| |
| |||||||
Log-Analyse und Auswertung: Win 8.1: Trojaner eingefangenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.09.2015, 22:52
| #1 |
  |  Win 8.1: Trojaner eingefangen Hallo, ich habe mir da blöderweise was eingefangen und wäre über Hilfestellung bei der Entfernung dankbar. Ich habe eine .exe ausgeführt, blöderweise mit Admin-Rechten. Nach meinen Recherchen handelt es sich um diesen süßen Fratz hxxp://www.virusradar.com/en/MSIL_Kryptik.DNN/description https://www.virustotal.com/en/file/673cf41507f5809b25aeb30fccbcc4d85fe7d9d48e971080b5a2fb4df2fe954e/analysis/ https://malwr.com/analysis/OTQyYzViZGNiMjg5NDBjZTkyMTdiOWYzZTZhODY5MTI/ Das Teil hat sich nach AppData kopiert und einen Autorun-Eintrag angelegt (via Task Scheduler), welchen ich händisch entfernt habe. Anschließend hat MBAM noch die Binary und 2 Registry-Einträge gelöscht. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 25.09.2015 Scan Time: 22:44 Logfile: mbam.txt Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.09.25.05 Rootkit Database: v2015.09.22.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: mongole Scan Type: Threat Scan Result: Completed Objects Scanned: 371471 Time Elapsed: 6 min, 47 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Warn PUM: Warn Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 2 Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE, Quarantined, [08118ba9f09b61d514ecf80efb09ce32], Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE, Quarantined, [08118ba9f09b61d514ecf80efb09ce32], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 Trojan.Agent, C:\Users\mongole\AppData\Roaming\chrome.exe, Quarantined, [08118ba9f09b61d514ecf80efb09ce32], Physical Sectors: 0 (No malicious items detected) (end) Defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:21 on 25/09/2015 (mongole)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015 Ran by mongole (administrator) on MONGOMACHINE-8 (25-09-2015 23:40:42) Running from B:\TEMP\mozOpenDownload Loaded Profiles: mongole (Available Profiles: mongole) Platform: Windows 8.1 Enterprise (X64) Language: Englisch (Vereinigte Staaten) Internet Explorer Version 11 (Default browser: "C:\Program Files\Pale Moon\palemoon.exe" -osint -url "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () M:\Program Files (x86)\GNU\GnuPG\dirmngr.exe (Microsoft Corporation) C:\Program Files (x86)\EMET 5.2\EMET_Service.exe (SecureMix LLC) M:\Program Files (x86)\GlassWire\GWCtlSrv.exe (Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (MSI) C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe (MSI) C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe (Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\ECO Center\ECO_Service.exe (Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe (Microsoft Corporation) C:\Windows\System32\nfsclnt.exe (Microsoft Corporation) C:\Program Files (x86)\EMET 5.2\EMET_Agent.exe () M:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Greenshot) M:\Program Files\Greenshot\Greenshot.exe (RaMMicHaeL) M:\Program Files (x86)\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe (alch) M:\Program Files (x86)\ClamWin\bin\ClamTray.exe () M:\Program Files (x86)\ownCloud\owncloud.exe () M:\Program Files\Ditto\Ditto.exe (Andrea Russo - Italy) C:\Program Files (x86)\ClamSentinel\ClamSentinel.exe (SecureMix LLC) M:\Program Files (x86)\GlassWire\GlassWire.exe (VirtuaWin) C:\Program Files (x86)\VirtuaWin\VirtuaWin.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe () C:\Program Files (x86)\VirtuaWin\modules\WinList.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (TrueCrypt Foundation) M:\Program Files\TrueCrypt\TrueCrypt.exe (SecureMix LLC) M:\Program Files (x86)\GlassWire\GWIdlMon.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (The Pidgin developer community) M:\Program Files (x86)\Pidgin\pidgin.exe () M:\Program Files\HexChat\hexchat.exe () M:\Program Files (x86)\qBittorrent\qbittorrent.exe () M:\Program Files (x86)\Spaz\Spaz.exe () M:\Program Files (x86)\SABnzbd\SABnzbd.exe (Moonchild Productions) C:\Program Files\Pale Moon\palemoon.exe (Valve Corporation) M:\Games\Steam\Steam.exe (Valve Corporation) M:\Games\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) M:\Games\Steam\bin\steamwebhelper.exe (Valve Corporation) M:\Games\Steam\bin\steamwebhelper.exe (Sysinternals - www.sysinternals.com) M:\Programme\SysinternalsSuite\Autoruns.exe (ConEmu-Maximus5) C:\Program Files\ConEmu\ConEmu64.exe (ConEmu-Maximus5) C:\Program Files\ConEmu\ConEmu\ConEmuC64.exe (Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (EJIE Technology) C:\Program Files (x86)\Clover\clover.exe (Moonchild Productions) C:\Program Files\FossaMail\FossaMail.exe () C:\Program Files (x86)\VirusTotalUploader2\VirusTotalUploader2.2.exe () B:\Downloads\Defogger.exe (Malwarebytes Corporation) M:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe () M:\Program Files (x86)\ClamWin\bin\clamscan.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-15] (Realtek Semiconductor) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14862456 2015-09-01] (Logitech Inc.) HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] () HKLM\...\Run: [OODefragTray] => M:\Program Files\OO Software\Defrag\oodtray.exe HKLM\...\Run: [Greenshot] => m:\Program Files\Greenshot\Greenshot.exe [540672 2015-04-19] (Greenshot) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-08-09] (IvoSoft) HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2715536 2015-04-10] (Dominik Reichl) HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [735744 2013-02-27] (Creative Technology Ltd) HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2014-11-27] (Citrix Systems, Inc.) HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-11-27] (Citrix Systems, Inc.) HKLM-x32\...\Run: [GDataUsbProtection] => C:\Program Files (x86)\G DATA\USB KEYBOARD GUARD\GD2NDKBB.exe [1412216 2014-09-05] (G Data Software AG) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [39175960 2015-08-14] (Dropbox, Inc.) HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [830416 2015-08-03] (MSI) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [11328464 2015-09-11] (Micro-Star INT'L CO., LTD.) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2015-06-18] (Malwarebytes Corporation) HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION HKLM\...\Command Processor: "C:\Program Files (x86)\clink\0.4.2\clink" inject --profile "~\clink" <======= ATTENTION HKLM-x32\...\Command Processor: "C:\Program Files (x86)\clink\0.4.2\clink" inject --profile "~\clink" <======= ATTENTION HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [7 Taskbar Tweaker] => M:\Program Files (x86)\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [380416 2015-08-22] (RaMMicHaeL) HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [ClamWin] => m:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2015-05-05] (alch) HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [SandboxieControl] => m:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-06-23] (Sandboxie Holdings, LLC) HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [Google Update] => C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.) HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [ownCloud] => M:\Program Files (x86)\ownCloud\owncloud.exe [1748494 2015-09-01] () HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [Ditto] => m:\Program Files\Ditto\Ditto.exe [1975808 2015-01-10] () HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [LoxCONTROL] => M:\Program Files (x86)\Loxone\LoxoneConfig\LoxCONTROL.exe [1865176 2014-05-07] (Loxone Electronics GmbH) HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [f.lux] => C:\Users\mongole\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC) HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [Clam Sentinel] => C:\Program Files (x86)\ClamSentinel\ClamSentinel.exe [737280 2014-07-18] (Andrea Russo - Italy) HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [GlassWire] => M:\Program Files (x86)\GlassWire\glasswire.exe [12771872 2015-07-30] (SecureMix LLC) HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {00fc8422-4518-11e4-8264-0015833d0a57} - "Z:\Setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {07a2f1dc-dbb6-11e4-8291-97d8e33ee520} - "O:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0b248c5f-c9bc-11e4-8290-0015833d0a57} - "R:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0d1c3130-6b70-11e4-8273-0015833d0a57} - "J:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0d1c31a4-6b70-11e4-8273-0015833d0a57} - "J:\Setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0d1c31c9-6b70-11e4-8273-0015833d0a57} - "O:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0d1c3228-6b70-11e4-8273-0015833d0a57} - "P:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {14df6a04-0a84-11e5-82a0-0015833d0a57} - "O:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {162e6353-bf1e-11e4-828f-0015833d0a57} - "Q:\BvsC_Setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {18bfff98-a6b1-11e4-8284-e65431e47091} - "R:\Setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {2df4f224-5338-11e5-82b8-c975e38b645c} - "P:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {2f6767ba-72b0-11e4-8277-0015833d0a57} - "P:\start.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {4ab32722-d8e7-11e4-8291-97d8e33ee520} - "H:\Setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {4ab327eb-d8e7-11e4-8291-97d8e33ee520} - "H:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {4ab328a3-d8e7-11e4-8291-97d8e33ee520} - "L:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {4fc9a4b0-580a-11e5-82ba-0015833d0a57} - "P:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {60881c93-86fc-11e4-827e-9f3555d7a4f3} - "Q:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {642b4753-b3df-11e4-828e-a9ce0c2de137} - "P:\Autorun.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {642b4891-b3df-11e4-828e-a9ce0c2de137} - "P:\Autorun.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {714b828f-4260-11e5-82b7-0015833d0a57} - "P:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {762b7399-7812-11e4-827d-0015833d0a57} - "P:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {762b75e7-7812-11e4-827d-0015833d0a57} - "P:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {762b9426-7812-11e4-827d-0015833d0a57} - "P:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {83042a8e-617d-11e4-8273-0015833d0a57} - "J:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {83042bc2-617d-11e4-8273-0015833d0a57} - "J:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {83043e48-617d-11e4-8273-0015833d0a57} - "J:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {830440a0-617d-11e4-8273-0015833d0a57} - "K:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {83044447-617d-11e4-8273-0015833d0a57} - "O:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {89f42221-ff1a-11e4-82a0-0015833d0a57} - "O:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {9aada012-a252-11e4-8284-e65431e47091} - "Q:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {9aadaf0b-a252-11e4-8284-e65431e47091} - "R:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {a4fef4da-5e67-11e5-82ba-0015833d0a57} - "Q:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {a9a16c7d-0027-11e5-82a0-0015833d0a57} - "O:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {b22c0533-6397-11e5-82bc-0015833d0a57} - "Q:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {b39f8cc0-1d22-11e5-82a9-0015833d0a57} - "O:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {d225db12-d660-11e4-8291-97d8e33ee520} - "P:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {d225e732-d660-11e4-8291-97d8e33ee520} - "H:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {dc266ba8-80b9-11e4-827d-0015833d0a57} - "Q:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {dfac2b46-37c5-11e5-82b2-0015833d0a57} - "P:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e0617187-c45c-11e4-828f-0015833d0a57} - "Q:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e06176a3-c45c-11e4-828f-0015833d0a57} - "R:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e54e06e4-b393-11e4-828e-a9ce0c2de137} - "H:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e54e0808-b393-11e4-828e-a9ce0c2de137} - "H:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e7b61e58-9e1a-11e4-8284-e65431e47091} - "Q:\setup.exe" HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-10-29] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-18\...\RunOnce: [{BF6DA836-4385-488D-8F01-89E886CAD41D}] => "B:\Killer_Network_Drivers_(driver_only)_1.1.50.1073\Killer\setup.exe" HKU\S-1-5-18\...\Policies\system: [DisableLockWorkstation] 0 ShellIconOverlayIdentifiers: [ OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCErrorShared] -> {0960F091-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCOKShared] -> {0960F093-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCSyncShared] -> {0960F095-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCWarning] -> {0960F096-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ OCWarningShared] -> {0960F097-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl) ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl) ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl) ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl) ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BtProx.lnk [2015-03-29] ShortcutTarget: BtProx.lnk -> C:\Program Files (x86)\BtProx\btprox.exe (BtProx) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Duplicati.lnk [2014-10-19] ShortcutTarget: Duplicati.lnk -> M:\Program Files\Duplicati\Duplicati.exe (HexaD) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-09-07] ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks) Startup: C:\Users\mongole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk [2014-12-16] ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.) Startup: C:\Users\mongole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VirtuaWin.lnk [2014-09-23] ShortcutTarget: VirtuaWin.lnk -> C:\Program Files (x86)\VirtuaWin\VirtuaWin.exe (VirtuaWin) BootExecute: autocheck autochk /m /P \Device\TrueCryptVolumeZautocheck autochk * GroupPolicyScripts: Restriction <======= ATTENTION GroupPolicyScripts\User: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{8F5EDCF9-F14F-4A0C-AEB1-5860B2A385C0}: [NameServer] 192.168.100.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-29] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-29] (Oracle Corporation) BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> C:\Program Files (x86)\Clover\TabHelper64.dll [2014-01-23] (EJIE Technology) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft) BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> m:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-06-27] (FreeDownloadManager.ORG) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft) DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) FireFox: ======== FF ProfilePath: C:\Users\mongole\AppData\Roaming\Mozilla\Firefox\Profiles\q1eucqck.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] () FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-29] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-29] (Oracle Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> m:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.0 -> m:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> m:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] () FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-11-27] (Citrix Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation) FF Plugin HKU\S-1-5-21-3859236888-2619314948-3413747170-1001: @tools.google.com/Google Update;version=3 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.) FF Plugin HKU\S-1-5-21-3859236888-2619314948-3413747170-1001: @tools.google.com/Google Update;version=9 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.) FF HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - m:\Program Files (x86)\Free Download Manager\Firefox\Extension FF Extension: Free Download Manager plugin - m:\Program Files (x86)\Free Download Manager\Firefox\Extension [2014-09-25] StartMenuInternet: FIREFOX.EXE - m:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed] S2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [112640 2013-07-03] (Creative Technology Ltd) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-07-25] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-07-25] (Dropbox, Inc.) R2 DirMngr; m:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2014-09-03] () [File not signed] R2 EMET_Service; C:\Program Files (x86)\EMET 5.2\EMET_Service.exe [22680 2015-03-11] (Microsoft Corporation) S3 FileZilla Server; m:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [794584 2015-06-12] (FileZilla Project) S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [762272 2015-09-11] (Garmin Ltd. or its subsidiaries) R2 GlassWire; M:\Program Files (x86)\GlassWire\GWCtlSrv.exe [7438880 2015-07-30] (SecureMix LLC) S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation) S3 iked; m:\Program Files\ShrewSoft\VPN Client\iked.exe [1127736 2013-07-01] () S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation) S3 ipsecd; m:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-07-01] () S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-04-09] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation) R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [402432 2015-07-07] (Rivet Networks) [File not signed] R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [192120 2015-09-01] (Logitech Inc.) S3 MBAMService; m:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S3 MSIBIOSData_CC; C:\Program Files (x86)\MSI\Command Center\BIOSData\MSIBIOSDataService.exe [2106832 2015-06-29] (MSI) S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [4045264 2015-08-03] (MSI) S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2123216 2015-07-08] (MSI) S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe [4177360 2015-07-07] (MSI) R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2002896 2015-07-28] (MSI) R2 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2284496 2015-07-30] (MSI) S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2072528 2015-06-29] (MSI) S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [599504 2015-07-28] (MSI) R2 MSI_ECOSERVICE; C:\Program Files (x86)\MSI\ECO Center\ECO_Service.exe [2266280 2015-03-27] (Micro-Star INT'L CO., LTD.) R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1768912 2015-09-11] (Micro-Star INT'L CO., LTD.) R2 NfsClnt; C:\Windows\system32\nfsclnt.exe [100352 2014-09-25] (Microsoft Corporation) S3 OODefragAgent; M:\Program Files\OO Software\Defrag\oodag.exe [1660200 2014-08-29] (O&O Software GmbH) S3 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) S2 SbieSvc; m:\Program Files\Sandboxie\SbieSvc.exe [175752 2015-06-23] (Sandboxie Holdings, LLC) S3 Synergy; M:\Program Files\Synergy\synergyd.exe [298496 2014-05-23] () [File not signed] S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH) S2 uvnc_service; m:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe [1979136 2015-05-28] (UltraVNC) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S3 MPlayerWWService; "M:\Programme\mplayer\tools\MPlayerWWService.