament 2004
"uTorrent" = µTorrent
"uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar
"VLC media player" = VLC media player 2.0.5
"Warcraft III" = Warcraft III
"Worms Reloaded_is1" = Worms Reloaded
"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2209728477-714789964-3075794624-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Amazon Kindle" = Amazon Kindle
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.05.2013 11:05:31 | Computer Name = blawa-PC | Source = PC-Doctor | ID = 1
Description = (6712) Asapi: (17:05:31:9760)(6712) engine.EngineLink - Error -- 81
 Invalid connection to client 
 
Error - 01.05.2013 21:19:29 | Computer Name = blawa-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
 in Zeile 2.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 01.05.2013 21:21:02 | Computer Name = blawa-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\Composite
 2011\python\lib\distutils\command\wininst-8_d.exe".  Die abhängige Assemblierung 
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 02.05.2013 11:02:11 | Computer Name = blawa-PC | Source = PC-Doctor | ID = 1
Description = (10552) Asapi: (17:02:11:3550)(10552) libCommon.System.Windows - Error
 -- 629 readFromPipeTimed(3252) timed out after 120000 totalBytes: 0 
 
Error - 02.05.2013 11:02:11 | Computer Name = blawa-PC | Source = PC-Doctor | ID = 1
Description = (10552) Asapi: (17:02:11:3750)(10552) libCommon.System.Windows - Error
 -- 720 execAndGetPipeData(./pcdrsysinfostorage.p5x) readFromPipeTimed failed, killing:
 2240 
 
Error - 02.05.2013 11:03:10 | Computer Name = blawa-PC | Source = PC-Doctor | ID = 1
Description = (10552) Asapi: (17:03:10:9450)(10552) ASAPI-Global - Fatal -- 265 
Getting enumeration info TIMED OUT! 
 
Error - 02.05.2013 11:05:31 | Computer Name = blawa-PC | Source = PC-Doctor | ID = 1
Description = (10552) Asapi: (17:05:31:8050)(10552) Matrix.ModuleImp - Error -- 
52 Unable to get information from module due to failed exec. 
 
Error - 02.05.2013 11:05:31 | Computer Name = blawa-PC | Source = PC-Doctor | ID = 1
Description = (10552) Asapi: (17:05:31:8050)(10552) enumerator - Error -- 118 pcdrsysinfostorage:
 Module timed out after 320600 milliseconds and was terminated 
 
Error - 02.05.2013 11:05:32 | Computer Name = blawa-PC | Source = PC-Doctor | ID = 1
Description = (10552) Asapi: (17:05:32:8650)(10552) engine.EngineLink - Error --
 81 Invalid connection to client 
 
Error - 02.05.2013 11:05:32 | Computer Name = blawa-PC | Source = PC-Doctor | ID = 1
Description = (10552) Asapi: (17:05:32:9850)(10552) engine.EngineLink - Error --
 81 Invalid connection to client 
 
[ System Events ]
Error - 02.05.2013 11:33:36 | Computer Name = blawa-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
 
Error - 02.05.2013 11:33:36 | Computer Name = blawa-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
 
Error - 02.05.2013 11:33:36 | Computer Name = blawa-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
 
Error - 02.05.2013 11:33:36 | Computer Name = blawa-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
 
Error - 02.05.2013 11:33:36 | Computer Name = blawa-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
 
Error - 02.05.2013 11:33:36 | Computer Name = blawa-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
 
Error - 02.05.2013 11:33:36 | Computer Name = blawa-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
 
Error - 02.05.2013 11:33:36 | Computer Name = blawa-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
 
Error - 02.05.2013 11:33:36 | Computer Name = blawa-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
 
Error - 02.05.2013 11:33:36 | Computer Name = blawa-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
 
 
< End of report >

cosinus · 03.05.2013, 14:35

Rootkitscan mit GMER

Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

blawa · 03.05.2013, 15:14

Hallo,
hier der MBAR Log

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
blawa :: BLAWA-PC [administrator]

03.05.2013 16:13:24
mbar-log-2013-05-03 (16-13-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 33001
Time elapsed: 10 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

cosinus · 03.05.2013, 23:08

Was ist mit dem anderen Log?
MBAR hat nichts gefunden?

blawa · 03.05.2013, 23:49

Ups sry,

hier der 2te Log:

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-03 15:56:56
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Intel___ rev.1.0. 1397,27GB
Running: skclivkx.exe; Driver: C:\Users\blawa\AppData\Local\Temp\ugloqpob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                     fffff800037a9000 45 bytes [00, 00, 4E, 00, 4E, 74, 66, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607                                                                     fffff800037a902f 29 bytes [00, 01, 00, 06, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            0000000077e41465 2 bytes [E4, 77]
.text     C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                           0000000077e414bb 2 bytes [E4, 77]
.text     ...                                                                                                                                    * 2
.text     C:\Program Files (x86)\AlienRespawn\sftservice.EXE[2220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                       0000000077e41465 2 bytes [E4, 77]
.text     C:\Program Files (x86)\AlienRespawn\sftservice.EXE[2220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      0000000077e414bb 2 bytes [E4, 77]
.text     ...                                                                                                                                    * 2
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69              0000000077e41465 2 bytes [E4, 77]
.text     C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155             0000000077e414bb 2 bytes [E4, 77]
.text     ...                                                                                                                                    * 2
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69           0000000077e41465 2 bytes [E4, 77]
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          0000000077e414bb 2 bytes [E4, 77]
.text     ...                                                                                                                                    * 2
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   0000000077e41465 2 bytes [E4, 77]
.text     C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  0000000077e414bb 2 bytes [E4, 77]
.text     ...                                                                                                                                    * 2
.text     C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                       0000000077e41465 2 bytes [E4, 77]
.text     C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      0000000077e414bb 2 bytes [E4, 77]
.text     ...                                                                                                                                    * 2
.text     C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe[6456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000077e41465 2 bytes [E4, 77]
.text     C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe[6456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000077e414bb 2 bytes [E4, 77]
.text     ...                                                                                                                                    * 2

---- Threads - GMER 2.1 ----

Thread    C:\Windows\System32\spoolsv.exe [1876:5124]                                                                                            000007feeef910c8
Thread    C:\Windows\System32\spoolsv.exe [1876:5296]                                                                                            000007feeedf6144
Thread    C:\Windows\System32\spoolsv.exe [1876:3376]                                                                                            000007feef435fd0
Thread    C:\Windows\System32\spoolsv.exe [1876:3344]                                                                                            000007feeef53438
Thread    C:\Windows\System32\spoolsv.exe [1876:3380]                                                                                            000007feef4363ec
Thread    C:\Windows\System32\spoolsv.exe [1876:4460]                                                                                            000007feef405e5c
Thread    C:\Windows\System32\spoolsv.exe [1876:2728]                                                                                            000007feef5d5074

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38babad4                                                            
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38babad4 (not active ControlSet)                                        

---- EOF - GMER 2.1 ----

cosinus · 03.05.2013, 23:50

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

blawa · 04.05.2013, 01:42

So,

asw ist abgestürtzt, habe es dann mit none verwendet:

Code:

ATTFilter

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-04 02:36:26
-----------------------------
02:36:26.779    OS Version: Windows x64 6.1.7601 Service Pack 1
02:36:26.779    Number of processors: 8 586 0x1A05
02:36:26.780    ComputerName: BLAWA-PC  UserName: blawa
02:36:28.161    Initialize success
02:36:35.348    AVAST engine defs: 13050301
02:36:43.000    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
02:36:43.001    Disk 0 Vendor: Intel___ 1.0. Size: 1430805MB BusType: 8
02:36:43.153    Disk 0 MBR read successfully
02:36:43.154    Disk 0 MBR scan
02:36:43.195    Disk 0 Windows 7 default MBR code
02:36:43.199    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0      149 MB offset 63
02:36:43.202    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS         9966 MB offset 307200
02:36:43.206    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS      1420688 MB offset 20717568
02:36:43.233    Disk 0 scanning C:\Windows\system32\drivers
02:36:58.828    Service scanning
02:37:23.451    Modules scanning
02:37:23.456    Disk 0 trace - called modules:
02:37:23.469    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
02:37:23.472    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800722a790]
02:37:23.475    3 CLASSPNP.SYS[fffff8800127343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8006f42050]
02:37:23.477    Scan finished successfully
02:38:59.899    Disk 0 MBR has been saved successfully to "C:\Users\blawa\Desktop\MBR.dat"
02:38:59.901    The log file has been saved successfully to "C:\Users\blawa\Desktop\aswMBR.txt"