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [118320 2015-06-19] (Rivet Networks, LLC.) R3 bthav; C:\Windows\system32\drivers\bthav.sys [40448 2008-07-10] (CSR, plc) R3 cthda; C:\Windows\system32\drivers\cthda.sys [1060632 2013-07-03] (Creative Technology Ltd) R3 cthdb; C:\Windows\system32\DRIVERS\cthdb.sys [34072 2013-07-03] (Creative Technology Ltd) R0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [210632 2014-07-09] () S3 dvblink_tuner; C:\Windows\system32\drivers\dvblink_tuner.sys [78184 2013-10-24] (DVBLogic) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 GDKBBlocker; C:\Windows\system32\drivers\GDKBBlocker64.sys [30720 2015-03-04] (G Data Software AG) R1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (SecureMix LLC) S3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] () R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [126512 2015-03-18] (Qualcomm Atheros, Inc.) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.) R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-25] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation) R3 NfsRdr; C:\Windows\System32\drivers\nfsrdr.sys [261120 2014-09-25] (Microsoft Corporation) S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R3 NTIOLib_ECO; C:\Program Files (x86)\MSI\ECO Center\NTIOLib_X64.sys [13808 2014-01-06] (MSI) R3 NTIOLib_MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-26] (MSI) S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-02-05] (NVIDIA Corporation) S3 pbfilter; M:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] () S3 PORTMON; M:\Programme\SysinternalsSuite\PORTMSYS.SYS [28656 2015-07-11] (Systems Internals) [File not signed] R2 RAMDriv; C:\Windows\system32\DRIVERS\ramdriv.sys [81912 2012-12-27] (Micro-Star Int'l Co., Ltd.) R3 RpcXdr; C:\Windows\System32\drivers\rpcxdr.sys [131072 2014-09-25] (Microsoft Corporation) R3 SbieDrv; m:\Program Files\Sandboxie\SbieDrv.sys [190088 2015-06-23] (Sandboxie Holdings, LLC) S3 UDST7000BDA; C:\Windows\system32\DRIVERS\TerraTecUsbBda.sys [917160 2012-08-20] (TerraTec Electronic GmbH.) S3 UDST7000HID; C:\Windows\System32\drivers\TerraTecUsbHid.sys [26408 2012-08-20] (TerraTec Electronic GmbH.) U5 UnlockerDriver5; c:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation) R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [146072 2015-07-09] (Oracle Corporation) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115208 2015-05-13] (Oracle Corporation) R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [192344 2015-07-25] (IDRIX) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 wod0205; C:\Windows\system32\DRIVERS\wod0205.sys [33160 2011-04-23] (WeOnlyDo Software) S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation) U0 xtcx; C:\Windows\System32\drivers\elqmjfvr.sys [79064 2015-09-25] (Malwarebytes Corporation) S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X] S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X] U3 kglcypob; \??\B:\TEMP\kglcypob.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-25 23:38 - 2015-09-25 23:40 - 00000000 ____D C:\FRST 2015-09-25 23:21 - 2015-09-25 23:21 - 00000000 _____ C:\Users\mongole\defogger_reenable 2015-09-25 22:51 - 2015-09-25 22:51 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\elqmjfvr.sys 2015-09-25 22:38 - 2015-09-25 22:50 - 00000000 ____D C:\Windows\System32\Tasks\Update 2015-09-25 22:38 - 2015-09-25 22:38 - 00000445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOMA.lnk 2015-09-25 22:38 - 2015-09-25 22:38 - 00000000 ____D C:\Users\mongole\AppData\Roaming\F3247B3C-E835-478E-8AA4-F9949F685480 2015-09-25 17:11 - 2015-09-25 17:11 - 00000021 _____ C:\Windows\S.dirmngr 2015-09-25 16:05 - 2015-08-22 15:42 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2015-09-25 16:05 - 2015-08-22 15:42 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2015-09-25 16:05 - 2015-08-22 15:42 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2015-09-25 16:05 - 2015-08-22 15:42 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2015-09-25 16:05 - 2015-08-22 15:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2015-09-25 16:05 - 2015-08-22 15:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2015-09-25 16:05 - 2015-08-22 15:42 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2015-09-25 16:05 - 2015-08-22 15:42 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2015-09-25 16:05 - 2015-08-22 15:42 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2015-09-25 16:05 - 2015-08-22 15:42 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2015-09-25 16:05 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2015-09-25 16:05 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2015-09-25 16:05 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2015-09-25 16:05 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2015-09-25 16:05 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2015-09-25 16:05 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2015-09-25 16:05 - 2015-08-22 15:35 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2015-09-25 16:05 - 2015-08-22 15:35 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2015-09-25 16:05 - 2015-08-22 15:35 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2015-09-25 16:05 - 2015-08-22 15:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2015-09-25 16:05 - 2015-08-22 15:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2015-09-25 16:05 - 2015-08-22 15:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2015-09-25 16:05 - 2015-08-22 15:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2015-09-25 16:05 - 2015-08-22 15:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2015-09-25 16:05 - 2015-08-22 15:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2015-09-25 16:05 - 2015-08-22 15:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2015-09-25 16:05 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2015-09-25 16:05 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2015-09-25 16:05 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2015-09-25 16:05 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2015-09-25 16:05 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2015-09-25 16:05 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2015-09-25 16:05 - 2015-08-10 20:15 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2015-09-25 16:05 - 2015-08-10 20:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL 2015-09-25 16:05 - 2015-08-10 20:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2015-09-25 16:05 - 2015-08-10 19:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2015-09-25 16:05 - 2015-08-10 18:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2015-09-25 16:05 - 2015-08-10 18:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2015-09-25 16:05 - 2015-08-07 23:41 - 07460168 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-09-25 16:05 - 2015-08-07 23:40 - 01736520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-09-25 16:05 - 2015-08-07 23:40 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-09-25 16:05 - 2015-08-07 23:40 - 01134752 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-09-25 16:05 - 2015-08-07 23:40 - 00686960 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-09-25 16:05 - 2015-08-07 23:40 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-09-25 16:05 - 2015-08-07 16:13 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-09-25 16:05 - 2015-08-06 21:15 - 01658544 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-09-25 16:05 - 2015-08-06 21:15 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-09-25 16:05 - 2015-08-06 21:15 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-09-25 16:05 - 2015-08-06 21:15 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-09-25 16:05 - 2015-08-06 19:05 - 00669184 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx 2015-09-25 16:05 - 2015-08-06 18:47 - 04710400 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2015-09-25 16:05 - 2015-08-06 18:37 - 00536576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx 2015-09-25 16:05 - 2015-08-06 18:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2015-09-25 16:05 - 2015-07-16 20:58 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\NcdAutoSetup.dll 2015-09-23 21:06 - 2015-09-23 21:09 - 00000000 ____D C:\Users\mongole\AppData\Roaming\FRITZ! 2015-09-23 21:04 - 2015-09-23 21:04 - 00000726 _____ C:\Users\Public\Desktop\FRITZ!fax.lnk 2015-09-23 21:04 - 2015-09-23 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ! 2015-09-23 21:04 - 2006-02-23 12:16 - 00047616 _____ (TODO: <Company name>) C:\Windows\system32\AvmColorFax.dll 2015-09-23 21:04 - 2006-02-23 11:35 - 00020480 _____ C:\Windows\system32\FritzColorPort64.dll 2015-09-23 21:04 - 2006-02-22 10:53 - 00043520 _____ (TODO: <Company name>) C:\Windows\system32\AvmFax.dll 2015-09-23 21:04 - 2006-02-22 10:51 - 00027136 _____ (AVM Berlin GmbH) C:\Windows\system32\FriDru64.dll 2015-09-23 21:04 - 2006-02-22 10:39 - 00020480 _____ C:\Windows\system32\FritzPort64.dll 2015-09-23 21:03 - 2015-09-23 21:03 - 00000000 ____D C:\ProgramData\ISDNWatch 2015-09-23 21:03 - 2015-09-23 21:03 - 00000000 ____D C:\ProgramData\FRITZ!fax für FRITZ!Box 2015-09-23 20:58 - 2015-09-23 20:58 - 00000174 _____ C:\Windows\setup.log 2015-09-22 20:35 - 2015-09-14 02:29 - 42840368 _____ C:\Windows\system32\nvcompiler.dll 2015-09-22 20:35 - 2015-09-14 02:29 - 37819000 _____ C:\Windows\SysWOW64\nvcompiler.dll 2015-09-22 20:35 - 2015-09-14 02:29 - 22525560 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2015-09-22 20:35 - 2015-09-14 02:29 - 16637528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2015-09-22 20:35 - 2015-09-14 02:29 - 14936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2015-09-22 20:35 - 2015-09-14 02:29 - 13660648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2015-09-22 20:35 - 2015-09-14 02:29 - 12514824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2015-09-22 20:35 - 2015-09-14 02:29 - 12185344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2015-09-22 20:35 - 2015-09-14 02:29 - 11096696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2015-09-22 20:35 - 2015-09-14 02:29 - 03530608 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2015-09-22 20:35 - 2015-09-14 02:29 - 03116160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2015-09-22 20:35 - 2015-09-14 02:29 - 02940024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2015-09-22 20:35 - 2015-09-14 02:29 - 02627192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2015-09-22 20:35 - 2015-09-14 02:29 - 01898288 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435598.dll 2015-09-22 20:35 - 2015-09-14 02:29 - 01558832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435598.dll 2015-09-22 20:35 - 2015-09-14 02:29 - 01105976 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2015-09-22 20:35 - 2015-09-14 02:29 - 01074808 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2015-09-22 20:35 - 2015-09-14 02:29 - 01064056 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2015-09-22 20:35 - 2015-09-14 02:29 - 00986232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2015-09-22 20:35 - 2015-09-14 02:29 - 00944760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2015-09-22 20:35 - 2015-09-14 02:29 - 00943712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2015-09-22 20:35 - 2015-09-14 02:29 - 00879000 _____ C:\Windows\system32\nvmcumd.dll 2015-09-22 20:35 - 2015-09-14 02:29 - 00512904 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2015-09-22 20:35 - 2015-09-14 02:29 - 00421544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2015-09-22 20:35 - 2015-09-14 02:29 - 00408184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2015-09-22 20:35 - 2015-09-14 02:29 - 00364152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2015-09-22 20:35 - 2015-09-14 02:29 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2015-09-22 20:35 - 2015-09-14 02:29 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2015-09-22 20:35 - 2015-09-14 02:29 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2015-09-22 20:35 - 2015-09-14 02:29 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2015-09-17 16:50 - 2015-09-17 16:50 - 00000000 ____D C:\Users\mongole\AppData\Roaming\XnView 2015-09-16 18:58 - 2015-09-16 18:58 - 00000000 ____D C:\Users\mongole\AppData\Roaming\TagScanner 2015-09-16 18:58 - 2015-09-16 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner 2015-09-15 23:24 - 2015-09-15 23:24 - 00000000 ____D C:\Users\mongole\AppData\Roaming\pdfforge 2015-09-15 23:24 - 2015-09-15 23:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2015-09-15 23:24 - 2015-06-04 10:36 - 00115592 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll 2015-09-15 04:12 - 2015-09-15 04:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2015-09-12 03:14 - 2015-09-12 03:14 - 00000000 ____D C:\Program Files\Common Files\AV 2015-09-12 03:14 - 2015-09-12 03:14 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-09-12 03:14 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe 2015-09-11 20:08 - 2015-09-11 20:08 - 00000711 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hatred.lnk 2015-09-11 01:21 - 2015-09-11 01:21 - 00000000 ____D C:\Users\mongole\AppData\Roaming\IrfanView 2015-09-11 01:21 - 2015-09-11 01:21 - 00000000 ____D C:\Program Files\IrfanView 2015-09-11 00:21 - 2015-09-25 17:11 - 00002070 _____ C:\Windows\setupact.log 2015-09-11 00:21 - 2015-09-11 00:21 - 00000000 _____ C:\Windows\setuperr.log 2015-09-10 22:18 - 2015-09-10 22:18 - 00000018 _____ C:\Users\mongole\start 2015-09-10 21:44 - 2015-09-10 22:18 - 00000018 _____ C:\Users\mongole\stop 2015-09-10 21:05 - 2015-09-14 02:29 - 14635600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2015-09-10 21:05 - 2015-08-25 20:46 - 01898288 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435582.dll 2015-09-10 21:05 - 2015-08-25 20:46 - 01558648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435582.dll 2015-09-10 20:57 - 2015-09-03 04:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-09-10 20:57 - 2015-09-03 04:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2015-09-10 20:57 - 2015-09-02 20:48 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-09-10 20:57 - 2015-09-02 19:09 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-09-10 20:57 - 2015-09-02 04:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-09-10 20:57 - 2015-09-02 04:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-09-10 20:57 - 2015-09-02 04:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-09-10 20:57 - 2015-09-02 04:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-09-10 20:57 - 2015-09-02 04:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-09-10 20:57 - 2015-08-27 04:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-09-10 20:57 - 2015-08-26 20:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-09-10 20:57 - 2015-08-26 20:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-09-10 20:57 - 2015-08-26 20:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-09-10 20:57 - 2015-08-26 20:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-09-10 20:57 - 2015-08-26 16:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-09-10 20:57 - 2015-08-26 16:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-09-10 20:57 - 2015-08-26 16:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-09-10 20:57 - 2015-08-26 16:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-09-10 20:57 - 2015-08-26 16:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-09-10 20:57 - 2015-08-26 16:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-09-10 20:57 - 2015-08-26 16:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-09-10 20:57 - 2015-08-22 20:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-09-10 20:57 - 2015-08-22 19:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-09-10 20:57 - 2015-08-22 19:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-09-10 20:57 - 2015-08-22 19:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-09-10 20:57 - 2015-08-22 19:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-09-10 20:57 - 2015-08-22 19:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-09-10 20:57 - 2015-08-22 18:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-09-10 20:57 - 2015-08-22 18:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-09-10 20:57 - 2015-08-22 18:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-09-10 20:57 - 2015-08-22 18:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-09-10 20:57 - 2015-08-22 18:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-09-10 20:57 - 2015-08-22 18:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-09-10 20:57 - 2015-08-22 18:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-09-10 20:57 - 2015-08-22 18:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-09-10 20:57 - 2015-08-22 18:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-09-10 20:57 - 2015-08-22 18:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-09-10 20:57 - 2015-08-22 18:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-09-10 20:57 - 2015-08-22 18:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-09-10 20:57 - 2015-08-22 18:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-09-10 20:57 - 2015-08-22 18:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-09-10 20:57 - 2015-08-22 18:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-09-10 20:57 - 2015-08-22 18:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-09-10 20:57 - 2015-08-22 18:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-09-10 20:57 - 2015-08-22 18:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-09-10 20:57 - 2015-08-22 18:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-09-10 20:57 - 2015-08-22 18:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-09-10 20:57 - 2015-08-22 18:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-09-10 20:57 - 2015-08-22 17:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-09-10 20:57 - 2015-08-22 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-09-10 20:57 - 2015-08-03 23:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-09-10 20:57 - 2015-08-03 23:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-09-10 20:57 - 2015-08-01 16:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-09-10 20:57 - 2015-08-01 05:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe 2015-09-10 20:57 - 2015-08-01 05:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe 2015-09-10 20:57 - 2015-08-01 05:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2015-09-10 20:57 - 2015-08-01 05:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe 2015-09-10 20:57 - 2015-08-01 05:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe 2015-09-10 20:57 - 2015-07-30 19:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-09-10 20:57 - 2015-07-30 18:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-09-10 20:57 - 2015-07-22 16:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-09-10 20:57 - 2015-07-22 16:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll 2015-09-10 20:57 - 2015-07-22 16:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-09-10 20:57 - 2015-07-22 16:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll 2015-09-10 20:57 - 2015-07-18 20:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll 2015-09-10 20:57 - 2015-07-18 20:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll 2015-09-10 20:57 - 2015-07-18 20:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll 2015-09-10 20:57 - 2015-07-18 20:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll 2015-09-07 01:18 - 2015-09-07 01:18 - 00002801 _____ C:\Users\Public\Desktop\Killer Network Manager.lnk 2015-09-07 01:18 - 2015-09-07 01:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Killer Networking 2015-09-07 01:18 - 2015-09-07 01:18 - 00000000 ____D C:\ProgramData\Killer 2015-09-07 01:18 - 2015-09-07 01:18 - 00000000 ____D C:\Program Files\Killer Networking 2015-09-05 17:51 - 2015-09-05 17:51 - 00000722 _____ C:\Users\mongole\Desktop\Act of Aggression.lnk 2015-09-05 17:51 - 2015-09-05 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Act of Aggression 2015-09-04 21:10 - 2015-09-04 21:12 - 00000000 ____D C:\Users\mongole\Documents\b1-keys 2015-09-04 21:10 - 2015-09-04 21:10 - 00000000 ____D C:\Users\mongole\b1-keys 2015-09-02 14:25 - 2015-09-02 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-09-02 13:36 - 2015-09-02 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.0 2015-08-30 19:57 - 2015-08-30 19:57 - 00000665 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk 2015-08-30 19:57 - 2015-08-30 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap 2015-08-30 19:57 - 2015-08-30 19:57 - 00000000 ____D C:\Program Files (x86)\WinPcap 2015-08-29 13:19 - 2015-08-29 13:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74 2015-08-29 12:55 - 2015-08-29 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guacamelee! Super Turbo Championship Edition [GOG.com] 2015-08-29 12:24 - 2015-08-29 12:24 - 00000000 ____D C:\Users\mongole\AppData\Roaming\Sun 2015-08-29 12:24 - 2015-08-29 12:24 - 00000000 ____D C:\Users\mongole\.oracle_jre_usage 2015-08-27 20:17 - 2015-08-27 20:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell 2015-08-27 20:17 - 2015-08-27 20:17 - 00000000 ____D C:\Program Files\Classic Shell ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-25 23:40 - 2015-04-25 06:20 - 00000000 ____D C:\Program Files\McAfee 2015-09-25 23:40 - 2014-09-22 21:43 - 00000000 ____D C:\Users\mongole\AppData\Roaming\.purple 2015-09-25 23:39 - 2014-10-26 01:01 - 00000000 ____D C:\Users\mongole\AppData\Roaming\Ditto 2015-09-25 23:37 - 2014-10-17 18:44 - 00001158 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001UA.job 2015-09-25 23:30 - 2014-09-22 15:18 - 00070702 _____ C:\Users\mongole\Desktop\main.kdbx 2015-09-25 23:27 - 2015-04-25 06:20 - 00000000 ____D C:\Program Files\stinger 2015-09-25 23:22 - 2014-10-31 13:52 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-25 23:21 - 2014-09-21 21:21 - 00000000 ____D C:\Users\mongole 2015-09-25 22:54 - 2014-09-21 21:26 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3859236888-2619314948-3413747170-1001 2015-09-25 22:51 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\tracing 2015-09-25 22:48 - 2014-09-22 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ConEmu 2015-09-25 22:48 - 2014-09-22 21:39 - 00000000 ____D C:\Program Files\ConEmu 2015-09-25 22:41 - 2015-07-25 19:36 - 00001246 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2015-09-25 19:47 - 2014-09-21 21:27 - 01816717 _____ C:\Windows\WindowsUpdate.log 2015-09-25 19:41 - 2015-07-25 19:36 - 00001242 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2015-09-25 17:37 - 2014-10-12 20:02 - 00000000 ____D C:\Users\mongole\AppData\Roaming\qBittorrent 2015-09-25 17:17 - 2014-09-22 15:08 - 00763218 _____ C:\Windows\system32\perfh007.dat 2015-09-25 17:17 - 2014-09-22 15:08 - 00159364 _____ C:\Windows\system32\perfc007.dat 2015-09-25 17:17 - 2014-03-18 12:01 - 01780340 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-25 17:14 - 2014-09-23 01:24 - 00000000 ____D C:\Users\mongole\AppData\Roaming\HexChat 2015-09-25 17:13 - 2014-09-26 00:20 - 00006469 _____ C:\Windows\SysWOW64\Gms.log 2015-09-25 17:12 - 2014-09-24 22:03 - 00000000 ____D C:\Users\mongole\AppData\Roaming\Dropbox 2015-09-25 17:12 - 2014-09-21 21:21 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS 2015-09-25 17:11 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-25 16:55 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-09-25 16:54 - 2014-09-22 15:20 - 00000000 ____D C:\Users\mongole\AppData\Roaming\KeePass 2015-09-25 16:39 - 2014-10-17 18:44 - 00002452 _____ C:\Users\mongole\Desktop\Google Chrome Canary.lnk 2015-09-25 16:05 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp 2015-09-25 02:58 - 2014-10-02 21:17 - 00001780 _____ C:\Windows\Sandboxie.ini 2015-09-25 01:47 - 2014-09-25 15:33 - 00000000 ____D C:\Users\mongole\AppData\Roaming\foobar2000 2015-09-24 22:58 - 2014-10-05 20:45 - 00000000 ____D C:\Users\mongole\AppData\Roaming\vlc 2015-09-24 20:29 - 2014-09-22 23:04 - 00000000 ____D C:\Program Files\Logitech Gaming Software 2015-09-24 20:29 - 2014-03-18 11:51 - 00083868 _____ C:\Windows\PFRO.log 2015-09-24 20:27 - 2014-09-22 23:04 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys 2015-09-24 20:27 - 2014-09-22 23:04 - 00006223 _____ C:\Windows\LkmdfCoInst.log 2015-09-24 20:27 - 2014-09-22 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2015-09-24 19:40 - 2014-10-30 11:15 - 00004208 __RSH C:\ProgramData\ntuser.pol 2015-09-24 13:12 - 2015-03-16 21:35 - 00000000 ____D C:\Program Files\Pale Moon 2015-09-24 04:37 - 2014-10-17 18:44 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001Core.job 2015-09-23 21:03 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\Help 2015-09-22 20:35 - 2014-09-24 01:32 - 00000000 ____D C:\Temp 2015-09-22 20:35 - 2014-09-22 15:15 - 00000000 ____D C:\ProgramData\NVIDIA 2015-09-22 20:34 - 2014-09-26 00:16 - 00000000 ____D C:\MSI 2015-09-22 20:34 - 2014-09-26 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI 2015-09-22 20:34 - 2014-09-26 00:12 - 00000000 ____D C:\Program Files (x86)\MSI 2015-09-15 04:32 - 2014-10-17 18:44 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001UA 2015-09-15 04:32 - 2014-10-17 18:44 - 00003728 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001Core 2015-09-15 04:12 - 2014-09-22 23:59 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask 2015-09-15 04:12 - 2014-09-22 23:59 - 00001906 _____ C:\Users\Public\Desktop\Garmin Express.lnk 2015-09-15 04:12 - 2014-09-22 23:59 - 00000000 ____D C:\Program Files (x86)\Garmin 2015-09-15 04:12 - 2014-09-21 21:27 - 00000000 ____D C:\ProgramData\Package Cache 2015-09-15 03:18 - 2013-08-22 17:38 - 00812008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-09-15 03:18 - 2013-08-22 17:38 - 00178152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-09-14 02:29 - 2015-02-21 21:30 - 18543736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2015-09-14 02:29 - 2014-11-17 00:00 - 15513208 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2015-09-14 02:29 - 2014-09-22 15:15 - 17082928 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2015-09-14 02:29 - 2014-09-22 15:15 - 00112760 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2015-09-14 02:29 - 2014-09-22 15:15 - 00105080 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2015-09-14 02:29 - 2014-09-22 15:15 - 00033079 _____ C:\Windows\system32\nvinfo.pb 2015-09-14 00:09 - 2014-09-22 15:15 - 06884984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2015-09-14 00:09 - 2014-09-22 15:15 - 03496056 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2015-09-14 00:09 - 2014-09-22 15:15 - 02558584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2015-09-14 00:09 - 2014-09-22 15:15 - 00937776 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2015-09-14 00:09 - 2014-09-22 15:15 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2015-09-14 00:09 - 2014-09-22 15:15 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2015-09-13 20:24 - 2014-09-22 22:51 - 00000000 ____D C:\Users\mongole\AppData\Roaming\gnupg 2015-09-11 14:17 - 2014-09-22 15:15 - 05231082 _____ C:\Windows\system32\nvcoproc.bin 2015-09-11 01:00 - 2014-10-24 23:29 - 00000038 _____ C:\Users\mongole\.lesshst 2015-09-11 00:33 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache 2015-09-11 00:23 - 2014-10-19 23:36 - 00000738 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ownCloud.lnk 2015-09-10 22:44 - 2014-10-02 21:44 - 00000912 __RSH C:\Users\mongole\ntuser.pol 2015-09-10 21:08 - 2013-08-22 16:44 - 00409384 _____ C:\Windows\system32\FNTCACHE.DAT 2015-09-10 21:07 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-09-10 21:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru 2015-09-10 20:58 - 2014-03-18 11:43 - 00000000 ____D C:\Program Files\Windows Journal 2015-09-08 22:55 - 2014-09-22 21:36 - 00001771 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FossaMail.lnk 2015-09-08 22:55 - 2014-09-22 21:36 - 00000000 ____D C:\Program Files\FossaMail 2015-09-06 00:52 - 2015-06-22 22:15 - 00000992 _____ C:\Users\mongole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk 2015-09-05 20:14 - 2014-09-25 20:49 - 00000000 ____D C:\Users\mongole\Documents\My Games 2015-09-05 17:38 - 2014-10-24 23:35 - 00000000 ____D C:\Users\mongole\.VirtualBox 2015-09-05 09:16 - 2014-11-16 20:05 - 00000600 _____ C:\Users\mongole\AppData\Roaming\winscp.rnd 2015-09-04 19:49 - 2015-01-11 17:43 - 00034426 _____ C:\Users\mongole\Documents\default.xdb 2015-09-02 14:25 - 2015-07-25 19:36 - 00000000 ____D C:\Program Files (x86)\Dropbox 2015-08-31 23:15 - 2014-09-26 01:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPU-Z 2015-08-29 13:02 - 2015-01-16 03:24 - 00000000 ____D C:\Users\mongole\AppData\Roaming\Azureus 2015-08-29 12:55 - 2014-09-24 01:29 - 00384876 _____ C:\Windows\DirectX.log 2015-08-29 12:24 - 2015-01-19 22:50 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-08-29 12:24 - 2015-01-19 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-08-29 12:24 - 2014-10-02 16:27 - 00000000 ____D C:\Program Files\Java 2015-08-26 18:37 - 2014-09-23 00:29 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-08-26 11:36 - 2015-02-08 19:26 - 00000000 ____D C:\Program Files (x86)\TeamViewer ==================== Files in the root of some directories ======= 2014-11-16 20:05 - 2015-09-05 09:16 - 0000600 _____ () C:\Users\mongole\AppData\Roaming\winscp.rnd 2014-09-24 04:01 - 2014-10-28 08:45 - 0005632 _____ () C:\Users\mongole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-09-22 14:53 - 2015-04-12 14:56 - 0000000 _____ () C:\Users\mongole\AppData\Local\Driver_LOM_8161Present.flag 2015-03-01 01:39 - 2015-03-01 01:39 - 0000000 ___SH () C:\Users\mongole\AppData\Local\LumaEmu 2014-11-24 20:59 - 2015-09-02 20:45 - 0000600 _____ () C:\Users\mongole\AppData\Local\PUTTY.RND 2014-09-26 12:29 - 2015-02-18 01:23 - 0007600 _____ () C:\Users\mongole\AppData\Local\resmon.resmoncfg 2014-10-13 07:21 - 2014-10-13 07:21 - 0004222 _____ () C:\Users\mongole\AppData\Local\Shrew Soft VPN.7z ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-23 02:12 ==================== End of FRST.txt ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by mongole (2015-09-25 23:40:55)
Running from B:\TEMP\mozOpenDownload
Windows 8.1 Enterprise (X64) (2014-09-21 19:21:30)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3859236888-2619314948-3413747170-500 - Administrator - Disabled)
Guest (S-1-5-21-3859236888-2619314948-3413747170-501 - Limited - Disabled)
mongole (S-1-5-21-3859236888-2619314948-3413747170-1001 - Administrator - Enabled) => C:\Users\mongole
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7+ Taskbar Tweaker v5.0 (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\7 Taskbar Tweaker) (Version: 5.0 - RaMMicHaeL)
7-Zip 15.05 beta x64 (HKLM\...\7-Zip) (Version: - )
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Act of Aggression (HKLM-x32\...\Act of Aggression_is1) (Version: - )
Activision(R) (x32 Version: 1.00.0000 - Activision) Hidden
ADBGUI6 (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\979922cacf20f967) (Version: 6.0.1.22 - URGERO.ORG)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.8 - Sereby Corporation)
Among The Sleep (HKLM-x32\...\Among The Sleep_is1) (Version: - )
And Yet It Moves (HKLM-x32\...\Steam App 18700) (Version: - Broken Rules)
Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.3.3 - Angry IP Scanner)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Areca (HKLM-x32\...\Areca) (Version: - )
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version: - Studio Wildcard)
Assassins Creed Unity (HKLM-x32\...\QXNzYXNzaW5zQ3JlZWRVbml0eQ==_is1) (Version: 1 - )
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version: - AVM Berlin)
AxCrypt 1.7.3156.0 (HKLM\...\{8B49CDB9-824C-44D6-A5D3-D0235D3030B8}) (Version: 1.7.3156.0 - Axantum Software AB)
Battle vs. Chess (HKLM-x32\...\Battle vs. Chess_is1) (Version: 1.0 - Zuxxez Entertainment)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)
BIT.TRIP RUNNER (HKLM-x32\...\Steam App 63710) (Version: - Gaijin Games)
Bitcoin Core (32-bit) (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Bitcoin Core (32-bit)) (Version: 0.10.1 - Bitcoin Core project)
Bitcoin Core (64-bit) (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Bitcoin Core (64-bit)) (Version: 0.11.0 - Bitcoin Core project)
BleachBit (HKLM-x32\...\BleachBit) (Version: 1.8 - BleachBit)
Bloodsports TV (HKLM-x32\...\Bloodsports TV_is1) (Version: - )
Blur(TM) (HKLM-x32\...\InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}) (Version: 1.00.0000 - Activision)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
BtProx (HKLM-x32\...\BtProx) (Version: - Uri Kogan)
Call of Duty - Advanced Warfare (HKLM-x32\...\Call of Duty - Advanced Warfare_is1) (Version: - )
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios)
Citrix AppCenter (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.Citrix AppCenter) (Version: 1.0 - Delivered by Citrix)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.2.0.10 - Citrix Systems, Inc.)
Citrix Terminalserver (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@TS.Citrix Terminalserver) (Version: 1.0 - Delivered by Citrix)
Clam Sentinel 1.22 (HKLM-x32\...\{060FE577-1BDF-4330-ACCA-B6760AB07191}_is1) (Version: - Andrea Russo - Italy)
ClamWin Free Antivirus 0.98.7 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version: - alch)
Classic Shell (HKLM\...\{E289B7DD-6732-4333-A47A-75A145D23EE3}) (Version: 4.2.4 - IvoSoft)
Clink v0.4.2 (HKLM-x32\...\clink_0.4.2) (Version: 0.4.2 - Martin Ridgers)
Closure (HKLM-x32\...\Steam App 72000) (Version: - Eyebrow Interactive)
Clover 3.0 (HKLM-x32\...\Clover) (Version: 3.0 - EJIE Technology)
cmd (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.cmd) (Version: 1.0 - Delivered by Citrix)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
ConEmu (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.ConEmu) (Version: 1.0 - Delivered by Citrix)
ConEmu 150913.x64 (HKLM\...\{FE293547-3E5B-4E1F-B9A8-724C4881CA22}) (Version: 11.150.9130 - ConEmu-Maximus5)
Contagion (HKLM-x32\...\Steam App 238430) (Version: - Monochrome, Inc)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version: - Nexon)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
CPUID CPU-Z 1.73 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
DBOX2 Image-Flashing-Assistent 3.1 (HKLM-x32\...\DBOX2 Image-Flashing-Assistent_is1) (Version: - Hallenberg.com)
Dead Island (HKLM-x32\...\Steam App 91310) (Version: - Techland)
DEAD OR ALIVE 5 Last Round (HKLM-x32\...\REVBRE9SQUxJVkU1TGFzdFJvdW5k_is1) (Version: 1 - )
Dead Rising 3 (HKLM-x32\...\Dead Rising 3_is1) (Version: - )
Depth (HKLM-x32\...\Steam App 274940) (Version: - Digital Confectioners)
Desura (HKLM-x32\...\Desura) (Version: 100.59 - Desura)
DigiTweet (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\7d5aa0ba8fedecb4) (Version: 1.0.0.59 - Digiflare Inc.)