TDSS:

Code:

ATTFilter

02:39:13.0125 7992  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
02:39:13.0389 7992  ============================================================
02:39:13.0389 7992  Current date / time: 2013/05/04 02:39:13.0389
02:39:13.0389 7992  SystemInfo:
02:39:13.0389 7992  
02:39:13.0389 7992  OS Version: 6.1.7601 ServicePack: 1.0
02:39:13.0389 7992  Product type: Workstation
02:39:13.0389 7992  ComputerName: BLAWA-PC
02:39:13.0389 7992  UserName: blawa
02:39:13.0389 7992  Windows directory: C:\Windows
02:39:13.0389 7992  System windows directory: C:\Windows
02:39:13.0389 7992  Running under WOW64
02:39:13.0389 7992  Processor architecture: Intel x64
02:39:13.0389 7992  Number of processors: 8
02:39:13.0389 7992  Page size: 0x1000
02:39:13.0389 7992  Boot type: Normal boot
02:39:13.0389 7992  ============================================================
02:39:13.0995 7992  Drive \Device\Harddisk0\DR0 - Size: 0x15D51500000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C882, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:39:14.0000 7992  ============================================================
02:39:14.0000 7992  \Device\Harddisk0\DR0:
02:39:14.0000 7992  MBR partitions:
02:39:14.0000 7992  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4B000, BlocksNum 0x1377000
02:39:14.0000 7992  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13C2000, BlocksNum 0xAD6C8000
02:39:14.0000 7992  ============================================================
02:39:14.0057 7992  C: <-> \Device\Harddisk0\DR0\Partition2
02:39:14.0057 7992  ============================================================
02:39:14.0057 7992  Initialize success
02:39:14.0057 7992  ============================================================
02:39:32.0305 9500  ============================================================
02:39:32.0305 9500  Scan started
02:39:32.0305 9500  Mode: Manual; SigCheck; TDLFS; 
02:39:32.0305 9500  ============================================================
02:39:32.0471 9500  ================ Scan system memory ========================
02:39:32.0471 9500  System memory - ok
02:39:32.0472 9500  ================ Scan services =============================
02:39:32.0564 9500  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
02:39:32.0675 9500  1394ohci - ok
02:39:32.0692 9500  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
02:39:32.0703 9500  ACPI - ok
02:39:32.0718 9500  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
02:39:32.0833 9500  AcpiPmi - ok
02:39:32.0950 9500  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
02:39:32.0958 9500  AdobeARMservice - ok
02:39:33.0064 9500  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
02:39:33.0074 9500  AdobeFlashPlayerUpdateSvc - ok
02:39:33.0108 9500  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
02:39:33.0119 9500  adp94xx - ok
02:39:33.0124 9500  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
02:39:33.0134 9500  adpahci - ok
02:39:33.0157 9500  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
02:39:33.0165 9500  adpu320 - ok
02:39:33.0189 9500  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
02:39:33.0343 9500  AeLookupSvc - ok
02:39:33.0399 9500  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
02:39:33.0446 9500  AFD - ok
02:39:33.0469 9500  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
02:39:33.0476 9500  agp440 - ok
02:39:33.0503 9500  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
02:39:33.0552 9500  ALG - ok
02:39:33.0650 9500  [ 4F87355217BE7E04CC698E27677BF3AF ] AlienFusionService C:\Program Files\Alienware\Command Center\AlienFusionService.exe
02:39:33.0656 9500  AlienFusionService - ok
02:39:33.0665 9500  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
02:39:33.0671 9500  aliide - ok
02:39:33.0679 9500  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
02:39:33.0686 9500  amdide - ok
02:39:33.0711 9500  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
02:39:33.0719 9500  AmdK8 - ok
02:39:33.0733 9500  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
02:39:33.0754 9500  AmdPPM - ok
02:39:33.0791 9500  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
02:39:33.0798 9500  amdsata - ok
02:39:33.0815 9500  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
02:39:33.0824 9500  amdsbs - ok
02:39:33.0844 9500  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
02:39:33.0851 9500  amdxata - ok
02:39:33.0867 9500  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
02:39:33.0991 9500  AppID - ok
02:39:34.0004 9500  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
02:39:34.0038 9500  AppIDSvc - ok
02:39:34.0082 9500  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
02:39:34.0113 9500  Appinfo - ok
02:39:34.0125 9500  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
02:39:34.0133 9500  arc - ok
02:39:34.0135 9500  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
02:39:34.0143 9500  arcsas - ok
02:39:34.0225 9500  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
02:39:34.0247 9500  aspnet_state - ok
02:39:34.0275 9500  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
02:39:34.0313 9500  AsyncMac - ok
02:39:34.0355 9500  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
02:39:34.0362 9500  atapi - ok
02:39:34.0420 9500  [ 195786ED7A26E1913A4F9799FDBC2C71 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
02:39:34.0476 9500  athr - ok
02:39:34.0504 9500  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
02:39:34.0546 9500  AudioEndpointBuilder - ok
02:39:34.0550 9500  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
02:39:34.0573 9500  AudioSrv - ok
02:39:34.0605 9500  [ 7F95BAB2FB176061B8B7F2DDE003E7D3 ] AWOPFilterDriver C:\Windows\system32\drivers\AWOPFilterDriver.sys
02:39:34.0620 9500  AWOPFilterDriver - ok
02:39:34.0667 9500  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
02:39:34.0752 9500  AxInstSV - ok
02:39:34.0796 9500  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
02:39:34.0850 9500  b06bdrv - ok
02:39:34.0872 9500  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
02:39:34.0889 9500  b57nd60a - ok
02:39:34.0929 9500  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
02:39:34.0965 9500  BDESVC - ok
02:39:34.0967 9500  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
02:39:35.0002 9500  Beep - ok
02:39:35.0071 9500  [ 06C1E887BF34C0E31EB8E2C999E4842F ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
02:39:35.0085 9500  BEService ( UnsignedFile.Multi.Generic ) - warning
02:39:35.0085 9500  BEService - detected UnsignedFile.Multi.Generic (1)
02:39:35.0177 9500  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
02:39:35.0221 9500  BFE - ok
02:39:35.0262 9500  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
02:39:35.0304 9500  BITS - ok
02:39:35.0318 9500  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
02:39:35.0326 9500  blbdrive - ok
02:39:35.0343 9500  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
02:39:35.0379 9500  bowser - ok
02:39:35.0415 9500  [ CD6D4B6583F56F03F9C6971CFF159314 ] BPowMon         C:\Program Files\Broadcom\BPowMon\BPowMon.exe
02:39:35.0422 9500  BPowMon - ok
02:39:35.0439 9500  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
02:39:35.0461 9500  BrFiltLo - ok
02:39:35.0478 9500  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
02:39:35.0506 9500  BrFiltUp - ok
02:39:35.0520 9500  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
02:39:35.0567 9500  BridgeMP - ok
02:39:35.0597 9500  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
02:39:35.0634 9500  Browser - ok
02:39:35.0648 9500  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
02:39:35.0696 9500  Brserid - ok
02:39:35.0702 9500  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
02:39:35.0723 9500  BrSerWdm - ok
02:39:35.0758 9500  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
02:39:35.0788 9500  BrUsbMdm - ok
02:39:35.0809 9500  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
02:39:35.0821 9500  BrUsbSer - ok
02:39:35.0881 9500  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
02:39:35.0931 9500  BthEnum - ok
02:39:35.0946 9500  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
02:39:35.0956 9500  BTHMODEM - ok
02:39:35.0986 9500  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
02:39:36.0012 9500  BthPan - ok
02:39:36.0054 9500  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
02:39:36.0099 9500  BTHPORT - ok
02:39:36.0133 9500  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
02:39:36.0155 9500  bthserv - ok
02:39:36.0183 9500  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
02:39:36.0194 9500  BTHUSB - ok
02:39:36.0206 9500  [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
02:39:36.0212 9500  btwaudio - ok
02:39:36.0222 9500  [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
02:39:36.0228 9500  btwavdt - ok
02:39:36.0276 9500  [ D65AA164ACD0F6706DBCFBBCC9731584 ] btwdins         c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
02:39:36.0291 9500  btwdins - ok
02:39:36.0301 9500  [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
02:39:36.0305 9500  btwl2cap - ok
02:39:36.0323 9500  [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
02:39:36.0328 9500  btwrchid - ok
02:39:36.0362 9500  catchme - ok
02:39:36.0385 9500  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
02:39:36.0448 9500  cdfs - ok
02:39:36.0483 9500  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
02:39:36.0492 9500  cdrom - ok
02:39:36.0515 9500  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
02:39:36.0573 9500  CertPropSvc - ok
02:39:36.0584 9500  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
02:39:36.0604 9500  circlass - ok
02:39:36.0630 9500  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
02:39:36.0640 9500  CLFS - ok
02:39:36.0683 9500  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:39:36.0691 9500  clr_optimization_v2.0.50727_32 - ok
02:39:36.0729 9500  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:39:36.0737 9500  clr_optimization_v2.0.50727_64 - ok
02:39:36.0800 9500  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:39:36.0852 9500  clr_optimization_v4.0.30319_32 - ok
02:39:36.0872 9500  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:39:36.0880 9500  clr_optimization_v4.0.30319_64 - ok
02:39:36.0903 9500  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
02:39:36.0911 9500  CmBatt - ok
02:39:36.0913 9500  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
02:39:36.0920 9500  cmdide - ok
02:39:36.0974 9500  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
02:39:36.0990 9500  CNG - ok
02:39:37.0007 9500  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
02:39:37.0014 9500  Compbatt - ok
02:39:37.0046 9500  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
02:39:37.0075 9500  CompositeBus - ok
02:39:37.0096 9500  COMSysApp - ok
02:39:37.0109 9500  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
02:39:37.0116 9500  crcdisk - ok
02:39:37.0151 9500  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
02:39:37.0203 9500  CryptSvc - ok
02:39:37.0235 9500  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
02:39:37.0275 9500  DcomLaunch - ok
02:39:37.0310 9500  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
02:39:37.0333 9500  defragsvc - ok
02:39:37.0339 9500  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
02:39:37.0372 9500  DfsC - ok
02:39:37.0402 9500  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
02:39:37.0461 9500  Dhcp - ok
02:39:37.0477 9500  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
02:39:37.0536 9500  discache - ok
02:39:37.0550 9500  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
02:39:37.0557 9500  Disk - ok
02:39:37.0583 9500  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
02:39:37.0627 9500  Dnscache - ok
02:39:37.0644 9500  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
02:39:37.0683 9500  dot3svc - ok
02:39:37.0699 9500  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
02:39:37.0734 9500  DPS - ok
02:39:37.0767 9500  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
02:39:37.0798 9500  drmkaud - ok
02:39:37.0850 9500  [ FB9BEF3401EE5ECC2603311B9C64F44A ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
02:39:37.0858 9500  dtsoftbus01 - ok
02:39:37.0873 9500  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
02:39:37.0889 9500  DXGKrnl - ok
02:39:37.0898 9500  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
02:39:37.0938 9500  EapHost - ok
02:39:37.0986 9500  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
02:39:38.0070 9500  ebdrv - ok
02:39:38.0111 9500  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
02:39:38.0153 9500  EFS - ok
02:39:38.0200 9500  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
02:39:38.0276 9500  ehRecvr - ok
02:39:38.0293 9500  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
02:39:38.0326 9500  ehSched - ok
02:39:38.0365 9500  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
02:39:38.0376 9500  elxstor - ok
02:39:38.0382 9500  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
02:39:38.0401 9500  ErrDev - ok
02:39:38.0429 9500  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
02:39:38.0453 9500  EventSystem - ok
02:39:38.0495 9500  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
02:39:38.0517 9500  exfat - ok
02:39:38.0521 9500  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
02:39:38.0550 9500  fastfat - ok
02:39:38.0573 9500  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
02:39:38.0627 9500  Fax - ok
02:39:38.0654 9500  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
02:39:38.0671 9500  fdc - ok
02:39:38.0690 9500  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
02:39:38.0713 9500  fdPHost - ok
02:39:38.0730 9500  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
02:39:38.0772 9500  FDResPub - ok
02:39:38.0792 9500  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
02:39:38.0799 9500  FileInfo - ok
02:39:38.0805 9500  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
02:39:38.0845 9500  Filetrace - ok
02:39:38.0897 9500  [ 8669BE94F63944E4F899C3950B520241 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
02:39:38.0911 9500  FLEXnet Licensing Service - ok
02:39:38.0960 9500  [ A4297244D4F817278A6AE45B1899CA9C ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
02:39:38.0982 9500  FLEXnet Licensing Service 64 - ok
02:39:38.0996 9500  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
02:39:39.0004 9500  flpydisk - ok
02:39:39.0029 9500  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
02:39:39.0038 9500  FltMgr - ok
02:39:39.0095 9500  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
02:39:39.0151 9500  FontCache - ok
02:39:39.0194 9500  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:39:39.0201 9500  FontCache3.0.0.0 - ok
02:39:39.0213 9500  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
02:39:39.0220 9500  FsDepends - ok
02:39:39.0252 9500  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
02:39:39.0259 9500  Fs_Rec - ok
02:39:39.0289 9500  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
02:39:39.0301 9500  fvevol - ok
02:39:39.0319 9500  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
02:39:39.0326 9500  gagp30kx - ok
02:39:39.0363 9500  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
02:39:39.0403 9500  gpsvc - ok
02:39:39.0466 9500  [ E859CA020ED61899F3C74A8D0032D05C ] Guard.Mail.ru   C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
02:39:39.0484 9500  Guard.Mail.ru - ok
02:39:39.0495 9500  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
02:39:39.0542 9500  hcw85cir - ok
02:39:39.0562 9500  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
02:39:39.0571 9500  HDAudBus - ok
02:39:39.0582 9500  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
02:39:39.0590 9500  HidBatt - ok
02:39:39.0603 9500  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
02:39:39.0622 9500  HidBth - ok
02:39:39.0638 9500  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
02:39:39.0647 9500  HidIr - ok
02:39:39.0666 9500  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
02:39:39.0687 9500  hidserv - ok
02:39:39.0699 9500  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
02:39:39.0706 9500  HidUsb - ok
02:39:39.0771 9500  [ 1256F6834307B38594CEB034BAF52568 ] HiPatchService  C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
02:39:39.0775 9500  HiPatchService ( UnsignedFile.Multi.Generic ) - warning
02:39:39.0775 9500  HiPatchService - detected UnsignedFile.Multi.Generic (1)
02:39:39.0782 9500  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
02:39:39.0818 9500  hkmsvc - ok
02:39:39.0855 9500  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
02:39:39.0902 9500  HomeGroupListener - ok
02:39:39.0929 9500  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
02:39:39.0954 9500  HomeGroupProvider - ok
02:39:39.0968 9500  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
02:39:39.0975 9500  HpSAMD - ok
02:39:40.0013 9500  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
02:39:40.0055 9500  HTTP - ok
02:39:40.0062 9500  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
02:39:40.0068 9500  hwpolicy - ok
02:39:40.0085 9500  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
02:39:40.0093 9500  i8042prt - ok
02:39:40.0131 9500  [ ABBF174CB394F5C437410A788B7E404A ] iaStor          C:\Windows\system32\drivers\iaStor.sys
02:39:40.0141 9500  iaStor - ok
02:39:40.0171 9500  [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