DiskCryptor 1.1 (HKLM\...\DiskCryptor_is1) (Version: 1.1 - hxxp://diskcryptor.net/)
DiskInternals Linux Reader (HKLM-x32\...\DiskInternals Linux Reader) (Version: 2.2 - DiskInternals Research)
Ditto (HKLM\...\Ditto_is1) (Version: - Scott Brogden)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
DS Storage Manager 10 (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.DS Storage Manager 10) (Version: 1.0 - Delivered by Citrix)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
Duke Nukem 3D: Megaton Edition (HKLM-x32\...\Steam App 225140) (Version: - 3D Realms)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version: - Trendy Entertainment)
Duplicati (x64) (HKLM\...\{77BA8977-0BA6-4A83-A741-1DFAD23A6B23}) (Version: 1.3.4 - HexaD)
Dying Light (HKLM-x32\...\Dying Light_is1) (Version: - )
Dying Light Update v1.4.0 (HKLM-x32\...\RHlpbmdMaWdodA==_is1) (Version: 1 - )
Elevated Installer (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
EMET 5.2 (HKLM-x32\...\{F4DCB44D-F072-43A1-B4A5-57619C7B22D2}) (Version: 5.2 - Microsoft Corporation)
Exact Audio Copy 1.1 (HKLM-x32\...\Exact Audio Copy) (Version: 1.1 - Andre Wiethoff)
f.lux (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Flux) (Version: - )
Fahrenheit Indigo Prophecy Remastered (HKLM-x32\...\Fahrenheit Indigo Prophecy Remastered_is1) (Version: - )
Far Cry 4 (HKLM-x32\...\Far Cry 4_is1) (Version: - )
Far Cry 4 Valley of the Yeti Addon (HKLM-x32\...\RmFyQ3J5NA==_is1) (Version: 1 - )
FileZilla Client 3.12.0.2 (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\FileZilla Client) (Version: 3.12.0.2 - Tim Kosse)
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.53 - FileZilla Project)
Firefox (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.Firefox) (Version: 1.0 - Delivered by Citrix)
FlatOut: Ultimate Carnage (HKLM-x32\...\Steam App 12360) (Version: - Bugbear Entertainment)
foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
FORCED (HKLM-x32\...\Steam App 249990) (Version: - BetaDwarf)
FossaMail 25.1.7 (x64 en-US) (HKLM\...\FossaMail 25.1.7 (x64 en-US)) (Version: 25.1.7 - Mozilla)
Free Download Manager 3.9.6 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
FTPRush 2.1.8 (HKLM-x32\...\FTP Rush_is1) (Version: 2.1.8 - wftpserver.com)
G DATA USB KEYBOARD GUARD (HKLM-x32\...\{D8CBD59F-B29D-4E38-9D66-DEAEAB473FA9}) (Version: 1.1.0.4 - G DATA Software AG)
Garmin Express (HKLM-x32\...\{44d9dfc0-3a4a-4439-870f-f97550a9bc8d}) (Version: 4.1.8.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Geometry Dash (HKLM-x32\...\R2VvbWV0cnlEYXNo_is1) (Version: 1 - )
GlassWire 1.1 (remove only) (HKLM-x32\...\GlassWire 1.1) (Version: 1.1.21 - SecureMix LLC)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version: - Coffee Stain Studios)
Google Chrome Canary (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Google Chrome SxS) (Version: 47.0.2518.0 - Google Inc.)
Gow (HKLM-x32\...\Gow) (Version: - )
Gpg4win (2.2.4) (HKLM-x32\...\GPG4Win) (Version: 2.2.4 - The Gpg4win Project)
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version: - Rockstar North)
Greenshot 1.2.6.7 (HKLM\...\Greenshot_is1) (Version: 1.2.6.7 - Greenshot)
Gtk# for .Net 2.12.22 (HKLM-x32\...\{06AF6533-F201-47C0-8675-AAAE5CB81B41}) (Version: 2.12.22 - Xamarin, Inc.)
Guacamelee! Super Turbo Championship Edition (HKLM-x32\...\1207665733_is1) (Version: 2.0.0.1 - GOG.com)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Halite (HKLM\...\{A6E8D850-4C28-4C6F-8B69-1109D0709F29}) (Version: 0.4.02 - BinaryNotions.com)
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
HashCheck Shell Extension (x86-32) (HKLM-x32\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
HashCheck Shell Extension (x86-64) (HKLM\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
Hatred Survival Addon (HKLM-x32\...\SGF0cmVk_is1) (Version: 1 - )
HexChat (HKLM\...\HexChat_is1) (Version: 2.10.2 - HexChat)
How to Survive (HKLM-x32\...\Steam App 250400) (Version: - EKO Software)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.16.0.001 - HTC Corporation)
i2pd version 0.2.1 (HKLM\...\i2pd_is1) (Version: 0.2.1 - )
iNFekt NFO Viewer (HKLM\...\{B1AC8E6A-6C47-4B6D-A853-B4BF5C83421C}_is1) (Version: 0.9.5 - syndicode)
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{84A2B59B-6A7B-4C01-8592-15C9BFE6AC36}) (Version: 2.4.3 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
IrfanView 64 (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
Jamestown (HKLM-x32\...\Steam App 94200) (Version: - Final Form Games)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Jitsi (HKLM\...\{1069D709-EDA7-472D-A5EE-97C8E3E398AB}) (Version: 2.8.5426 - Jitsi)
JSignPdf 1.6.1 (HKLM-x32\...\JSignPdf_is1) (Version: 1.6.1 - Josef Cacek)
KeePass Password Safe 2.29 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.29 - Dominik Reichl)
Killer Bandwidth Control Filter Driver (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer E220x Drivers (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer Network Manager (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.54.1095 - Qualcomm Atheros)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
LibreOffice 5.0.1.2 (HKLM\...\{A18CF6D8-7CE1-46F2-85B9-D87B7197B2F6}) (Version: 5.0.1.2 - The Document Foundation)
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.8.6.2 - Hermann Schinagl)
Logitech Gaming Software 8.72 (HKLM\...\Logitech Gaming Software) (Version: 8.72.107 - Logitech Inc.)
Loxone Config (HKLM-x32\...\LoxoneConfig_is1) (Version: 6.3 - Loxone Electronics GmbH)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MediaInfo 0.7.77 (HKLM\...\MediaInfo) (Version: 0.7.77 - MediaArea.net)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.2 (HKLM-x32\...\{06C90FCC-4C95-4142-A0AF-D3A4C12882DE}_is1) (Version: 1.2 - Sam Rodberg)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Firefox 40.0.3 (x86 de) (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
MSI Command Center (HKLM-x32\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 1.0.1.00 - MSI)
MSI ECO Center (HKLM-x32\...\{1E55202F-4D31-498A-8F72-97DCBA9F2866}_is1) (Version: 1.0.0.35 - MSI)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.1.008 - MSI)
Mumble 1.3.0 (HKLM\...\{006B90FD-7E67-4908-A718-9B87B875DD04}) (Version: 1.3.0 - The Mumble team)
My Game Long Name (HKLM\...\UDK-348e5299-f952-4ecf-bb48-70a2184543c0) (Version: - Epic Games, Inc.)
Namecoin 0.3.80 (HKLM-x32\...\Namecoin_is1) (Version: - )
Next Car Game Sneak Peek 2.0 (HKLM-x32\...\Steam App 272860) (Version: - Bugbear)
Next Car Game: Wreckfest (HKLM-x32\...\Steam App 228380) (Version: - Bugbear)
Nidhogg (HKLM-x32\...\Steam App 94400) (Version: - Messhof)
Nmap 6.47 (HKLM-x32\...\Nmap) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8 - Notepad++ Team)
NVIDIA Grafiktreiber 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.98 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
O&O Defrag Professional (HKLM\...\{46CD29D7-580C-4E2E-8469-BD7F7CB1CCF8}) (Version: 18.0.39 - O&O Software GmbH)
Oddworld - New 'n' Tasty (HKLM-x32\...\1424782569_is1) (Version: 2.0.0.1 - GOG.com)
OlliOlli (HKLM-x32\...\T2xsaU9sbGk=_is1) (Version: 1 - )
Online Plug-in (x32 Version: 14.2.0.10 - Citrix Systems, Inc.) Hidden
Oracle VM VirtualBox 5.0.0 (HKLM\...\{FCD0B365-2189-45F3-9AF2-2BCED86C121A}) (Version: 5.0.0 - Oracle Corporation)
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version: - Robot Entertainment)
Ori and the Blind Forest (HKLM-x32\...\Ori and the Blind Forest_is1) (Version: - )
ownCloud (HKLM-x32\...\ownCloud) (Version: 2.0.1.5446 - ownCloud)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Pale Moon 25.7.0 (x64 en-US) (HKLM\...\Pale Moon 25.7.0 (x64 en-US)) (Version: 25.7.0 - Moonchild Productions)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge)
PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.312.1 - Tracker Software Products (Canada) Ltd.)
PeaZip 5.7.0 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: - Giorgio Tani)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Peerunity (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Peerunity) (Version: 0.1.0.0 - Peerunity project)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.11 - )
pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
Pillars of Eternity (HKLM-x32\...\1207666813_is1) (Version: 2.0.0.1 - GOG.com)
PNGGauntlet (HKLM-x32\...\{B2D251E2-A78B-42C2-9D94-695A8CCC17E9}) (Version: 3.1.1 - Ben Hollis)
PokerTH (HKLM-x32\...\PokerTH 1.1.1) (Version: 1.1.1 - www.pokerth.net)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version: - Running With Scissors)
Pro Evolution Soccer 2015 GERMAN (HKLM-x32\...\UHJvRXZvbHV0aW9uU29jY2VyMjAxNQ==_is1) (Version: 1 - )
Process Hacker 2.36 (r6153) (HKLM\...\Process_Hacker2_is1) (Version: 2.36.0.6153 - wj32)
Psi (remove only) (HKLM-x32\...\Psi) (Version: - )
Putty (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.Putty) (Version: 1.0 - Delivered by Citrix)
qBittorrent 3.2.3 (HKLM-x32\...\qBittorrent) (Version: 3.2.3 - The qBittorrent project)
QNAP Qfinder (HKLM-x32\...\QNAP_FINDER) (Version: 5.0.1.0225 - QNAP Systems, Inc.)
QuickSFV (Remove only) (HKLM\...\QuickSFV) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)
Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.5 - Rockstar Games)
SABnzbd 0.7.20 (HKLM-x32\...\SABnzbd) (Version: 0.7.20 - The SABnzbd Team)
Saints Row: Gat out of Hell (HKLM-x32\...\U2FpbnRzUm93R2F0b3V0b2ZIZWxs_is1) (Version: 1 - )
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.51.00(19.06.2014) - Samsung Electronics Co., Ltd.)
Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.05.07 (20.07.2012) - Samsung Electronics Co., Ltd.)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.05.00 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.19.0 - Samsung Electronics Co., Ltd.)
Sandboxie 4.20 (64-bit) (HKLM\...\Sandboxie) (Version: 4.20 - Sandboxie Holdings, LLC)
Self-Service Plug-in (x32 Version: 4.2.0.2495 - Citrix Systems, Inc.) Hidden
SERVER-MGMT Desktop (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.SERVER-MGMT Desktop) (Version: 1.0 - Delivered by Citrix)
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version: - )
Sir You Are Being Hunted v1.3 64BiT version 1.3 (HKLM-x32\...\Sir You Are Being Hunted v1.3 64BiT_is1) (Version: 1.3 - WaLMaRT)
SOMA (HKLM\...\U09NQQ==_is1) (Version: 1 - )
Sonic & All-Stars Racing Transformed (HKLM-x32\...\Steam App 212480) (Version: - Sumo Digital)
Sound Blaster Z-Series (HKLM-x32\...\{47F19FB5-6878-4AE4-9313-446335E334D8}) (Version: 1.00.24 - Creative Technology Limited)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
Spaz (HKLM-x32\...\Spaz.AIR.16CB261D461B1CA2027F7C39946115FA2DC8CD7F.1) (Version: 0.9.24 - UNKNOWN)
Spaz (x32 Version: 0.9.24 - UNKNOWN) Hidden
Spintires (HKLM-x32\...\Spintires_is1) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.9811 - Krzysztof Kowalczyk)
Synergy (64-bit) (HKLM\...\{FDD88467-9C61-4E2D-BA69-2A89735A21CC}) (Version: 1.5.0 - The Synergy Project)
System Shock 2 (HKLM-x32\...\Steam App 238210) (Version: - Irrational Games)
TagScanner 5.1.668 (HKLM-x32\...\TagScanner_is1) (Version: - Sergey Serkov)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45862 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Tembo the Badass Elephant (HKLM-x32\...\Tembo the Badass Elephant_is1) (Version: - )
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Evil Within (HKLM-x32\...\VGhlRXZpbFdpdGhpbg==_is1) (Version: 1 - )
The Vanishing of Ethan Carter (HKLM-x32\...\The Vanishing of Ethan Carter_is1) (Version: - )
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version: - Telltale Games)
The Witcher 3 Wild Hunt (HKLM-x32\...\The Witcher 3 Wild Hunt_is1) (Version: - )
TOXIKK (HKLM-x32\...\Steam App 324810) (Version: - Reakktor Studios)
TrackMania² Stadium (HKLM-x32\...\Steam App 232910) (Version: - Nadeo)
Transmission Remote GUI 5.0.1 (HKLM-x32\...\transgui_is1) (Version: - Yury Sidorov)
Trials Fusion - After the Incident (HKLM-x32\...\Trials Fusion - After the Incident_is1) (Version: - )
Trials Fusion - Fire in the Deep (HKLM-x32\...\Trials Fusion - Fire in the Deep_is1) (Version: - )
Trials Fusion (HKLM-x32\...\Trials Fusion_is1) (Version: - )
Trine 3 The Artifacts of Power (HKLM-x32\...\Trine 3 The Artifacts of Power_is1) (Version: - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TV-Browser 3.4.1.0 (HKLM-x32\...\tvbrowser) (Version: 3.4.1.0 - TV-Browser Team)
Ultratron (HKLM-x32\...\Steam App 219190) (Version: - Puppygames)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.2.0.6 - uvnc bvba)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Universal Management Suite Administrator (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.Universal Management Suite Administrat) (Version: 1.0 - Delivered by Citrix)
Universal Management Suite Console (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.Universal Management Suite Console) (Version: 1.0 - Delivered by Citrix)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Unreal Tournament: Game of the Year Edition (HKLM-x32\...\Steam App 13240) (Version: - Epic Games, Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.0f-2 - IDRIX)
Vim 7.4.711 (HKLM-x32\...\Vim) (Version: - )
VirtuaWin Unicode v4.4 (HKLM-x32\...\VirtuaWin_is1) (Version: - )
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware vSphere Client (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.VMware vSphere Client) (Version: 1.0 - Delivered by Citrix)
VNC (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.VNC) (Version: 1.0 - Delivered by Citrix)
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft)
WATCH_DOGS Update v1.04.497 (HKLM-x32\...\V0FUQ0hfRE9HUw==_is1) (Version: 1 - )
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 3.6 - Bazis)
WinDirStat 1.1.2 (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\WinDirStat) (Version: - )
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinSCP 5.7.4 (HKLM-x32\...\winscp3_is1) (Version: 5.7.4 - Martin Prikryl)
Wippien 2.5 (HKLM\...\A4DA3EE7-C6FC-44AD-9E47-9A4D3B0099D3_is1) (Version: - )
Wireshark 1.12.7 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.7 - The Wireshark developer community, hxxp://www.wireshark.org)
Worms Reloaded (HKLM-x32\...\Steam App 22600) (Version: - Team17 Software Ltd.)
XCA (X Certificate and Key Management) (HKLM-x32\...\xca) (Version: 1.2.0 - Christian Hohnstaedt <christian@hohnstaedt.de>)
YubiKey Personalization Tool (HKLM-x32\...\yubikey-personalization-gui) (Version: 3.1.18 - Yubico AB)
Geändert von CptMw (25.09.2015 um 22:59 Uhr) |
|
25.09.2015, 22:53
| #2 |
| | Win 8.1: Trojaner eingefangenCode:
ATTFilter ==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{1BEAC3E3-B852-44F4-B468-8906C062422E}\localserver32 -> C:\Users\mongole\AppData\Local\Google\Chrome SxS\Application\47.0.2518.0\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{65713842-C410-4f44-8383-BFE01A398C90}\InprocServer32 -> m:\Program Files (x86)\ClamWin\bin\ExpShell64.dll ()
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> M:\Program Files\MediaInfo\MediaInfo_InfoTip.dll (MediaArea.net)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{B3F5EDE0-4267-49eb-A775-799895476453}\InprocServer32 -> m:\Program Files\iNFekt\infekt-nfo-shell.dll (syndicode)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{B8D080EE-9541-460f-A1AE-7C43CDA96C0F}\InprocServer32 -> m:\Program Files\iNFekt\infekt-nfo-shell.dll (syndicode)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2015-09-11 01:01 - 00002659 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 a-0001.a-msedge.net
127.0.0.1 choice.microsoft.com
127.0.0.1 choice.microsoft.com.nsatc.net
127.0.0.1 compatexchange.cloudapp.net
127.0.0.1 corp.sts.microsoft.com
127.0.0.1 corpext.msitadfs.glbdns2.microsoft.com
127.0.0.1 cs1.wpc.v0cdn.net
127.0.0.1 df.telemetry.microsoft.com
127.0.0.1 diagnostics.support.microsoft.com
127.0.0.1 fe2.update.microsoft.com.akadns.net
127.0.0.1 feedback.microsoft-hohm.com
127.0.0.1 feedback.search.microsoft.com
127.0.0.1 feedback.windows.com
127.0.0.1 i1.services.social.microsoft.com
127.0.0.1 i1.services.social.microsoft.com.nsatc.net
127.0.0.1 oca.telemetry.microsoft.com
127.0.0.1 oca.telemetry.microsoft.com.nsatc.net
127.0.0.1 pre.footprintpredict.com
127.0.0.1 redir.metaservices.microsoft.com
127.0.0.1 reports.wes.df.telemetry.microsoft.com
127.0.0.1 services.wes.df.telemetry.microsoft.com
127.0.0.1 settings-sandbox.data.microsoft.com
127.0.0.1 sls.update.microsoft.com.akadns.net
127.0.0.1 sqm.df.telemetry.microsoft.com
127.0.0.1 sqm.telemetry.microsoft.com
127.0.0.1 sqm.telemetry.microsoft.com.nsatc.net
127.0.0.1 statsfe1.ws.microsoft.com
127.0.0.1 statsfe2.update.microsoft.com.akadns.net
127.0.0.1 statsfe2.ws.microsoft.com
There are 14 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03AA455F-D91A-487D-91C6-2E460B1F5E08} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-25] (Dropbox, Inc.)