02:39:40.0177 9500  IAStorDataMgrSvc - ok
02:39:40.0217 9500  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
02:39:40.0227 9500  iaStorV - ok
02:39:40.0282 9500  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
02:39:40.0291 9500  IDriverT ( UnsignedFile.Multi.Generic ) - warning
02:39:40.0291 9500  IDriverT - detected UnsignedFile.Multi.Generic (1)
02:39:40.0345 9500  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:39:40.0362 9500  idsvc - ok
02:39:40.0376 9500  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
02:39:40.0383 9500  iirsp - ok
02:39:40.0421 9500  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
02:39:40.0450 9500  IKEEXT - ok
02:39:40.0492 9500  [ 697C927E0DE2ABAF1A5F455033F687CD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
02:39:40.0517 9500  IntcAzAudAddService - ok
02:39:40.0535 9500  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
02:39:40.0542 9500  intelide - ok
02:39:40.0560 9500  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
02:39:40.0567 9500  intelppm - ok
02:39:40.0594 9500  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
02:39:40.0635 9500  IPBusEnum - ok
02:39:40.0647 9500  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:39:40.0666 9500  IpFilterDriver - ok
02:39:40.0734 9500  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
02:39:40.0776 9500  iphlpsvc - ok
02:39:40.0794 9500  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
02:39:40.0801 9500  IPMIDRV - ok
02:39:40.0832 9500  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
02:39:40.0868 9500  IPNAT - ok
02:39:40.0886 9500  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
02:39:40.0915 9500  IRENUM - ok
02:39:40.0954 9500  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
02:39:40.0961 9500  isapnp - ok
02:39:40.0994 9500  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
02:39:41.0003 9500  iScsiPrt - ok
02:39:41.0014 9500  [ C0D9BA660A41EE8A269EF804E6CD0D7B ] JRAID           C:\Windows\system32\drivers\jraid.sys
02:39:41.0021 9500  JRAID - ok
02:39:41.0040 9500  [ 9D7EA8C7215D8D4AE7BE110EEE61085D ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
02:39:41.0049 9500  k57nd60a - ok
02:39:41.0068 9500  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
02:39:41.0075 9500  kbdclass - ok
02:39:41.0080 9500  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
02:39:41.0087 9500  kbdhid - ok
02:39:41.0091 9500  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
02:39:41.0099 9500  KeyIso - ok
02:39:41.0146 9500  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
02:39:41.0154 9500  KSecDD - ok
02:39:41.0196 9500  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
02:39:41.0204 9500  KSecPkg - ok
02:39:41.0214 9500  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
02:39:41.0251 9500  ksthunk - ok
02:39:41.0280 9500  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
02:39:41.0320 9500  KtmRm - ok
02:39:41.0351 9500  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
02:39:41.0374 9500  LanmanServer - ok
02:39:41.0402 9500  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
02:39:41.0424 9500  LanmanWorkstation - ok
02:39:41.0440 9500  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
02:39:41.0480 9500  lltdio - ok
02:39:41.0521 9500  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
02:39:41.0557 9500  lltdsvc - ok
02:39:41.0579 9500  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
02:39:41.0601 9500  lmhosts - ok
02:39:41.0625 9500  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
02:39:41.0633 9500  LSI_FC - ok
02:39:41.0650 9500  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
02:39:41.0657 9500  LSI_SAS - ok
02:39:41.0675 9500  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
02:39:41.0683 9500  LSI_SAS2 - ok
02:39:41.0695 9500  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
02:39:41.0703 9500  LSI_SCSI - ok
02:39:41.0724 9500  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
02:39:41.0765 9500  luafv - ok
02:39:41.0848 9500  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
02:39:41.0854 9500  MBAMProtector - ok
02:39:41.0914 9500  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
02:39:41.0924 9500  MBAMScheduler - ok
02:39:41.0949 9500  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
02:39:41.0962 9500  MBAMService - ok
02:39:41.0979 9500  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
02:39:42.0003 9500  Mcx2Svc - ok
02:39:42.0018 9500  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
02:39:42.0025 9500  megasas - ok
02:39:42.0041 9500  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
02:39:42.0051 9500  MegaSR - ok
02:39:42.0082 9500  [ 495A8EFC5E850A4A36392FAA1B932DBC ] mio             C:\Windows\system32\DRIVERS\mio.sys
02:39:42.0087 9500  mio - ok
02:39:42.0107 9500  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
02:39:42.0129 9500  MMCSS - ok
02:39:42.0143 9500  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
02:39:42.0165 9500  Modem - ok
02:39:42.0187 9500  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
02:39:42.0213 9500  monitor - ok
02:39:42.0231 9500  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
02:39:42.0238 9500  mouclass - ok
02:39:42.0255 9500  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
02:39:42.0262 9500  mouhid - ok
02:39:42.0273 9500  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
02:39:42.0281 9500  mountmgr - ok
02:39:42.0340 9500  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
02:39:42.0348 9500  MozillaMaintenance - ok
02:39:42.0383 9500  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
02:39:42.0394 9500  MpFilter - ok
02:39:42.0415 9500  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
02:39:42.0423 9500  mpio - ok
02:39:42.0441 9500  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
02:39:42.0463 9500  mpsdrv - ok
02:39:42.0493 9500  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
02:39:42.0521 9500  MpsSvc - ok
02:39:42.0547 9500  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
02:39:42.0572 9500  MRxDAV - ok
02:39:42.0606 9500  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
02:39:42.0673 9500  mrxsmb - ok
02:39:42.0703 9500  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:39:42.0711 9500  mrxsmb10 - ok
02:39:42.0741 9500  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:39:42.0748 9500  mrxsmb20 - ok
02:39:42.0776 9500  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
02:39:42.0783 9500  msahci - ok
02:39:42.0843 9500  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
02:39:42.0851 9500  msdsm - ok
02:39:42.0876 9500  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
02:39:42.0897 9500  MSDTC - ok
02:39:42.0918 9500  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
02:39:42.0956 9500  Msfs - ok
02:39:42.0976 9500  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
02:39:43.0011 9500  mshidkmdf - ok
02:39:43.0017 9500  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
02:39:43.0024 9500  msisadrv - ok
02:39:43.0048 9500  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
02:39:43.0085 9500  MSiSCSI - ok
02:39:43.0086 9500  msiserver - ok
02:39:43.0101 9500  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
02:39:43.0131 9500  MSKSSRV - ok
02:39:43.0190 9500  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
02:39:43.0207 9500  MsMpSvc - ok
02:39:43.0214 9500  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
02:39:43.0254 9500  MSPCLOCK - ok
02:39:43.0278 9500  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
02:39:43.0299 9500  MSPQM - ok
02:39:43.0315 9500  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
02:39:43.0324 9500  MsRPC - ok
02:39:43.0331 9500  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
02:39:43.0337 9500  mssmbios - ok
02:39:43.0460 9500  MSSQL$SQLEXPRESS - ok
02:39:43.0484 9500  [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
02:39:43.0491 9500  MSSQLServerADHelper100 - ok
02:39:43.0493 9500  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
02:39:43.0525 9500  MSTEE - ok
02:39:43.0540 9500  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
02:39:43.0561 9500  MTConfig - ok
02:39:43.0581 9500  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
02:39:43.0588 9500  Mup - ok
02:39:43.0624 9500  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
02:39:43.0662 9500  napagent - ok
02:39:43.0700 9500  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
02:39:43.0712 9500  NativeWifiP - ok
02:39:43.0772 9500  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
02:39:43.0788 9500  NDIS - ok
02:39:43.0806 9500  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
02:39:43.0827 9500  NdisCap - ok
02:39:43.0845 9500  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
02:39:43.0866 9500  NdisTapi - ok
02:39:43.0874 9500  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
02:39:43.0895 9500  Ndisuio - ok
02:39:43.0911 9500  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
02:39:43.0951 9500  NdisWan - ok
02:39:43.0972 9500  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
02:39:44.0011 9500  NDProxy - ok
02:39:44.0019 9500  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
02:39:44.0055 9500  NetBIOS - ok
02:39:44.0076 9500  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
02:39:44.0098 9500  NetBT - ok
02:39:44.0100 9500  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
02:39:44.0107 9500  Netlogon - ok
02:39:44.0132 9500  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
02:39:44.0168 9500  Netman - ok
02:39:44.0203 9500  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:39:44.0211 9500  NetMsmqActivator - ok
02:39:44.0212 9500  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:39:44.0218 9500  NetPipeActivator - ok
02:39:44.0233 9500  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
02:39:44.0273 9500  netprofm - ok
02:39:44.0275 9500  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:39:44.0281 9500  NetTcpActivator - ok
02:39:44.0282 9500  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:39:44.0288 9500  NetTcpPortSharing - ok
02:39:44.0321 9500  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
02:39:44.0328 9500  nfrd960 - ok
02:39:44.0377 9500  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
02:39:44.0385 9500  NisDrv - ok
02:39:44.0420 9500  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
02:39:44.0432 9500  NisSrv - ok
02:39:44.0456 9500  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
02:39:44.0465 9500  NlaSvc - ok
02:39:44.0476 9500  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
02:39:44.0496 9500  Npfs - ok
02:39:44.0526 9500  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
02:39:44.0548 9500  nsi - ok
02:39:44.0554 9500  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
02:39:44.0593 9500  nsiproxy - ok
02:39:44.0652 9500  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
02:39:44.0673 9500  Ntfs - ok
02:39:44.0679 9500  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
02:39:44.0720 9500  Null - ok
02:39:44.0763 9500  [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
02:39:44.0771 9500  NVHDA - ok
02:39:44.0893 9500  [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
02:39:45.0040 9500  nvlddmkm - ok
02:39:45.0069 9500  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
02:39:45.0077 9500  nvraid - ok
02:39:45.0102 9500  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
02:39:45.0110 9500  nvstor - ok
02:39:45.0156 9500  [ 10C232F6CFFD51D2332898AE7AE0FF23 ] NVSvc           C:\Windows\system32\nvvsvc.exe
02:39:45.0169 9500  NVSvc - ok
02:39:45.0246 9500  [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
02:39:45.0263 9500  nvUpdatusService - ok
02:39:45.0290 9500  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
02:39:45.0297 9500  nv_agp - ok
02:39:45.0302 9500  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
02:39:45.0330 9500  ohci1394 - ok
02:39:45.0357 9500  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
02:39:45.0406 9500  p2pimsvc - ok
02:39:45.0424 9500  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
02:39:45.0434 9500  p2psvc - ok
02:39:45.0445 9500  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
02:39:45.0473 9500  Parport - ok
02:39:45.0492 9500  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
02:39:45.0501 9500  partmgr - ok
02:39:45.0521 9500  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
02:39:45.0553 9500  PcaSvc - ok
02:39:45.0580 9500  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
02:39:45.0588 9500  pci - ok
02:39:45.0602 9500  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
02:39:45.0609 9500  pciide - ok
02:39:45.0632 9500  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
02:39:45.0641 9500  pcmcia - ok
02:39:45.0662 9500  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
02:39:45.0669 9500  pcw - ok
02:39:45.0690 9500  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
02:39:45.0731 9500  PEAUTH - ok
02:39:45.0800 9500  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
02:39:45.0824 9500  PerfHost - ok
02:39:45.0859 9500  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
02:39:45.0906 9500  pla - ok
02:39:45.0958 9500  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
02:39:45.0997 9500  PlugPlay - ok
02:39:46.0040 9500  PnkBstrA - ok
02:39:46.0051 9500  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
02:39:46.0075 9500  PNRPAutoReg - ok
02:39:46.0092 9500  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
02:39:46.0101 9500  PNRPsvc - ok
02:39:46.0127 9500  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
02:39:46.0162 9500  PolicyAgent - ok
02:39:46.0190 9500  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
02:39:46.0225 9500  Power - ok
02:39:46.0246 9500  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
02:39:46.0282 9500  PptpMiniport - ok
02:39:46.0302 9500  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
02:39:46.0310 9500  Processor - ok
02:39:46.0342 9500  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
02:39:46.0378 9500  ProfSvc - ok
02:39:46.0379 9500  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
02:39:46.0386 9500  ProtectedStorage - ok
02:39:46.0414 9500  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
02:39:46.0450 9500  Psched - ok
02:39:46.0487 9500  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
02:39:46.0493 9500  PxHlpa64 - ok
02:39:46.0527 9500  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
02:39:46.0547 9500  ql2300 - ok
02:39:46.0562 9500  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
02:39:46.0570 9500  ql40xx - ok
02:39:46.0606 9500  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
02:39:46.0618 9500  QWAVE - ok
02:39:46.0622 9500  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
02:39:46.0633 9500  QWAVEdrv - ok
02:39:46.0644 9500  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
02:39:46.0665 9500  RasAcd - ok
02:39:46.0679 9500  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
02:39:46.0699 9500  RasAgileVpn - ok
02:39:46.0711 9500  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
02:39:46.0745 9500  RasAuto - ok
02:39:46.0760 9500  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
02:39:46.0782 9500  Rasl2tp - ok
02:39:46.0805 9500  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
02:39:46.0844 9500  RasMan - ok
02:39:46.0863 9500  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
02:39:46.0897 9500  RasPppoe - ok
02:39:46.0905 9500  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
02:39:46.0926 9500  RasSstp - ok
02:39:46.0944 9500  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
02:39:46.0965 9500  rdbss - ok
02:39:46.0976 9500  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
02:39:46.0997 9500  rdpbus - ok
02:39:47.0021 9500  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
02:39:47.0042 9500  RDPCDD - ok
02:39:47.0055 9500  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
02:39:47.0092 9500  RDPENCDD - ok
02:39:47.0095 9500  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
02:39:47.0116 9500  RDPREFMP - ok
02:39:47.0141 9500  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
02:39:47.0186 9500  RdpVideoMiniport - ok
02:39:47.0222 9500  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
02:39:47.0252 9500  RDPWD - ok
02:39:47.0269 9500  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
02:39:47.0278 9500  rdyboost - ok
02:39:47.0308 9500  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
02:39:47.0348 9500  RemoteAccess - ok
02:39:47.0367 9500  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
02:39:47.0390 9500  RemoteRegistry - ok
02:39:47.0418 9500  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
02:39:47.0443 9500  RFCOMM - ok
02:39:47.0518 9500  [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
02:39:47.0546 9500  RoxMediaDB12OEM - ok
02:39:47.0583 9500  [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12      C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
02:39:47.0592 9500  RoxWatch12 - ok
02:39:47.0608 9500  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
02:39:47.0629 9500  RpcEptMapper - ok
02:39:47.0660 9500  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
02:39:47.0668 9500  RpcLocator - ok
02:39:47.0683 9500  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
02:39:47.0708 9500  RpcSs - ok
02:39:47.0775 9500  [ C9FE05A63C500ABE3AFA5786504C4D36 ] RsFx0105        C:\Windows\system32\DRIVERS\RsFx0105.sys
02:39:47.0784 9500  RsFx0105 - ok