Task: {2E2385AA-5866-465A-8E65-9F4B95924710} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-08-13] ()
Task: {3930A1E9-B5C5-4B6C-A1E4-460A2E7CF383} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-09-11] ()
Task: {613F8E20-CB4F-4A29-A577-4785ED6840B1} - System32\Tasks\iSCSIAgentAutoStartup => m:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe [2015-02-25] ()
Task: {615C2D13-ECEC-4A3E-911F-12FF2E00F912} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001UA => C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {7EAD4639-8D71-41EC-A19B-50076B0EA426} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-04-09] ()
Task: {81721326-32A8-497D-B7E2-EAA4F81A8C59} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {88BFD09E-2004-42B8-8D29-4B8325C763B5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001Core => C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A361FEBF-4CF1-4B2D-9111-ADFE0688E332} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-25] (Dropbox, Inc.)
Task: {D6E457A3-1C07-467F-AF60-227380CA1A9B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-04-09] ()
Task: {FA5CB74E-0F3C-414F-BEB4-975BBF5C279C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001Core.job => C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001UA.job => C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2015-09-23 21:04 - 2006-02-23 11:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2015-09-23 21:04 - 2006-02-22 10:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll
2014-10-02 18:47 - 2014-04-16 10:22 - 00029184 _____ () C:\Windows\System32\usp01l.dll
2014-09-03 13:07 - 2014-09-03 13:07 - 00216576 _____ () m:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2015-03-11 16:43 - 2015-03-11 16:43 - 00157344 _____ () C:\Program Files (x86)\EMET 5.2\HelperLib.dll
2015-03-11 16:43 - 2015-03-11 16:43 - 00018584 _____ () C:\Program Files (x86)\EMET 5.2\ReportingSubsystem.dll
2015-03-11 16:43 - 2015-03-11 16:43 - 00052384 _____ () C:\Program Files (x86)\EMET 5.2\PKIPinningSubsystem.dll
2015-03-11 16:43 - 2015-03-11 16:43 - 00035992 _____ () C:\Program Files (x86)\EMET 5.2\TrayIconSubsystem.dll
2015-03-11 16:43 - 2015-03-11 16:43 - 00036504 _____ () C:\Program Files (x86)\EMET 5.2\TelemetrySubsystem.dll
2014-03-19 13:31 - 2014-03-19 13:31 - 00348160 _____ () C:\Program Files (x86)\EMET 5.2\DevExpress.UserSkins.HighContrast.dll
2015-07-25 19:54 - 2015-02-25 08:15 - 01739952 _____ () m:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe
2012-03-09 09:58 - 2012-03-09 09:58 - 00462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 09:58 - 2012-03-09 09:58 - 00057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2015-09-01 16:41 - 2015-09-01 16:41 - 01748494 _____ () M:\Program Files (x86)\ownCloud\owncloud.exe
2015-07-25 20:06 - 2015-01-10 14:45 - 01975808 _____ () M:\Program Files\Ditto\Ditto.exe
2014-09-23 00:48 - 2012-10-09 23:32 - 00015360 _____ () C:\Program Files (x86)\VirtuaWin\modules\WinList.exe
2015-03-07 02:07 - 2015-03-07 02:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-09-01 20:27 - 2015-09-01 20:27 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-09-01 20:27 - 2015-09-01 20:27 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-10-02 18:49 - 2013-10-04 06:53 - 00734720 _____ () C:\Windows\system32\SnMinDrv.dll
2013-11-26 11:05 - 2013-11-26 11:05 - 00091136 _____ () C:\Windows\system32\SSDEVM64.DLL
2014-12-26 03:56 - 2014-11-25 20:09 - 00741888 _____ () M:\Program Files\HexChat\hexchat.exe
2014-12-26 03:56 - 2014-11-22 20:50 - 01394688 _____ () M:\Program Files\HexChat\cairo.dll
2014-12-26 03:56 - 2014-11-22 20:48 - 00076288 _____ () M:\Program Files\HexChat\zlib1.dll
2014-12-26 03:56 - 2014-11-22 20:48 - 00225280 _____ () M:\Program Files\HexChat\libpng16.dll
2014-12-26 03:56 - 2014-11-22 20:48 - 00682496 _____ () M:\Program Files\HexChat\fontconfig.dll
2014-12-26 03:56 - 2014-11-22 20:48 - 00028160 _____ () M:\Program Files\HexChat\iconv.dll
2014-12-26 03:56 - 2014-11-22 20:49 - 00613888 _____ () M:\Program Files\HexChat\pixman-1.dll
2014-12-26 03:56 - 2014-11-22 20:48 - 01502720 _____ () M:\Program Files\HexChat\libxml2.dll
2014-12-26 03:56 - 2014-11-22 20:50 - 00783360 _____ () M:\Program Files\HexChat\harfbuzz.dll
2014-12-26 03:56 - 2014-11-22 20:51 - 00056832 _____ () M:\Program Files\HexChat\lib\gtk-2.0\i686-pc-vs10\engines\libwimp.dll
2014-12-26 03:56 - 2014-11-22 20:50 - 00287744 _____ () M:\Program Files\HexChat\lib\enchant\libenchant_myspell.dll
2014-12-26 03:56 - 2014-11-25 20:09 - 00014848 _____ () M:\Program Files\HexChat\plugins\hcfishlim.dll
2014-12-26 03:56 - 2014-11-25 20:09 - 00011264 _____ () M:\Program Files\HexChat\plugins\hcupd.dll
2015-08-02 15:29 - 2015-08-02 15:29 - 14844416 _____ () M:\Program Files (x86)\qBittorrent\qbittorrent.exe
2014-11-08 05:43 - 2014-11-08 05:43 - 00142336 _____ () M:\Program Files (x86)\Spaz\Spaz.exe
2015-05-14 23:53 - 2015-05-14 23:53 - 00104960 _____ () m:\Program Files (x86)\SABnzbd\SABnzbd.exe
2015-03-16 21:35 - 2015-08-27 23:19 - 04091904 _____ () C:\Program Files\Pale Moon\mozjs.dll
2015-06-19 03:31 - 2015-06-19 03:31 - 00059392 _____ () m:\Program Files (x86)\ownCloud\shellext\OCUtil_x64.dll
2004-09-30 20:15 - 2004-09-30 20:15 - 00192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2015-07-09 19:32 - 2015-07-09 19:32 - 00043480 _____ () m:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () c:\Program Files\Unlocker\UnlockerCOM.dll
2014-09-23 00:28 - 2008-04-19 16:35 - 00080384 _____ () m:\Program Files (x86)\ClamWin\bin\ExpShell64.dll
2015-04-15 22:13 - 2015-04-15 22:13 - 00222720 _____ () m:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-09-22 21:36 - 2015-08-27 13:28 - 04089344 _____ () C:\Program Files\FossaMail\mozjs.dll
2014-09-22 21:36 - 2015-08-27 13:30 - 00219136 _____ () C:\Program Files\FossaMail\NSLDAP32V60.dll
2014-09-22 21:36 - 2015-08-27 13:30 - 00018944 _____ () C:\Program Files\FossaMail\NSLDAPPR32V60.dll
2013-09-30 12:45 - 2013-09-30 12:45 - 00172544 _____ () C:\Program Files (x86)\VirusTotalUploader2\VirusTotalUploader2.2.exe
2015-09-25 23:19 - 2015-09-25 23:19 - 00050477 _____ () B:\Downloads\Defogger.exe
2015-07-08 22:56 - 2015-05-05 09:42 - 00098304 _____ () m:\Program Files (x86)\ClamWin\bin\clamscan.exe
2014-09-03 12:53 - 2014-09-03 12:53 - 00221184 _____ () m:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2014-09-03 12:41 - 2014-09-03 12:41 - 00050176 _____ () m:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2014-09-03 12:53 - 2014-09-03 12:53 - 00069632 _____ () m:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2014-09-03 12:56 - 2014-09-03 12:56 - 00742400 _____ () m:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2014-09-03 12:48 - 2014-09-03 12:48 - 00038400 _____ () m:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2015-07-30 08:09 - 2015-07-30 08:09 - 00246304 _____ () M:\Program Files (x86)\GlassWire\GeoIP.dll
2015-09-22 20:34 - 2005-07-18 13:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2014-12-15 00:43 - 2005-02-08 18:23 - 00979005 _____ () M:\Program Files (x86)\ClamWin\bin\python23.dll
2014-12-15 00:43 - 2004-11-20 04:27 - 00069632 _____ () M:\Program Files (x86)\ClamWin\lib\win32api.pyd
2014-12-15 00:43 - 2004-10-11 21:21 - 00094208 _____ () M:\Program Files (x86)\ClamWin\lib\pywintypes23.dll
2014-12-15 00:43 - 2004-05-25 22:18 - 00057401 _____ () M:\Program Files (x86)\ClamWin\lib\_sre.pyd
2014-12-15 00:43 - 2004-11-20 04:27 - 00086016 _____ () M:\Program Files (x86)\ClamWin\lib\win32gui.pyd
2014-12-15 00:43 - 2004-11-20 04:27 - 00024576 _____ () M:\Program Files (x86)\ClamWin\lib\win32event.pyd
2014-12-15 00:43 - 2004-11-20 04:27 - 00036864 _____ () M:\Program Files (x86)\ClamWin\lib\win32process.pyd
2014-12-15 00:43 - 2004-05-25 22:18 - 00049212 _____ () M:\Program Files (x86)\ClamWin\lib\_socket.pyd
2014-12-15 00:43 - 2004-05-25 22:18 - 00495616 _____ () M:\Program Files (x86)\ClamWin\lib\_ssl.pyd
2014-12-15 00:43 - 2004-05-25 22:20 - 00036864 _____ () M:\Program Files (x86)\ClamWin\lib\_winreg.pyd
2014-12-15 00:43 - 2004-10-11 21:22 - 00315392 _____ () M:\Program Files (x86)\ClamWin\lib\pythoncom23.dll
2014-12-15 00:43 - 2004-11-20 04:27 - 00106496 _____ () M:\Program Files (x86)\ClamWin\lib\shell.pyd
2014-12-15 00:43 - 2004-11-20 04:27 - 00065536 _____ () M:\Program Files (x86)\ClamWin\lib\win32security.pyd
2014-12-15 00:43 - 2004-01-15 15:45 - 00061440 _____ () M:\Program Files (x86)\ClamWin\lib\_ctypes.pyd
2014-12-15 00:43 - 2004-11-20 04:27 - 00077824 _____ () M:\Program Files (x86)\ClamWin\lib\win32file.pyd
2014-12-15 00:43 - 2004-11-20 04:27 - 00024576 _____ () M:\Program Files (x86)\ClamWin\lib\win32pipe.pyd
2014-12-15 00:43 - 2003-10-01 14:40 - 02240512 _____ () M:\Program Files (x86)\ClamWin\lib\wxc.pyd
2014-12-15 00:43 - 2003-10-01 12:43 - 03239936 _____ () M:\Program Files (x86)\ClamWin\lib\wxmsw24h.dll
2014-12-15 00:43 - 2003-08-10 10:14 - 00061440 _____ () M:\Program Files (x86)\ClamWin\lib\mxDateTime.pyd
2014-12-15 00:43 - 2004-05-25 22:17 - 00622651 _____ () M:\Program Files (x86)\ClamWin\lib\_bsddb.pyd
2014-12-15 00:43 - 2004-05-25 22:19 - 00045117 _____ () M:\Program Files (x86)\ClamWin\lib\datetime.pyd
2015-09-01 16:41 - 2015-09-01 16:41 - 00670222 _____ () M:\Program Files (x86)\ownCloud\libocsync.dll
2015-09-01 16:41 - 2015-09-01 16:41 - 00971278 _____ () M:\Program Files (x86)\ownCloud\libowncloudsync.dll
2015-08-06 09:59 - 2015-08-06 09:59 - 00097326 _____ () M:\Program Files (x86)\ownCloud\libgcc_s_sjlj-1.dll
2015-08-06 09:59 - 2015-08-06 09:59 - 00922727 _____ () M:\Program Files (x86)\ownCloud\libstdc++-6.dll
2015-08-06 17:48 - 2015-08-06 17:48 - 00051095 _____ () M:\Program Files (x86)\ownCloud\libqt5keychain.dll
2015-08-06 09:10 - 2015-08-06 09:10 - 00085548 _____ () M:\Program Files (x86)\ownCloud\zlib1.dll
2015-08-06 09:21 - 2015-08-06 09:21 - 02197765 _____ () M:\Program Files (x86)\ownCloud\icui18n53.dll
2015-08-06 09:21 - 2015-08-06 09:21 - 01308778 _____ () M:\Program Files (x86)\ownCloud\icuuc53.dll
2015-08-06 09:11 - 2015-08-06 09:11 - 00148117 _____ () M:\Program Files (x86)\ownCloud\libpcre16-0.dll
2015-08-06 09:16 - 2015-08-06 09:16 - 01366986 _____ () M:\Program Files (x86)\ownCloud\libGLESv2.dll
2015-08-06 09:14 - 2015-08-06 09:14 - 00209711 _____ () M:\Program Files (x86)\ownCloud\libpng16-16.dll
2015-08-06 09:21 - 2015-08-06 09:21 - 21539975 _____ () M:\Program Files (x86)\ownCloud\icudata53.dll
2015-08-06 09:16 - 2015-08-06 09:16 - 00154982 _____ () M:\Program Files (x86)\ownCloud\libEGL.dll
2015-08-06 09:14 - 2015-08-06 09:14 - 00350662 _____ () M:\Program Files (x86)\ownCloud\libjpeg-8.dll
2015-08-06 09:17 - 2015-08-06 09:17 - 00689339 _____ () M:\Program Files (x86)\ownCloud\libsqlite3-0.dll
2015-08-06 11:35 - 2015-08-06 11:35 - 00247540 _____ () M:\Program Files (x86)\ownCloud\libwebp-4.dll
2015-08-06 09:26 - 2015-08-06 09:26 - 01169416 _____ () M:\Program Files (x86)\ownCloud\libxml2-2.dll
2015-08-06 11:38 - 2015-08-06 11:38 - 00231727 _____ () M:\Program Files (x86)\ownCloud\libxslt-1.dll
2015-09-25 17:12 - 2015-09-25 17:12 - 00071168 _____ () b:\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6hljue.dll
2015-07-25 19:37 - 2015-08-05 07:26 - 00012800 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-07-25 19:37 - 2015-08-05 07:26 - 00779776 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-25 19:37 - 2015-08-05 07:26 - 00056320 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-07-25 19:37 - 2015-08-05 07:26 - 00012288 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
2014-11-10 12:12 - 2014-11-10 12:12 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00036878 _____ () M:\Program Files (x86)\Pidgin\libssp-0.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00671031 _____ () M:\Program Files (x86)\Pidgin\exchndl.dll
2014-09-22 21:42 - 2014-09-22 21:42 - 00904525 _____ () M:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll
2014-09-22 21:42 - 2014-09-22 21:42 - 00100352 _____ () M:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll
2014-09-22 21:42 - 2014-09-22 21:42 - 00279059 _____ () M:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll
2014-09-22 21:42 - 2014-09-22 21:42 - 00553382 _____ () M:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll
2014-09-22 21:42 - 2014-09-22 21:42 - 00216992 _____ () M:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll
2014-11-23 19:33 - 2014-11-23 19:33 - 01274655 _____ () M:\Program Files (x86)\Pidgin\libxml2-2.dll
2014-09-22 21:42 - 2014-09-22 21:42 - 00177586 _____ () M:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00475580 _____ () M:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00021075 _____ () M:\Program Files (x86)\Pidgin\plugins\.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00020997 _____ () M:\Program Files (x86)\Pidgin\plugins\autoaccept.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00013253 _____ () M:\Program Files (x86)\Pidgin\plugins\buddynote.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00024924 _____ () M:\Program Files (x86)\Pidgin\plugins\convcolors.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00015702 _____ () M:\Program Files (x86)\Pidgin\plugins\extplacement.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00014147 _____ () M:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00018882 _____ () M:\Program Files (x86)\Pidgin\plugins\history.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00012865 _____ () M:\Program Files (x86)\Pidgin\plugins\iconaway.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00019043 _____ () M:\Program Files (x86)\Pidgin\plugins\idle.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00018555 _____ () M:\Program Files (x86)\Pidgin\plugins\joinpart.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00015074 _____ () M:\Program Files (x86)\Pidgin\plugins\libaim.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00311021 _____ () M:\Program Files (x86)\Pidgin\liboscar.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00092398 _____ () M:\Program Files (x86)\Pidgin\plugins\libbonjour.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00328186 _____ () M:\Program Files (x86)\Pidgin\plugins\libgg.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00016005 _____ () M:\Program Files (x86)\Pidgin\plugins\libicq.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00107365 _____ () M:\Program Files (x86)\Pidgin\plugins\libirc.dll
2014-11-23 19:33 - 2014-11-23 19:33 - 00190464 _____ () M:\Program Files (x86)\Pidgin\libsasl.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00374169 _____ () M:\Program Files (x86)\Pidgin\plugins\libmsn.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00150598 _____ () M:\Program Files (x86)\Pidgin\plugins\libmxit.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00106671 _____ () M:\Program Files (x86)\Pidgin\plugins\libmyspace.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00123540 _____ () M:\Program Files (x86)\Pidgin\plugins\libnovell.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00116071 _____ () M:\Program Files (x86)\Pidgin\plugins\libsametime.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00152852 _____ () M:\Program Files (x86)\Pidgin\libmeanwhile-1.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00171123 _____ () M:\Program Files (x86)\Pidgin\plugins\libsilc.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 02097721 _____ () M:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00818985 _____ () M:\Program Files (x86)\Pidgin\libsilcclient-1-1-3.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00055880 _____ () M:\Program Files (x86)\Pidgin\plugins\libsimple.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00486400 _____ () M:\Program Files (x86)\Pidgin\sqlite3.dll