02:39:47.0816 9500  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
02:39:47.0838 9500  rspndr - ok
02:39:47.0839 9500  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
02:39:47.0846 9500  SamSs - ok
02:39:47.0866 9500  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
02:39:47.0875 9500  sbp2port - ok
02:39:47.0897 9500  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
02:39:47.0920 9500  SCardSvr - ok
02:39:47.0930 9500  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
02:39:47.0965 9500  scfilter - ok
02:39:48.0000 9500  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
02:39:48.0027 9500  Schedule - ok
02:39:48.0046 9500  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
02:39:48.0067 9500  SCPolicySvc - ok
02:39:48.0078 9500  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
02:39:48.0134 9500  SDRSVC - ok
02:39:48.0136 9500  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
02:39:48.0172 9500  secdrv - ok
02:39:48.0190 9500  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
02:39:48.0211 9500  seclogon - ok
02:39:48.0235 9500  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
02:39:48.0273 9500  SENS - ok
02:39:48.0293 9500  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
02:39:48.0337 9500  SensrSvc - ok
02:39:48.0374 9500  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
02:39:48.0381 9500  Serenum - ok
02:39:48.0399 9500  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
02:39:48.0407 9500  Serial - ok
02:39:48.0418 9500  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
02:39:48.0435 9500  sermouse - ok
02:39:48.0457 9500  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
02:39:48.0494 9500  SessionEnv - ok
02:39:48.0526 9500  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
02:39:48.0550 9500  sffdisk - ok
02:39:48.0552 9500  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
02:39:48.0561 9500  sffp_mmc - ok
02:39:48.0563 9500  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
02:39:48.0591 9500  sffp_sd - ok
02:39:48.0605 9500  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
02:39:48.0612 9500  sfloppy - ok
02:39:48.0692 9500  [ 6F36EE03AF65DE9AEB024809866D19B1 ] SftService      C:\Program Files (x86)\AlienRespawn\sftservice.EXE
02:39:48.0716 9500  SftService - ok
02:39:48.0745 9500  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
02:39:48.0769 9500  SharedAccess - ok
02:39:48.0776 9500  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
02:39:48.0819 9500  ShellHWDetection - ok
02:39:48.0845 9500  [ 0F498DEE92FD73DD999BAE4D506367F5 ] SI3132          C:\Windows\system32\drivers\SI3132.sys
02:39:48.0851 9500  SI3132 - ok
02:39:48.0853 9500  [ 127CE10E01F53F2EDACA7FE42E5631EA ] SiFilter        C:\Windows\system32\drivers\SiWinAcc.sys
02:39:48.0858 9500  SiFilter - ok
02:39:48.0868 9500  [ B742C37002B8EBEF6E230DF9B4B28546 ] SiRemFil        C:\Windows\system32\drivers\SiRemFil.sys
02:39:48.0873 9500  SiRemFil - ok
02:39:48.0891 9500  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
02:39:48.0898 9500  SiSRaid2 - ok
02:39:48.0915 9500  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
02:39:48.0922 9500  SiSRaid4 - ok
02:39:48.0996 9500  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
02:39:49.0003 9500  SkypeUpdate - ok
02:39:49.0017 9500  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
02:39:49.0050 9500  Smb - ok
02:39:49.0098 9500  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
02:39:49.0107 9500  SNMPTRAP - ok
02:39:49.0116 9500  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
02:39:49.0122 9500  spldr - ok
02:39:49.0168 9500  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
02:39:49.0202 9500  Spooler - ok
02:39:49.0254 9500  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
02:39:49.0318 9500  sppsvc - ok
02:39:49.0336 9500  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
02:39:49.0358 9500  sppuinotify - ok
02:39:49.0447 9500  [ 45E65FB17A4CD5FACBD3CA16C8334C82 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
02:39:49.0457 9500  SQLAgent$SQLEXPRESS - ok
02:39:49.0527 9500  [ 10D936DCED9EACD1A1B3FCDDA6D7A4EB ] SQLBrowser      c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
02:39:49.0535 9500  SQLBrowser - ok
02:39:49.0573 9500  [ F92E5F93BE572B512DA3C016B675EDE0 ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
02:39:49.0580 9500  SQLWriter - ok
02:39:49.0618 9500  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
02:39:49.0670 9500  srv - ok
02:39:49.0702 9500  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
02:39:49.0731 9500  srv2 - ok
02:39:49.0763 9500  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
02:39:49.0771 9500  srvnet - ok
02:39:49.0794 9500  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
02:39:49.0817 9500  SSDPSRV - ok
02:39:49.0825 9500  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
02:39:49.0846 9500  SstpSvc - ok
02:39:49.0873 9500  Steam Client Service - ok
02:39:49.0943 9500  [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
02:39:49.0952 9500  Stereo Service - ok
02:39:49.0976 9500  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
02:39:49.0983 9500  stexstor - ok
02:39:50.0032 9500  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
02:39:50.0059 9500  stisvc - ok
02:39:50.0094 9500  [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr        C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
02:39:50.0100 9500  stllssvr - ok
02:39:50.0116 9500  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
02:39:50.0123 9500  swenum - ok
02:39:50.0135 9500  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
02:39:50.0160 9500  swprv - ok
02:39:50.0191 9500  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
02:39:50.0230 9500  SysMain - ok
02:39:50.0259 9500  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
02:39:50.0298 9500  TabletInputService - ok
02:39:50.0317 9500  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
02:39:50.0356 9500  TapiSrv - ok
02:39:50.0358 9500  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
02:39:50.0380 9500  TBS - ok
02:39:50.0428 9500  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
02:39:50.0470 9500  Tcpip - ok
02:39:50.0522 9500  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
02:39:50.0545 9500  TCPIP6 - ok
02:39:50.0576 9500  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
02:39:50.0583 9500  tcpipreg - ok
02:39:50.0596 9500  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
02:39:50.0637 9500  TDPIPE - ok
02:39:50.0662 9500  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
02:39:50.0692 9500  TDTCP - ok
02:39:50.0713 9500  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
02:39:50.0734 9500  tdx - ok
02:39:50.0741 9500  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
02:39:50.0749 9500  TermDD - ok
02:39:50.0770 9500  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
02:39:50.0795 9500  TermService - ok
02:39:50.0806 9500  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
02:39:50.0817 9500  Themes - ok
02:39:50.0822 9500  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
02:39:50.0842 9500  THREADORDER - ok
02:39:50.0849 9500  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
02:39:50.0883 9500  TrkWks - ok
02:39:50.0928 9500  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
02:39:50.0955 9500  TrustedInstaller - ok
02:39:50.0958 9500  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
02:39:50.0997 9500  tssecsrv - ok
02:39:51.0038 9500  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
02:39:51.0079 9500  TsUsbFlt - ok
02:39:51.0115 9500  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
02:39:51.0136 9500  TsUsbGD - ok
02:39:51.0174 9500  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
02:39:51.0211 9500  tunnel - ok
02:39:51.0226 9500  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
02:39:51.0242 9500  uagp35 - ok
02:39:51.0283 9500  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
02:39:51.0307 9500  udfs - ok
02:39:51.0311 9500  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
02:39:51.0346 9500  UI0Detect - ok
02:39:51.0387 9500  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
02:39:51.0394 9500  uliagpkx - ok
02:39:51.0409 9500  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
02:39:51.0436 9500  umbus - ok
02:39:51.0479 9500  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
02:39:51.0499 9500  UmPass - ok
02:39:51.0529 9500  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
02:39:51.0574 9500  upnphost - ok
02:39:51.0609 9500  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
02:39:51.0619 9500  usbaudio - ok
02:39:51.0641 9500  [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
02:39:51.0687 9500  usbccgp - ok
02:39:51.0707 9500  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
02:39:51.0716 9500  usbcir - ok
02:39:51.0730 9500  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
02:39:51.0752 9500  usbehci - ok
02:39:51.0779 9500  [ 8B892002D7B79312821169A14317AB86 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
02:39:51.0804 9500  usbhub - ok
02:39:51.0815 9500  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
02:39:51.0838 9500  usbohci - ok
02:39:51.0854 9500  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
02:39:51.0873 9500  usbprint - ok
02:39:51.0892 9500  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:39:51.0921 9500  USBSTOR - ok
02:39:51.0942 9500  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
02:39:51.0961 9500  usbuhci - ok
02:39:51.0977 9500  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
02:39:51.0999 9500  UxSms - ok
02:39:52.0004 9500  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
02:39:52.0011 9500  VaultSvc - ok
02:39:52.0017 9500  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
02:39:52.0024 9500  vdrvroot - ok
02:39:52.0047 9500  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
02:39:52.0088 9500  vds - ok
02:39:52.0107 9500  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
02:39:52.0115 9500  vga - ok
02:39:52.0129 9500  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
02:39:52.0160 9500  VgaSave - ok
02:39:52.0177 9500  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
02:39:52.0186 9500  vhdmp - ok
02:39:52.0195 9500  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
02:39:52.0202 9500  viaide - ok
02:39:52.0275 9500  [ 091E009EF749C9D65CF9ADFAD316D251 ] vmm             C:\Windows\system32\Treiber\vmm.sys
02:39:52.0283 9500  vmm - ok
02:39:52.0299 9500  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
02:39:52.0306 9500  volmgr - ok
02:39:52.0320 9500  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
02:39:52.0331 9500  volmgrx - ok
02:39:52.0345 9500  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
02:39:52.0354 9500  volsnap - ok
02:39:52.0371 9500  [ BC2EA40B98B5E866D9A4F98AFB66B682 ] VPCNetS2        C:\Windows\system32\DRIVERS\VMNetSrv.sys
02:39:52.0378 9500  VPCNetS2 - ok
02:39:52.0382 9500  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
02:39:52.0390 9500  vsmraid - ok
02:39:52.0493 9500  [ CA64A8838B4674D14BDF88ABA2F253EA ] VSPerfDrv100    C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
02:39:52.0507 9500  VSPerfDrv100 - ok
02:39:52.0535 9500  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
02:39:52.0585 9500  VSS - ok
02:39:52.0591 9500  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
02:39:52.0613 9500  vwifibus - ok
02:39:52.0656 9500  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
02:39:52.0667 9500  vwififlt - ok
02:39:52.0700 9500  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
02:39:52.0723 9500  W32Time - ok
02:39:52.0743 9500  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
02:39:52.0762 9500  WacomPen - ok
02:39:52.0784 9500  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
02:39:52.0822 9500  WANARP - ok
02:39:52.0833 9500  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
02:39:52.0854 9500  Wanarpv6 - ok
02:39:52.0902 9500  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
02:39:52.0925 9500  WatAdminSvc - ok
02:39:52.0958 9500  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
02:39:53.0006 9500  wbengine - ok
02:39:53.0031 9500  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
02:39:53.0060 9500  WbioSrvc - ok
02:39:53.0085 9500  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
02:39:53.0110 9500  wcncsvc - ok
02:39:53.0127 9500  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
02:39:53.0189 9500  WcsPlugInService - ok
02:39:53.0205 9500  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
02:39:53.0212 9500  Wd - ok
02:39:53.0350 9500  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
02:39:53.0364 9500  Wdf01000 - ok
02:39:53.0374 9500  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
02:39:53.0444 9500  WdiServiceHost - ok
02:39:53.0446 9500  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
02:39:53.0456 9500  WdiSystemHost - ok
02:39:53.0489 9500  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
02:39:53.0523 9500  WebClient - ok
02:39:53.0546 9500  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
02:39:53.0587 9500  Wecsvc - ok
02:39:53.0608 9500  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
02:39:53.0631 9500  wercplsupport - ok
02:39:53.0646 9500  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
02:39:53.0667 9500  WerSvc - ok
02:39:53.0683 9500  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
02:39:53.0703 9500  WfpLwf - ok
02:39:53.0746 9500  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
02:39:53.0753 9500  WimFltr - ok
02:39:53.0772 9500  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
02:39:53.0778 9500  WIMMount - ok
02:39:53.0791 9500  WinDefend - ok
02:39:53.0810 9500  WinHttpAutoProxySvc - ok
02:39:53.0872 9500  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
02:39:53.0895 9500  Winmgmt - ok
02:39:53.0917 9500  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
02:39:53.0956 9500  WinRM - ok
02:39:54.0022 9500  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
02:39:54.0032 9500  WinUsb - ok
02:39:54.0064 9500  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
02:39:54.0081 9500  Wlansvc - ok
02:39:54.0143 9500  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:39:54.0191 9500  wlidsvc - ok
02:39:54.0203 9500  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
02:39:54.0224 9500  WmiAcpi - ok
02:39:54.0241 9500  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
02:39:54.0265 9500  wmiApSrv - ok
02:39:54.0279 9500  WMPNetworkSvc - ok
02:39:54.0298 9500  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
02:39:54.0338 9500  WPCSvc - ok
02:39:54.0352 9500  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
02:39:54.0388 9500  WPDBusEnum - ok
02:39:54.0397 9500  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
02:39:54.0418 9500  ws2ifsl - ok
02:39:54.0428 9500  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
02:39:54.0452 9500  wscsvc - ok
02:39:54.0454 9500  WSearch - ok
02:39:54.0518 9500  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
02:39:54.0566 9500  wuauserv - ok
02:39:54.0600 9500  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
02:39:54.0618 9500  WudfPf - ok
02:39:54.0674 9500  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
02:39:54.0701 9500  WUDFRd - ok
02:39:54.0730 9500  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
02:39:54.0746 9500  wudfsvc - ok
02:39:54.0767 9500  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
02:39:54.0796 9500  WwanSvc - ok
02:39:54.0823 9500  [ 2C6BC21B2D5B58D8B1D638C1704CB494 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
02:39:54.0829 9500  xusb21 - ok
02:39:54.0849 9500  ================ Scan global ===============================
02:39:54.0865 9500  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
02:39:54.0908 9500  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
02:39:54.0914 9500  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
02:39:54.0927 9500  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
02:39:54.0951 9500  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
02:39:54.0954 9500  [Global] - ok
02:39:54.0955 9500  ================ Scan MBR ==================================
02:39:54.0962 9500  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
02:39:55.0196 9500  \Device\Harddisk0\DR0 - ok
02:39:55.0196 9500  ================ Scan VBR ==================================
02:39:55.0197 9500  [ 45B39FF1EDD10C8781B353F6B71313E6 ] \Device\Harddisk0\DR0\Partition1
02:39:55.0198 9500  \Device\Harddisk0\DR0\Partition1 - ok
02:39:55.0226 9500  [ 31ADB3D6C5F8679E3785F154DCEBBC27 ] \Device\Harddisk0\DR0\Partition2
02:39:55.0235 9500  \Device\Harddisk0\DR0\Partition2 - ok
02:39:55.0235 9500  ============================================================
02:39:55.0235 9500  Scan finished
02:39:55.0235 9500  ============================================================
02:39:55.0240 8176  Detected object count: 3
02:39:55.0240 8176  Actual detected object count: 3
02:40:20.0148 8176  BEService ( UnsignedFile.Multi.Generic ) - skipped by user
02:40:20.0148 8176  BEService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:40:20.0149 8176  HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
02:40:20.0149 8176  HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:40:20.0149 8176  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
02:40:20.0149 8176  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:40:22.0866 9484  Deinitialize success