2014-11-05 20:34 - 2014-11-05 20:34 - 00062090 _____ () M:\Program Files (x86)\Pidgin\plugins\libsteam-1.4.dll
2014-11-05 20:57 - 2014-11-05 20:57 - 00278906 _____ () M:\Program Files (x86)\Pidgin\libjson-glib-1.0.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00021337 _____ () M:\Program Files (x86)\Pidgin\plugins\libxmpp.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00417758 _____ () M:\Program Files (x86)\Pidgin\libjabber.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00022832 _____ () M:\Program Files (x86)\Pidgin\plugins\libyahoo.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00236666 _____ () M:\Program Files (x86)\Pidgin\libymsg.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00019793 _____ () M:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00047934 _____ () M:\Program Files (x86)\Pidgin\plugins\log_reader.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00021795 _____ () M:\Program Files (x86)\Pidgin\plugins\markerline.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00013456 _____ () M:\Program Files (x86)\Pidgin\plugins\newline.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00029225 _____ () M:\Program Files (x86)\Pidgin\plugins\notify.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00017023 _____ () M:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll
2012-09-09 15:17 - 2012-09-09 15:17 - 00472576 _____ () M:\Program Files (x86)\Pidgin\plugins\pidgin-otr.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00029256 _____ () M:\Program Files (x86)\Pidgin\plugins\pidginrc.dll
2011-01-12 22:11 - 2011-01-12 22:11 - 00084816 _____ () M:\Program Files (x86)\Pidgin\plugins\pidgin_gpg.dll
2014-09-03 13:29 - 2014-09-03 13:29 - 00249344 _____ () m:\Program Files (x86)\GNU\GnuPG\libgpgme-11.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00015380 _____ () M:\Program Files (x86)\Pidgin\plugins\psychic.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00015429 _____ () M:\Program Files (x86)\Pidgin\plugins\relnot.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00015045 _____ () M:\Program Files (x86)\Pidgin\plugins\sendbutton.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00069625 _____ () M:\Program Files (x86)\Pidgin\plugins\spellchk.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00031993 _____ () M:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00012004 _____ () M:\Program Files (x86)\Pidgin\plugins\ssl.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00015978 _____ () M:\Program Files (x86)\Pidgin\plugins\statenotify.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00030353 _____ () M:\Program Files (x86)\Pidgin\plugins\themeedit.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00032020 _____ () M:\Program Files (x86)\Pidgin\plugins\ticker.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00018399 _____ () M:\Program Files (x86)\Pidgin\plugins\timestamp.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00023851 _____ () M:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00029791 _____ () M:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00030771 _____ () M:\Program Files (x86)\Pidgin\plugins\winprefs.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00037191 _____ () M:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00044494 _____ () M:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll
2014-11-23 19:33 - 2014-11-23 19:33 - 00102400 _____ () M:\Program Files (x86)\Pidgin\sasl2\saslANONYMOUS.dll
2014-11-23 19:33 - 2014-11-23 19:33 - 00115712 _____ () M:\Program Files (x86)\Pidgin\sasl2\saslCRAMMD5.dll
2014-11-23 19:33 - 2014-11-23 19:33 - 00140288 _____ () M:\Program Files (x86)\Pidgin\sasl2\saslDIGESTMD5.dll
2014-11-23 19:33 - 2014-11-23 19:33 - 00102912 _____ () M:\Program Files (x86)\Pidgin\sasl2\saslLOGIN.dll
2014-11-23 19:33 - 2014-11-23 19:33 - 00102912 _____ () M:\Program Files (x86)\Pidgin\sasl2\saslPLAIN.dll
2014-09-22 21:42 - 2014-09-22 21:42 - 00090496 _____ () M:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
2015-09-25 19:59 - 2015-09-25 19:59 - 04887224 _____ () C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit.dll
2015-05-14 23:53 - 2015-05-14 23:53 - 00053248 _____ () m:\Program Files (x86)\SABnzbd\lib\_socket.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00671744 _____ () m:\Program Files (x86)\SABnzbd\lib\_ssl.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00294912 _____ () m:\Program Files (x86)\SABnzbd\lib\_hashlib.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00102400 _____ () m:\Program Files (x86)\SABnzbd\lib\win32api.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00118784 _____ () m:\Program Files (x86)\SABnzbd\lib\pywintypes25.dll
2015-05-14 23:53 - 2015-05-14 23:53 - 00013824 _____ () m:\Program Files (x86)\SABnzbd\lib\win32event.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00036864 _____ () m:\Program Files (x86)\SABnzbd\lib\win32service.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00057344 _____ () m:\Program Files (x86)\SABnzbd\lib\OpenSSL.crypto.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00007168 _____ () m:\Program Files (x86)\SABnzbd\lib\OpenSSL.rand.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00037888 _____ () m:\Program Files (x86)\SABnzbd\lib\OpenSSL.SSL.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00086016 _____ () m:\Program Files (x86)\SABnzbd\lib\_ctypes.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00049152 _____ () m:\Program Files (x86)\SABnzbd\lib\_sqlite3.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00546205 _____ () m:\Program Files (x86)\SABnzbd\lib\sqlite3.dll
2015-05-14 23:53 - 2015-05-14 23:53 - 00008192 _____ () m:\Program Files (x86)\SABnzbd\lib\select.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00009728 _____ () m:\Program Files (x86)\SABnzbd\lib\_yenc.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00012288 _____ () m:\Program Files (x86)\SABnzbd\lib\Cheetah._namemapper.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00135168 _____ () m:\Program Files (x86)\SABnzbd\lib\pyexpat.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00040960 _____ () m:\Program Files (x86)\SABnzbd\lib\win32process.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00110592 _____ () m:\Program Files (x86)\SABnzbd\lib\win32file.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00014848 _____ () m:\Program Files (x86)\SABnzbd\lib\win32evtlog.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00024576 _____ () m:\Program Files (x86)\SABnzbd\lib\servicemanager.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00019968 _____ () m:\Program Files (x86)\SABnzbd\lib\win32pipe.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00155648 _____ () m:\Program Files (x86)\SABnzbd\lib\win32gui.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00176128 _____ () m:\Program Files (x86)\SABnzbd\lib\winxpgui.pyd
2015-09-25 22:29 - 2015-09-21 22:01 - 00778240 _____ () m:\games\Steam\SDL2.dll
2015-07-05 13:05 - 2015-07-03 18:12 - 04962816 _____ () m:\games\Steam\v8.dll
2015-09-25 22:29 - 2015-09-25 01:36 - 02422464 _____ () m:\games\Steam\video.dll
2015-07-05 13:05 - 2015-07-03 18:12 - 01556992 _____ () m:\games\Steam\icui18n.dll
2015-07-05 13:05 - 2015-07-03 18:12 - 01187840 _____ () m:\games\Steam\icuuc.dll
2015-09-25 22:29 - 2015-09-24 02:33 - 02549248 _____ () m:\games\Steam\libavcodec-56.dll
2015-09-25 22:29 - 2015-09-24 02:33 - 00491008 _____ () m:\games\Steam\libavformat-56.dll
2015-09-25 22:29 - 2015-09-24 02:33 - 00332800 _____ () m:\games\Steam\libavresample-2.dll
2015-09-25 22:29 - 2015-09-24 02:33 - 00442880 _____ () m:\games\Steam\libavutil-54.dll
2015-09-25 22:29 - 2015-09-24 02:33 - 00485888 _____ () m:\games\Steam\libswscale-3.dll
2015-09-25 22:29 - 2015-09-25 01:36 - 00704192 _____ () M:\Games\Steam\bin\chromehtml.DLL
2015-09-25 22:29 - 2015-09-14 22:20 - 00193536 _____ () m:\games\Steam\bin\openvr_api.dll
2015-09-25 22:29 - 2015-09-24 02:33 - 44931464 _____ () M:\Games\Steam\bin\libcef.dll
2015-09-25 22:29 - 2015-09-25 01:56 - 00119208 _____ () m:\games\Steam\winh264.dll
2015-07-09 19:32 - 2015-07-09 19:32 - 00039384 _____ () m:\Program Files\FileZilla FTP Client\fzshellext.dll
2004-09-30 19:09 - 2004-09-30 19:09 - 00155648 _____ () C:\Program Files\LinkShellExtension\32\RockallDLL.dll
==================== Alternate Data Streams (Whitelisted) =========
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk"
HKLM\...\StartupApproved\StartupFolder: => "BtProx.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Duplicati.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "OODefragTray"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "Command Center"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKLM\...\StartupApproved\Run32: => "CitrixReceiver"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\StartupApproved\StartupFolder: => "Citrix Receiver.lnk"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\StartupApproved\Run: => "LoxCONTROL"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{93A9D61A-C2CC-45FF-9736-23793DA77273}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{EA127691-ADB9-4F0B-B0FD-AB5EB632C67B}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{8F4D2F0C-BD4C-4B4D-90B3-77B222762829}] => (Allow) M:\Games\Steam\Steam.exe
FirewallRules: [{4E343A9F-EC5D-4F7A-8CF1-A750E276C07E}] => (Allow) M:\Games\Steam\Steam.exe
FirewallRules: [{03902AB5-B25F-45BB-8C16-90E425BC2AC2}] => (Allow) M:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{CC3563A8-7E9C-4CAF-8936-7B50032964E1}] => (Allow) M:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{D93BFC92-376E-42BD-A029-95D881FE2B20}] => (Block) M:\Games\Among The Sleep\Among the Sleep.exe
FirewallRules: [TCP Query User{CAE86FAE-9634-437F-958D-172A40D9404E}M:\program files\hexchat\hexchat.exe] => (Allow) M:\program files\hexchat\hexchat.exe
FirewallRules: [UDP Query User{FE4563EA-3D80-47A8-9586-E5C4EC0C6091}M:\program files\hexchat\hexchat.exe] => (Allow) M:\program files\hexchat\hexchat.exe
FirewallRules: [TCP Query User{0CB8D9BD-342F-4B68-BD34-EB0E126ABF8A}M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe] => (Allow) M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe
FirewallRules: [UDP Query User{6F261233-0EAF-4602-921B-0E348756F6B6}M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe] => (Allow) M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe
FirewallRules: [{719F55C5-3B05-428D-96A8-5B992A9FA14D}] => (Block) M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe
FirewallRules: [{5F409192-87EA-4082-9F85-245A307D55F7}] => (Block) M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe
FirewallRules: [{D5ACBDDB-67C1-49A2-8DD2-A912B57697E6}] => (Allow) M:\Games\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{B93FC633-5D81-4906-B52D-992178B5A689}] => (Allow) M:\Games\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{5750AFC2-4E6C-44ED-8940-A0FB8632D288}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Next Car Game.exe
FirewallRules: [{A966AA43-3589-4B86-9F65-D76F57E936D3}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Next Car Game.exe
FirewallRules: [{E8CB60F1-2C74-461C-BC20-8C3CF692EAEB}] => (Allow) M:\Games\Steam\SteamApps\common\Next Car Game Sneak Peek 2.0\Next Car Game Technology Sneak Peek.exe
FirewallRules: [{5CE349E4-8246-4224-8DBB-20676A117AA4}] => (Allow) M:\Games\Steam\SteamApps\common\Next Car Game Sneak Peek 2.0\Next Car Game Technology Sneak Peek.exe
FirewallRules: [{0E5E3A5F-1470-43D5-8183-A413609E76F6}] => (Allow) M:\Games\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [{B05D355A-5BDF-4A17-9416-D4F8509096BF}] => (Allow) M:\Games\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [{1DC7625F-FFD6-4C6A-81C4-10DF996F4983}] => (Allow) M:\Games\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
FirewallRules: [{FDCB3062-A859-4F1F-B8C2-D1C7B61DD02E}] => (Allow) M:\Games\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
FirewallRules: [{24B729FF-C01B-4FFA-B936-F6B312CA1E54}] => (Allow) M:\Games\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [{B9E06E7D-CBBE-4B5A-AF0C-64C519220453}] => (Allow) M:\Games\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [TCP Query User{AE566132-E296-40EC-B222-BA8946B8B0BA}C:\users\mongole\downloads\elemental\elemental\windowsnoeditor\elemental\binaries\win64\elemental.exe] => (Block) C:\users\mongole\downloads\elemental\elemental\windowsnoeditor\elemental\binaries\win64\elemental.exe
FirewallRules: [UDP Query User{57B759ED-0472-4B12-905F-FD888F0BC24F}C:\users\mongole\downloads\elemental\elemental\windowsnoeditor\elemental\binaries\win64\elemental.exe] => (Block) C:\users\mongole\downloads\elemental\elemental\windowsnoeditor\elemental\binaries\win64\elemental.exe
FirewallRules: [{D9FD30EB-C8EE-4679-8631-82DA268DCDD1}] => (Block) M:\Games\WATCH_DOGS\bin\watch_dogs.exe
FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-UDP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe
FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-TCP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe
FirewallRules: [TCP Query User{E04BA44D-E370-4EAA-9F3E-E484073EC533}M:\program files (x86)\ftprush\ftprush.exe] => (Allow) M:\program files (x86)\ftprush\ftprush.exe
FirewallRules: [UDP Query User{B3FA4B4F-5058-4652-9ECF-7A45B1ED2283}M:\program files (x86)\ftprush\ftprush.exe] => (Allow) M:\program files (x86)\ftprush\ftprush.exe
FirewallRules: [{187BB2E4-41B5-4F8C-BA26-B6F5187611FB}] => (Block) M:\Games\Trials Fusion\datapack\trials_fusion.exe
FirewallRules: [{DF7EBA93-CD1B-41F7-9817-2711459CC6BE}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{CC547B3F-96A2-4889-8F80-E2B1E7761801}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher64.exe
FirewallRules: [{1572EA49-ADE2-4C38-B281-79ADA014E6BA}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe
FirewallRules: [{DD90AC4E-1894-4727-9669-3A2599B31227}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\UplayCrashReporter.exe
FirewallRules: [{C58F9CFE-6A73-4F16-BF2C-42100D2E24A9}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\UplayService.exe
FirewallRules: [{CE0A13B8-58DC-4E41-A17F-60BEC59C6D5C}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
FirewallRules: [{6467AF19-0EE0-449E-8267-AE1CD9FE6C86}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{5E71C38C-12C2-4525-8368-140E9B0651AD}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{0553671B-D681-465E-8217-729E0B9F5C08}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{7355E8BA-3A49-4D2A-A914-EDDCD09092C0}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{FE8477E1-BFB5-453B-863E-18C87C49DCBD}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{92253110-3C21-46F0-8956-04F4818BB5D4}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{9AEE164A-094B-4D25-8C64-9B7312BF8F71}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{91376A69-DDA3-4AFD-B0D3-9FC1FB13118A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{F3706D39-519D-4DC5-A6F0-03ED0353321D}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{6A291437-DBEF-41BF-82FA-20FE0F40FFD5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{596DE404-29BE-48C7-8E0C-6F13A916F82E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{DDB25983-DA26-4F5D-B66A-E761589812EF}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{8B657919-489F-4601-A7FA-A2C6882D5FBB}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{2E8EAB9A-4AE2-4749-98B3-F4738A3DCF8A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{5F93B048-8BE3-42D9-8C18-95860B649000}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{3AC94CCE-9D93-4B37-AF99-D3B91E6C41E8}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{03888570-F02F-4B35-9B7A-7F824E874BC6}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{29F927E9-7C77-418E-AE49-6C49E7AB9938}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{F6A58D82-03B3-42D4-8572-307AB1778ADF}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
FirewallRules: [{D6BE42DA-F290-428D-8B53-B4D9A123D3A6}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{0DA83BAE-4CA8-48BB-994E-C5734FCD17BA}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{22500A13-0509-46B6-A1EA-DD384F13EFFC}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{A4C092C3-FD50-4497-9B03-2B986FD0610A}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{89B65D33-CB91-48E4-BB0F-7196148D003A}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{225FCD44-2F72-459E-A061-61C61B6BFB96}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{031901DB-691B-4225-AAEB-3B3012E0944B}] => (Block) M:\Games\Dead Rising 3\deadrising3.exe
FirewallRules: [{2FAA661B-FFE6-4E30-A795-45F4AFB1B5A3}] => (Allow) M:\Program Files\ShrewSoft\VPN Client\ipseca.exe
FirewallRules: [{A44800DD-9F6E-423E-A920-F28BF6394155}] => (Allow) M:\Program Files\ShrewSoft\VPN Client\ipseca.exe
FirewallRules: [{41A10A08-83DA-4902-AF3C-DFC140F9C2C1}] => (Allow) M:\Program Files\ShrewSoft\VPN Client\ipseca.exe
FirewallRules: [{548FF84B-1FD0-4B4B-B59F-6C4480ADA871}] => (Allow) M:\Program Files\ShrewSoft\VPN Client\ipseca.exe
FirewallRules: [TCP Query User{0B0F6C9B-A509-4A31-BDD0-DA090D38544A}M:\program files\bitcoin\bitcoin-qt.exe] => (Allow) M:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{D0F9293A-D5F9-4176-942A-14B0EE6FEFE2}M:\program files\bitcoin\bitcoin-qt.exe] => (Allow) M:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [TCP Query User{BA7F7F90-0A5D-4836-886C-7945BF025249}M:\program files (x86)\peerunity\peerunity.exe] => (Allow) M:\program files (x86)\peerunity\peerunity.exe
FirewallRules: [UDP Query User{593D609D-BB99-4C92-ACFA-2242B473087F}M:\program files (x86)\peerunity\peerunity.exe] => (Allow) M:\program files (x86)\peerunity\peerunity.exe
FirewallRules: [TCP Query User{353B3934-877C-444F-BB0F-05353D29F238}M:\games\rayman legends\rayman legends.exe] => (Block) M:\games\rayman legends\rayman legends.exe
FirewallRules: [UDP Query User{9E489310-FB55-422F-B256-C07A6B3464B9}M:\games\rayman legends\rayman legends.exe] => (Block) M:\games\rayman legends\rayman legends.exe
FirewallRules: [{7C448746-1ABA-4171-92D1-B3C1AEE15EBB}] => (Allow) M:\Games\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{52BA6252-B166-4F45-A26E-C3B5AABBDBEE}] => (Allow) M:\Games\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{3DCF4608-5EAA-49A7-A339-352A5D3088B8}] => (Allow) M:\Games\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{CDFD4323-40AF-4BAB-88A1-98CD9DACA9E6}] => (Allow) M:\Games\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{741DCFA0-D75A-4400-9429-AB0E47BA78AB}] => (Allow) M:\Games\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{C033527A-5BEA-412A-91A3-A7B812159165}] => (Allow) M:\Games\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{6D6FD5E4-BEEB-4E3C-8ED6-EC25A7FA8D90}] => (Allow) M:\Games\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{424FC9EB-D860-43BC-9F4C-CA7DF1D47A1F}] => (Allow) M:\Games\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [TCP Query User{A007A484-31C1-423A-9741-EF0F102E0A04}M:\program files (x86)\dbox_ifa\dbox_ifa.exe] => (Allow) M:\program files (x86)\dbox_ifa\dbox_ifa.exe
FirewallRules: [UDP Query User{F8D760CE-F07C-4D75-A223-7D3030BA4191}M:\program files (x86)\dbox_ifa\dbox_ifa.exe] => (Allow) M:\program files (x86)\dbox_ifa\dbox_ifa.exe
FirewallRules: [TCP Query User{B3D764C2-6B42-4AE0-BB14-E57855C49C81}M:\program files\ditto\ditto.exe] => (Block) M:\program files\ditto\ditto.exe
FirewallRules: [UDP Query User{2208B81E-9862-45CE-BF00-E06B06FE42FC}M:\program files\ditto\ditto.exe] => (Block) M:\program files\ditto\ditto.exe
FirewallRules: [TCP Query User{B118B254-1E4A-45DB-8896-42FE882592CE}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [UDP Query User{3E3D3325-65CD-4204-9FB0-7A6BC89025CD}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [{37A7B427-CA8B-436B-948B-201604E87AD3}] => (Allow) M:\Games\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{F0EB2202-4591-410F-BEF5-EACB99F653BB}] => (Allow) M:\Games\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{77B53A83-3F0C-4BE1-9B34-3942C55AEFF3}] => (Allow) M:\Games\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{567CA49D-EF01-4354-A9C0-A94A8C3DEB04}] => (Allow) M:\Games\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{22489C17-4A10-47E6-9DDB-40A465130AB7}] => (Allow) M:\Games\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{6F3316D0-397D-4AF4-94B5-146DCED31F04}] => (Allow) M:\Games\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{6E18E2EC-EB19-434D-A845-71DF8B3A0254}] => (Allow) M:\Games\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{635EC92B-D555-4026-B744-280CFA96E10B}] => (Allow) M:\Games\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{BE9DB318-4890-4372-856E-41EC1D7EECD2}] => (Allow) M:\Games\Blur(TM)\Blur.exe
FirewallRules: [{EA2E5CD4-23B2-4AF6-B156-3A573CAAED7D}] => (Allow) M:\Games\Blur(TM)\Blur.exe
FirewallRules: [{C5E3C8F5-A371-4923-9449-8092826FED5A}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Wreckfest.exe
FirewallRules: [{49E3C0FF-AD6A-4AEC-93B4-2B7E1BC9C30C}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Wreckfest.exe
FirewallRules: [{2D8BE52D-6E74-41E7-8588-8C529C454005}] => (Allow) M:\Games\Steam\SteamApps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{1DB302D7-6BF1-4DA4-BB7A-C8CF7C4BCAA2}] => (Allow) M:\Games\Steam\SteamApps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{EF65FD05-429F-486A-BE80-CAA534F858BB}] => (Block) M:\Games\The Vanishing of Ethan Carter\Binaries\Launcher.exe
FirewallRules: [{70DC3DBF-8E54-4852-AF6B-CA74585DDA34}] => (Block) M:\Games\The Vanishing of Ethan Carter\Binaries\Win32\AstronautsGame-Win32-Shipping.exe
FirewallRules: [{3CFBC750-DEBE-4991-B4F7-98EC7E5E110A}] => (Block) M:\Games\The Vanishing of Ethan Carter\Binaries\Win64\AstronautsGame-Win64-Shipping.exe
FirewallRules: [TCP Query User{DA619417-710D-4B45-AD6E-517A45D28327}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{9462B7D4-F5FB-489A-8C57-2D9CB066A4D0}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{B34AA0A5-85B1-418F-A075-CD9E6F6D16BD}M:\program files\i2pd\i2pd.exe] => (Allow) M:\program files\i2pd\i2pd.exe
FirewallRules: [UDP Query User{605315F6-8373-4389-BF68-C5A8EEF0AEAD}M:\program files\i2pd\i2pd.exe] => (Allow) M:\program files\i2pd\i2pd.exe
FirewallRules: [{AB1A890A-2AC5-4123-B154-4EF5B2AEB26B}] => (Block) M:\Games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{2E47CA85-99A9-4F88-B23A-8E12B8997BFF}] => (Block) M:\Games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{3089E656-5C03-4363-83C3-E7FA683A8F51}] => (Block) M:\Games\Assassin's Creed Unity\ACU.exe
FirewallRules: [{BDBF07E9-5DB8-4F48-BB53-58A9F7A6DFEA}] => (Block) M:\Games\Call of Duty - Advanced Warfare\s1_sp64_ship.exe
FirewallRules: [TCP Query User{248ED716-F16E-44DB-9AD4-B058324DE469}M:\program files (x86)\foobar2000\foobar2000.exe] => (Allow) M:\program files (x86)\foobar2000\foobar2000.exe
FirewallRules: [UDP Query User{481E01E6-2DCF-4B07-B4F0-CFE2A9B94A35}M:\program files (x86)\foobar2000\foobar2000.exe] => (Allow) M:\program files (x86)\foobar2000\foobar2000.exe
FirewallRules: [{994A1CE8-2287-416F-B04B-1AE713189E34}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4F951DC3-AE7F-4752-9A28-D7FE188CFE72}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A2657D70-93EE-4889-ADED-399F97137134}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AFC3D7CC-6E4A-43DA-9CD5-F84CF71A4AEF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{14BB8CD7-7D9B-4692-96EF-3424D851621F}] => (Allow) M:\Games\Steam\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{8697AC22-942A-473D-91DC-2927AF54E181}] => (Allow) M:\Games\Steam\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{49A9219E-D6A1-4331-959A-F8225D224646}] => (Block) M:\Games\Emergency 5\bin\x64r\emergency5.exe
FirewallRules: [{24D0EDF5-3D35-4BC6-A11C-0EA80F5B15C5}] => (Block) M:\Games\Emergency 5\bin\em5_launcher.exe
FirewallRules: [{3A5CE854-47D2-478F-A416-2A0D75D807A8}] => (Block) M:\Games\Pro Evolution Soccer 2015\PES2015.exe
FirewallRules: [{364E73A1-3F3A-48D2-BFC3-9EAA3BA8FCB7}] => (Allow) M:\Games\Steam\SteamApps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [{7D9BDA86-4F5F-4A0D-BC52-43FB70631D9C}] => (Allow) M:\Games\Steam\SteamApps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [{434C59DE-4EF6-421C-A076-377BA4555A78}] => (Allow) M:\Games\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{BD9A86DE-A41C-4D3C-8938-625D38B4AA2B}] => (Allow) M:\Games\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{5BC67C73-3F89-4144-88DE-851A05C5A7F5}] => (Allow) M:\Games\Steam\SteamApps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{E22BDA91-8BE1-4B58-ABE2-312B69F5F92E}] => (Allow) M:\Games\Steam\SteamApps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{91417446-187E-4267-B32C-C059EF295953}] => (Allow) M:\Games\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{6C4A73F7-42B8-4145-9570-5CD92BE6B74E}] => (Allow) M:\Games\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0F0C0F0D-5AB2-469B-8068-5E8BC056651D}] => (Block) M:\Games\Metal Gear Solid V Ground Zeroes\MgsGroundZeroes.exe
FirewallRules: [{AC9B1FCB-C8C2-4E45-B77E-E3B2D57AC311}] => (Allow) M:\Games\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanet.exe
FirewallRules: [{7AC59EA4-65D8-43BE-ACBA-2E57801BD21D}] => (Allow) M:\Games\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanet.exe
FirewallRules: [{BFBC1A6D-9314-4E9E-9673-FF0FB1F1384A}] => (Allow) M:\Games\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{9C5C78ED-A765-454B-9FAB-3F93D91B9B86}] => (Allow) M:\Games\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{5D9C1722-FBDD-4C74-87C0-A94AB690A075}] => (Allow) M:\Games\Steam\SteamApps\common\FlatOut Ultimate Carnage\launcher.exe
FirewallRules: [{F44B4D68-2890-4DB1-BBE8-018CD747B1BE}] => (Allow) M:\Games\Steam\SteamApps\common\FlatOut Ultimate Carnage\launcher.exe
FirewallRules: [TCP Query User{BFB0493B-F9B2-4DEC-BAE3-C685C9019F0F}C:\program files (x86)\qtdsync\bin\rsync.exe] => (Allow) C:\program files (x86)\qtdsync\bin\rsync.exe
FirewallRules: [UDP Query User{BFA826F7-C0C0-4238-997C-2FB753CE6FB2}C:\program files (x86)\qtdsync\bin\rsync.exe] => (Allow) C:\program files (x86)\qtdsync\bin\rsync.exe
FirewallRules: [{35D61A5D-9977-4F07-9CC3-30B4FA52B1D0}] => (Block) C:\program files (x86)\qtdsync\bin\rsync.exe
FirewallRules: [{A9E99EF8-F7EA-42C4-8425-4180640D9C7B}] => (Block) C:\program files (x86)\qtdsync\bin\rsync.exe
FirewallRules: [{B579E7C8-7067-4018-94B5-53DFFC0F86AC}] => (Allow) m:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{714671A4-D83E-4843-8200-5EF35EEB6071}] => (Allow) m:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{8C9DED58-3E6C-4F1E-89E2-2B6CC8869C08}] => (Allow) M:\Games\Steam\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{70C6E6DF-16D1-4397-A00A-FD7FC9D5837B}] => (Allow) M:\Games\Steam\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [TCP Query User{B1294E6B-9A5F-4016-8B09-AB4DB9317ED8}M:\retroshare\retroshare.exe] => (Allow) M:\retroshare\retroshare.exe
FirewallRules: [UDP Query User{62B71617-8077-4ACC-BAE7-84C9B01C11DB}M:\retroshare\retroshare.exe] => (Allow) M:\retroshare\retroshare.exe
FirewallRules: [{4B7EECCA-3EA2-406D-A351-ACECAA053534}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{344ABB5D-B36B-4A47-AAF5-7ADD539C9819}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{A1230E38-BC6B-4423-884E-7C04AC6EAC4D}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{6137CAEF-525D-477E-B6F0-AE8653E9B9E6}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{552F8607-4925-48F5-BE29-AA29716535CD}] => (Allow) M:\Games\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{F0AF273C-F0D8-49B6-B5D0-140BAB3C20C8}] => (Allow) M:\Games\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [TCP Query User{129DA68C-10D5-4A54-AF78-FE14626F89FA}M:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) M:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{C96FEB0A-D1EC-4E8A-9D67-A9B88FFBCCE4}M:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) M:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{90635068-74C0-4A5E-89D7-A1002938EC7F}] => (Allow) M:\Games\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{DBFC02B6-D19F-4687-9775-9FC9C684EFFC}] => (Allow) M:\Games\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{86E9F973-34FA-45FC-B29F-10D355AC9A51}C:\users\mongole\appdata\roaming\tonido\tonido.exe] => (Allow) C:\users\mongole\appdata\roaming\tonido\tonido.exe
FirewallRules: [UDP Query User{5071F1DA-BC94-4605-8817-969D0BFD4F8C}C:\users\mongole\appdata\roaming\tonido\tonido.exe] => (Allow) C:\users\mongole\appdata\roaming\tonido\tonido.exe
FirewallRules: [{BBD735BF-2935-41CE-803D-F951C13DF71B}] => (Allow) M:\Program Files\Vuze\Azureus.exe
FirewallRules: [{182E01A8-6389-4022-90B0-F77DAD0D3A2D}] => (Allow) M:\Program Files\Vuze\Azureus.exe
FirewallRules: [{96093A0B-AE70-4943-BBA1-A1C943E10B1D}] => (Block) M:\Games\Saints Row Gat out of Hell\SaintsRowGatOutOfHell.exe
FirewallRules: [{C697EC6B-941F-4972-80A4-20BF80ADE92D}] => (Allow) M:\Program Files\Synergy\synergys.exe
FirewallRules: [{ED48CF50-3137-4FA0-AAA6-5129EBDE836B}] => (Block) F:\Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{AEB39B74-EA27-4022-9E46-5AF81D6A6A40}] => (Block) F:\Games\Dragon Age Inquisition\Launcher.exe
FirewallRules: [{5E27A642-B227-4D97-BF24-FB6531F7428A}] => (Block) F:\Games\Trials Fusion - Fire in the Deep\datapack\trials_fusion.exe
FirewallRules: [{06AECA0B-4B68-4A6C-BD7D-793672D2CFDB}] => (Block) F:\Games\3DMGAME-OMSI.2.Cracked-3DM\OMSI 2\Omsi.exe