cosinus · 04.05.2013, 14:23

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

blawa · 04.05.2013, 14:49

Hier das Combo-Fix Log:

Code:

ATTFilter

ComboFix 13-05-04.01 - blawa 04.05.2013  15:36:13.3.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.6135.2942 [GMT 2:00]
ausgeführt von:: c:\users\blawa\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPlyTune.dll
c:\windows\IsUn0407.exe
c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-04 bis 2013-05-04  ))))))))))))))))))))))))))))))
.
.
2013-05-04 13:45 . 2013-05-04 13:45	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-05-04 13:45 . 2013-05-04 13:45	--------	d-----w-	c:\users\Public\AppData\Local\temp
2013-05-04 13:45 . 2013-05-04 13:45	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-04 09:15 . 2013-04-10 03:46	9317456	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{423880E3-4802-443C-B68D-6E3A2A42EB91}\mpengine.dll
2013-05-03 09:14 . 2013-04-10 03:46	9317456	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-03 09:14 . 2013-04-10 03:46	9317456	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A7289F31-E77F-4042-A860-91BE34FD2D01}\mpengine.dll
2013-05-01 01:55 . 2013-02-22 06:12	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-05-01 01:54 . 2013-03-01 03:36	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-05-01 01:54 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-05-01 01:54 . 2013-03-19 06:04	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-05-01 01:54 . 2013-03-19 05:46	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-05-01 01:54 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-05-01 01:54 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-05-01 01:54 . 2013-03-19 03:06	112640	----a-w-	c:\windows\system32\smss.exe
2013-05-01 01:54 . 2013-03-19 04:47	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-05-01 01:54 . 2013-01-24 06:01	223752	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-04-29 20:51 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-04-29 20:51 . 2013-04-29 20:52	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-29 00:48 . 2013-04-29 00:48	--------	d-----w-	c:\users\blawa\AppData\Local\SplitMediaLabs
2013-04-29 00:48 . 2013-04-29 00:48	--------	d-----w-	c:\programdata\SplitMediaLabs
2013-04-29 00:48 . 2013-04-29 00:48	--------	d-----w-	c:\program files (x86)\SplitMediaLabs
2013-04-29 00:47 . 2013-04-29 00:47	--------	d-----w-	c:\users\blawa\AppData\Roaming\SplitMediaLabs
2013-04-26 08:55 . 2013-04-26 08:55	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-04-23 15:31 . 2013-04-23 15:31	905296	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F22F8647-BDEB-4D39-AF00-045F5592C2E2}\gapaengine.dll
2013-04-18 14:17 . 2013-04-18 14:17	--------	d-----w-	c:\users\blawa\AppData\Local\Amazon
2013-04-16 10:59 . 2013-04-16 10:59	--------	d-----w-	c:\program files\GIMP 2
2013-04-16 10:58 . 2013-04-16 10:58	--------	d-----w-	c:\users\blawa\AppData\Local\Programs
2013-04-15 19:27 . 2013-04-15 19:28	--------	d-----w-	c:\users\blawa\AppData\Roaming\ftblauncher
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 15:29 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-05-02 09:49 . 2009-08-18 10:49	564632	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2013-05-02 09:49 . 2009-08-18 09:24	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-01 03:08 . 2011-09-16 22:40	2495200	----a-w-	c:\programdata\Microsoft\VisualStudio\10.0\1031\ResourceCache.dll
2013-05-01 01:56 . 2012-03-11 11:49	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-04-01 02:22 . 2013-04-01 02:22	108448	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-04-01 02:22 . 2013-04-01 02:22	310688	----a-w-	c:\windows\system32\javaws.exe
2013-04-01 02:22 . 2013-04-01 02:22	188832	----a-w-	c:\windows\system32\javaw.exe
2013-04-01 02:22 . 2013-04-01 02:22	188320	----a-w-	c:\windows\system32\java.exe
2013-04-01 02:22 . 2013-04-01 02:22	1085344	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-04-01 02:22 . 2011-07-02 11:19	963488	----a-w-	c:\windows\system32\deployJava1.dll
2013-04-01 00:23 . 2013-04-01 00:23	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-01 00:23 . 2012-05-15 09:56	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-04-01 00:23 . 2011-07-02 11:18	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-03-29 17:14 . 2012-02-21 11:10	21840	----atw-	c:\windows\SysWow64\SIntfNT.dll
2013-03-29 17:14 . 2012-02-21 11:10	17212	----atw-	c:\windows\SysWow64\SIntf32.dll
2013-03-29 17:14 . 2012-02-21 11:10	12067	----atw-	c:\windows\SysWow64\SIntf16.dll
2013-03-13 12:42 . 2012-05-09 17:11	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 12:42 . 2011-07-07 22:59	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-25 23:32 . 2013-02-25 23:32	25256224	----a-w-	c:\windows\system32\nvcompiler.dll
2013-02-25 23:32 . 2011-07-02 19:53	2505144	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-02-25 23:32 . 2011-07-02 19:53	15129960	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-02-25 23:32 . 2013-02-25 23:32	6262608	----a-w-	c:\windows\SysWow64\nvopencl.dll
2013-02-25 23:32 . 2011-07-02 19:53	2826040	----a-w-	c:\windows\system32\nvapi64.dll
2013-02-25 23:32 . 2011-11-17 12:36	1814304	----a-w-	c:\windows\system32\nvdispco64.dll
2013-02-25 23:32 . 2011-07-02 19:53	18055184	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-02-25 23:32 . 2013-02-25 23:32	2720544	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2013-02-25 23:32 . 2013-02-25 23:32	26929440	----a-w-	c:\windows\system32\nvoglv64.dll
2013-02-25 23:32 . 2013-02-25 23:32	7932256	----a-w-	c:\windows\SysWow64\nvcuda.dll
2013-02-25 23:32 . 2013-02-25 23:32	2346784	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-02-25 23:32 . 2013-02-25 23:32	1510176	----a-w-	c:\windows\system32\nvdispgenco64.dll
2013-02-25 23:32 . 2013-02-25 23:32	11036448	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 23:32 . 2013-02-25 23:32	2904352	----a-w-	c:\windows\system32\nvcuvid.dll
2013-02-25 23:32 . 2013-02-25 23:32	20449056	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2013-02-25 23:32 . 2011-07-02 19:53	15053264	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-02-25 23:32 . 2013-02-25 23:32	17560352	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2013-02-25 23:32 . 2013-02-25 23:32	7564040	----a-w-	c:\windows\system32\nvopencl.dll
2013-02-25 23:32 . 2013-02-25 23:32	1985824	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2013-02-25 23:32 . 2011-07-02 19:53	12641992	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-02-25 23:32 . 2013-02-25 23:32	9390760	----a-w-	c:\windows\system32\nvcuda.dll
2013-02-18 08:22 . 2013-02-18 08:22	31080	----a-w-	c:\windows\system32\nvhdap64.dll
2013-02-18 08:22 . 2012-02-25 12:52	1472360	----a-w-	c:\windows\system32\nvhdagenco6420103.dll
2013-02-18 08:22 . 2013-02-18 08:22	189288	----a-w-	c:\windows\system32\drivers\nvhda64v.sys
2013-02-12 05:45 . 2013-03-14 11:24	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 11:24	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 11:24	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-14 11:24	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-14 11:24	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 11:24	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-14 11:24	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-02-08 1520776]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files (x86)\uTorrentBar_DE\prxtbuTor.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
2011-03-28 16:22	176936	----a-w-	c:\program files (x86)\uTorrentBar_DE\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-02-08 12:55	1520776	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files (x86)\uTorrentBar_DE\prxtbuTor.dll" [2011-03-28 176936]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-02-08 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-03-29 1631144]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"EAUpdater"="c:\users\blawa\AppData\Roaming\EA\ea_updater.exe" [2010-11-21 1169224]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Guard.Mail.ru.gui"="c:\program files (x86)\Guard-ICQ\GuardICQ.exe" [2011-12-28 1564368]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-02-08 1644680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\blawa\Desktop\mbar\mbar.exe" [2013-03-22 1398856]
.
c:\users\blawa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
3;3 MBAMProtector;MBAMProtector [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe [2013-02-21 49152]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-03-06 1436424]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-08 1255736]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 311144]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-08 254528]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2011-03-21 15296]
S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe [2009-10-27 117608]
S2 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Guard-ICQ\GuardICQ.exe [2011-12-28 1564368]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-02-08 8704]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-05-16 1688384]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S3 AWOPFilterDriver;AWOPFilterDriver;c:\windows\system32\drivers\AWOPFilterDriver.sys [2011-07-02 20560]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-06 35104]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]
S3 mio;Master IO Filter Driver;c:\windows\system32\DRIVERS\mio.sys [2011-02-10 14928]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 35226327
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - UGLOQPOB
*Deregistered* - 35226327
*Deregistered* - aswMBR
*Deregistered* - ugloqpob
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 12:42]
.
2013-04-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\AlienAutopsy\uaclauncher.exe [2011-03-22 17:20]
.
2013-05-03 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\AlienAutopsy\pcdrcui.exe [2011-03-22 17:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-03 10038304]
"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2011-03-21 13256]
"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\blawa\AppData\Roaming\Mozilla\Firefox\Profiles\n18ln615.default\
FF - prefs.js: browser.startup.homepage - google.at
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-03-17 21:05; leethax@leethax.net; c:\users\blawa\AppData\Roaming\Mozilla\Firefox\Profiles\n18ln615.default\extensions\leethax@leethax.net.xpi
FF - ExtSQL: 2013-04-01 02:33; toolbar@ask.com; c:\users\blawa\AppData\Roaming\Mozilla\Firefox\Profiles\n18ln615.default\extensions\toolbar@ask.com
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
user_pref('extensions.dealply.partner', 'swim');
user_pref('extensions.dealply.channel', 'swimsimsdm');
user_pref('extensions.dealply.installId', 'v23900290874599257244762012061417370125');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '5');
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-BattlEye for A2 - c:\program files (x86)\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-S3 - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2209728477-714789964-3075794624-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:94,70,8b,2f,33,c6,ea,50,12,a8,29,33,01,6a,8c,fe,81,94,fb,f6,ad,89,b6,
   94,b9,7f,85,8e,65,c4,61,39,e7,8c,17,d7,7d,88,99,f9,d4,c9,bc,87,36,df,06,92,\
"??"=hex:a3,77,26,48,47,4c,a5,0f,61,eb,40,19,f6,57,bd,a1
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-04  15:47:19
ComboFix-quarantined-files.txt  2013-05-04 13:47
ComboFix2.txt  2012-05-14 07:09
ComboFix3.txt  2012-05-13 19:46
.
Vor Suchlauf: 23 Verzeichnis(se), 773.008.166.912 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 774.403.121.152 Bytes frei
.
- - End Of File - - 64FD952C299F56BCFD937B68604EF21A

cosinus · 04.05.2013, 14:53

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

03.05.2013, 23:08	#9
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Microsoft Security Essentials scannt nicht mehr Was ist mit dem anderen Log? MBAR hat nichts gefunden? __________________ Logfiles bitte immer in CODE-Tags posten

Microsoft Security Essentials scannt nicht mehr

Antiviren-, Firewall- und andere Schutzprogramme: Microsoft Security Essentials scannt nicht mehr