FirewallRules: [{1F3E9DB3-03E8-4A19-9C64-9B1CC5CFCA35}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [{D39DA46A-34CE-4CDC-91E3-B23FCBB3CCF7}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [TCP Query User{9D01AC1A-8587-4434-9378-0AE4F03A5597}M:\program files (x86)\pidgin\pidgin.exe] => (Allow) M:\program files (x86)\pidgin\pidgin.exe
FirewallRules: [UDP Query User{5B6510ED-491C-4992-890F-2AFEF91BA430}M:\program files (x86)\pidgin\pidgin.exe] => (Allow) M:\program files (x86)\pidgin\pidgin.exe
FirewallRules: [TCP Query User{79003072-7204-4FD4-A113-F26A93E6666F}C:\program files (x86)\namecoin\namecoin-qt.exe] => (Allow) C:\program files (x86)\namecoin\namecoin-qt.exe
FirewallRules: [UDP Query User{79209835-BB21-48E2-88D3-2B4BBC0F3C7D}C:\program files (x86)\namecoin\namecoin-qt.exe] => (Allow) C:\program files (x86)\namecoin\namecoin-qt.exe
FirewallRules: [TCP Query User{4808077D-D942-4D3B-B786-201B96987BC5}C:\program files\psi\psi.exe] => (Allow) C:\program files\psi\psi.exe
FirewallRules: [UDP Query User{72C89448-729D-4574-8CDD-2D154030E0D6}C:\program files\psi\psi.exe] => (Allow) C:\program files\psi\psi.exe
FirewallRules: [{A8D44089-9785-43A4-9DC7-D27C5A79DC31}] => (Block) F:\Gamez\BroForce.v2014.10.07.Build.2598.Steam.Workshop.Update-TPTB\TPTB-BROF\TPTB-BROF\Broforce October Update\BROFORCE_Beta.exe
FirewallRules: [{736CB91D-01D2-46D3-B0A2-D3BE74141EE2}] => (Block) F:\Games\Dying Light\DyingLightGame.exe
FirewallRules: [{CD88DD7D-65A1-49CD-A9A4-885A38FDEA8A}] => (Block) F:\Games\Rockstar Games\Grand Theft Auto IV\GTAIV.exe
FirewallRules: [{AC11F986-70E8-4B52-AA75-40BE1BBF4EB7}] => (Block) F:\Games\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [TCP Query User{6F45770F-CC60-4B45-B987-6FFF5BCAC5C2}C:\users\mongole\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\mongole\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{C53BE3F0-1538-42CF-920E-70BC0FE9F2F0}C:\users\mongole\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\mongole\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{0E43AE6C-F566-441F-96DD-B2EC395A4B74}] => (Allow) B:\TEMP\_ISTMP1.DIR\_ISTMP0.DIR\igd_finder.exe
FirewallRules: [{BEF016FB-4A83-428F-AE38-F4CC47A8E977}] => (Allow) B:\TEMP\_ISTMP1.DIR\_ISTMP0.DIR\igd_finder.exe
FirewallRules: [{3ACC59E7-64E4-48BD-95DB-CEC3493EAD56}] => (Allow) LPort=5031
FirewallRules: [{985DEDCD-8156-49C2-A98C-0F5D568955C3}] => (Allow) B:\TEMP\_ISTMP1.DIR\_INS5576._MP
FirewallRules: [{3C8DF17D-7E92-4FE4-A012-90F339DBA74A}] => (Allow) B:\TEMP\_ISTMP1.DIR\_INS5576._MP
FirewallRules: [{9E35948F-1B11-4193-99FF-008033B75385}] => (Block) F:\Games\Battle vs. Chess\battlevschess.exe
FirewallRules: [{B35AEF73-DAB2-40F1-A36A-74686E90E011}] => (Block) F:\Games\Battle vs. Chess\Activation.exe
FirewallRules: [TCP Query User{2FDE19C3-BD20-4A2C-ADD7-176EB09056F0}M:\games\blur(tm)\blur.exe] => (Block) M:\games\blur(tm)\blur.exe
FirewallRules: [UDP Query User{558AA483-C8E2-4E0A-A7C7-B4188F6801BE}M:\games\blur(tm)\blur.exe] => (Block) M:\games\blur(tm)\blur.exe
FirewallRules: [TCP Query User{B37A88D8-AE18-4F67-A0D5-C8370A3CDEB1}M:\games\rayman legends\rayman legends.exe] => (Block) M:\games\rayman legends\rayman legends.exe
FirewallRules: [UDP Query User{696A7DD7-A729-4D59-A679-13A94CEEF629}M:\games\rayman legends\rayman legends.exe] => (Block) M:\games\rayman legends\rayman legends.exe
FirewallRules: [TCP Query User{05D25445-45D5-47B0-BDFC-D38C1618EDCE}C:\program files\pale moon\plugin-container.exe] => (Allow) C:\program files\pale moon\plugin-container.exe
FirewallRules: [UDP Query User{D6A37DB2-C5DD-41AA-A8F4-3624A8892794}C:\program files\pale moon\plugin-container.exe] => (Allow) C:\program files\pale moon\plugin-container.exe
FirewallRules: [{5D731F2D-E351-4A43-A2E5-E19D15A83FD8}] => (Block) F:\Gamez\The.Talos.Principle.Build.220996.Incl.DLC-TPTB\TPTB-TLOS\Steam\SteamApps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{D60796AB-0E37-4B2C-BCD2-3A0135FCC88B}] => (Block) F:\Games\Fahrenheit Indigo Prophecy Remastered\Fahrenheit.exe
FirewallRules: [{D1065750-03A4-4CE8-B5CD-6AD7E9CE0A2E}] => (Block) F:\Games\Oddworld - New 'n' Tasty\NNT.exe
FirewallRules: [TCP Query User{A7A7E28E-8338-4353-AC74-0E7D2A7EA058}M:\program files\ditto\ditto.exe] => (Block) M:\program files\ditto\ditto.exe
FirewallRules: [UDP Query User{6C3779EB-AFD3-414E-ACB7-B3BEEBEC2CEB}M:\program files\ditto\ditto.exe] => (Block) M:\program files\ditto\ditto.exe
FirewallRules: [{B4577D29-771C-48CD-A1E7-65339FE68945}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{4DB29EAC-77E7-41EC-99EB-570E5597E310}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [TCP Query User{A965A841-AE03-42FC-9F36-9BE27DA91E59}C:\program files\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\java.exe
FirewallRules: [UDP Query User{573A76E3-7DF7-4FAD-AEF0-67FDE6452099}C:\program files\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\java.exe
FirewallRules: [{34C111C1-EBAA-4987-AFD8-83EE4B0D0FD4}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [{DB2F5B50-E8F4-451C-B246-84561FAD53DA}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [TCP Query User{C70BBCDA-5126-4E1B-82C1-0A34064B2DEF}F:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) F:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{65D6FCA4-7447-4B0C-A805-F48B13CE81D4}F:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) F:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [{39BD05E6-034C-414E-8492-9A78F82FADD4}] => (Allow) M:\Games\Steam\SteamApps\common\SS2\Shock2.exe
FirewallRules: [{7E24D3D2-C045-43AA-8468-940A1423E5A1}] => (Allow) M:\Games\Steam\SteamApps\common\SS2\Shock2.exe
FirewallRules: [{A91A2A3D-69FE-478D-95DF-8E13C0A6F3BD}] => (Block) F:\Games\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{B08B78C4-702C-402E-9342-9F7FF8D98A97}] => (Block) F:\Games\Trials Fusion - After the Incident\datapack\trials_fusion.exe
FirewallRules: [{C76E1CA4-3F96-400F-A90A-87B12EF0417A}] => (Block) F:\Games\DEAD OR ALIVE 5 Last Round\game.exe
FirewallRules: [{2083F763-2AB4-4B67-9754-0D84DEF43F2C}] => (Block) F:\Games\DEAD OR ALIVE 5 Last Round\startup_setting.exe
FirewallRules: [{779CB0C0-93C8-40A1-9EA7-0227EF5E3309}] => (Block) F:\Games\Bloodsports TV\bloodsports.exe
FirewallRules: [TCP Query User{9FE9ED83-9B64-4FD4-AEBF-67739A0E27C7}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{B14740C1-962F-4B73-BF1B-6F892C6013B2}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{D44D9DE4-4333-493F-8612-D50976EFD424}] => (Block) F:\Games\Ori and the Blind Forest\ori.exe
FirewallRules: [{CE062D04-75A1-4186-9F23-EC9A12CE7715}] => (Allow) M:\Program Files\Wippien\Wippien.exe
FirewallRules: [{971FF926-DFC9-4AC2-B8D5-7AF50EA5AE63}] => (Allow) M:\Program Files\Wippien\Wippien.exe
FirewallRules: [{AECBF9FB-0FBB-4E78-8616-D5E91EAD280E}] => (Allow) C:\Users\mongole\AppData\Local\Maelstrom\Application\chrome.native.torrent.exe
FirewallRules: [{88E1287D-00D7-406A-96AB-5F593B01A404}] => (Allow) C:\Users\mongole\AppData\Local\Maelstrom\Application\chrome.native.torrent.exe
FirewallRules: [{CF7C1938-2A8A-46EB-AC5A-FEEDC692EC91}] => (Allow) M:\Games\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{16E625D0-D511-4E5D-BF1C-71F5DC0888FA}] => (Allow) M:\Games\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{641D6791-3FBC-4D66-BA37-0828F7A3DF4C}M:\games\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) M:\games\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{5E3155A6-D119-408B-B5CE-544F0B9E908A}M:\games\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) M:\games\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{73AD9C2C-228E-41B1-86DB-554541EE7022}] => (Block) M:\games\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{D4661D20-C5E0-4B2F-9B49-D355B2E44FDA}] => (Block) M:\games\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{CB34AD36-031F-43F7-A7B0-DBA351DAA6F2}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{127FE993-610A-4EE5-8D1E-DB2FF9F13367}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{1213E8AB-23AC-4820-B5C2-92F537D8F8E2}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{8D30DB3A-B89E-4C03-B1BA-A1C04C778825}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{11203B2E-2219-4493-9A4B-663998506188}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{D88E7769-DAD5-4764-9AEE-A5382D36FC6E}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{1A166CDC-F18D-49CB-B768-ED86C22697AC}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\Paradise Lost\System\ParadiseLost.exe
FirewallRules: [{5EF3BE44-4F20-42DF-9DD5-118EA597DEAB}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\Paradise Lost\System\ParadiseLost.exe
FirewallRules: [TCP Query User{EFE008D3-79C7-4413-B298-1A8C13399889}M:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) M:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CA960FFF-09E6-4DBF-9FEC-30078E7E18F7}M:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) M:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{05A367DC-A9AD-480C-A486-F0FDCB8A6CE0}] => (Block) M:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{318A177A-0184-4FF2-BAFD-2C3B0D2E7AC7}] => (Block) M:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{D77AAA5D-49E2-4562-AAA9-9A6789F4F407}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{CBF933FA-01D5-4200-85D8-90958F02DFAF}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{65B58FCE-85C8-4B19-B747-0C067DEAA68C}] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{F50DEFA1-AB04-4665-8620-E74261B95C31}] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{CB23A8B5-7631-44A5-A8A7-3B338917814F}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{52801A91-0552-494F-9891-472499331805}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{6759AF2D-B7BA-4662-9A18-24123561DBFA}] => (Allow) M:\Games\Steam\SteamApps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{25FFBEF5-EDBB-4AFE-A0E7-AFDFAD49EB60}] => (Allow) M:\Games\Steam\SteamApps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [TCP Query User{12A981BD-E07E-4110-BE87-A1AC5EF2C1B2}M:\program files (x86)\sabnzbd\sabnzbd.exe] => (Allow) M:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [UDP Query User{0DFEEF7D-5ABC-4AFF-A927-AD169872BC1B}M:\program files (x86)\sabnzbd\sabnzbd.exe] => (Allow) M:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [{52DA281E-9821-406D-A286-01C75E04A30B}] => (Block) M:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [{AB9BBED0-1FF8-486E-BCC9-E2C80BFE724E}] => (Block) M:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [{17382AC5-9476-4618-B108-4568A910BC63}] => (Block) G:\The Witcher 3 Wild Hunt\bin\x64\witcher3.exe
FirewallRules: [{1F0EDA63-387A-4E84-ACF6-C3CD2E0F49E6}] => (Allow) M:\Program Files (x86)\TV-Browser\tvbrowser.exe
FirewallRules: [{B1E3AF09-708F-46E0-91EA-D06A10529903}] => (Allow) M:\Program Files (x86)\TV-Browser\tvbrowser.exe
FirewallRules: [{4B091B33-232D-4E3B-BFDD-BED29239717C}] => (Allow) M:\Program Files (x86)\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{74C07DD3-D6E7-46D8-B311-D7F32E310458}] => (Allow) M:\Program Files (x86)\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{96AF514A-5398-45B6-BC6E-DE4420836BFA}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_45\bin\java.exe
FirewallRules: [{7138359E-C5DC-49F4-B8B3-193007C43EF9}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_45\bin\java.exe
FirewallRules: [{970B83BE-4ED5-4BB9-B20B-8F8B499F41BD}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{E440A275-5762-4E80-99E1-C3E9728ECAF3}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{8EB0BA31-7B99-4181-AFAE-C526D34AA2EC}] => (Block) G:\Hatred\Hatred\Binaries\Win64\Hatred-Win64-Shipping.exe
FirewallRules: [{89947782-B01B-489D-B391-1EBF191BFA53}] => (Block) F:\Gamez\Trine.3.The.Artifacts.of.Power.v0.06.Cracked-3DM\Trine 3\trine3_launcher.exe
FirewallRules: [{507F57F6-A191-4901-AC71-B6913F535D36}] => (Block) F:\Gamez\Trine.3.The.Artifacts.of.Power.v0.06.Cracked-3DM\Trine 3\trine3_64bit.exe
FirewallRules: [{90DE4BC8-1043-4DE3-9220-662E3444A074}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{06CB0103-7652-47F1-BDE8-FE744E614A48}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{11A69F30-6FBE-4C71-AD3A-3BE743364533}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{308744F5-3D25-4870-A6F6-99149F34AA3B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{45A10B15-5D3F-4267-B46F-8CD4D9CE4EF3}] => (Allow) M:\Games\Steam\SteamApps\common\Nidhogg\Nidhogg.exe
FirewallRules: [{2FE605A5-0756-4724-AC1F-24C64F04316A}] => (Allow) M:\Games\Steam\SteamApps\common\Nidhogg\Nidhogg.exe
FirewallRules: [{71764963-7970-4916-9E52-EEE8F9A590C5}] => (Allow) M:\Games\Steam\SteamApps\common\FORCED\FORCED.exe
FirewallRules: [{D8E79390-5873-4DA8-9A34-4429A18E062D}] => (Allow) M:\Games\Steam\SteamApps\common\FORCED\FORCED.exe
FirewallRules: [{66E4CD1B-797D-43A0-AD47-16F9F607FCF5}] => (Allow) M:\Games\Steam\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{33D865C0-874F-43CF-B308-18D3BA938064}] => (Allow) M:\Games\Steam\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{1F8B8068-4215-4F04-B340-D5E72C00CA69}] => (Allow) M:\Games\Steam\SteamApps\common\And Yet It Moves\And Yet It Moves.exe
FirewallRules: [{BACAE36C-F4C7-44B4-9866-D47900B4688B}] => (Allow) M:\Games\Steam\SteamApps\common\And Yet It Moves\And Yet It Moves.exe
FirewallRules: [{5C1E7824-B02C-4FCC-A39F-9F1D263A079A}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{4A674C27-C404-4E2A-98C3-61DCD39C0DC5}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{BD88A5D0-576A-48C2-84BB-9FC5306D4E91}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{E629AB3E-863F-4E04-A962-69D844A6DA10}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{6B9B3657-81CD-4F66-AE00-8BA5AF84C23D}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{D3E3A14D-4AE7-4D6E-A24C-E5E2E2BA37AE}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [TCP Query User{D9753E3C-9082-462F-AF67-922F33F2DECB}M:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) M:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [UDP Query User{B5F6FA34-9057-49F5-BCE2-6F250F08D27C}M:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) M:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [{065F22E2-E281-402C-85D8-A7E4DA317DF3}] => (Allow) M:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{16139CE7-9FAE-434A-8951-AE36A5672C35}] => (Allow) M:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{051289DE-CFC1-4850-B197-E523E3C340E1}] => (Allow) M:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{57501666-57BF-4A5A-8099-09157351DAE1}] => (Allow) M:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{61A8946B-D000-48CC-B097-0DCB32246503}] => (Allow) M:\Games\Steam\SteamApps\common\Jamestown\Jamestown.exe
FirewallRules: [{8C18E07B-3F1E-4B87-9BD9-E7102C7EBA68}] => (Allow) M:\Games\Steam\SteamApps\common\Jamestown\Jamestown.exe
FirewallRules: [{505362FB-C4C7-45C7-87BE-6C8E4229EF8B}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Wreckfest_x64.exe
FirewallRules: [{74BFEB60-AAA2-41DE-A381-15B9E8C3A44C}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Wreckfest_x64.exe
FirewallRules: [{F975DE6E-91DD-4EC6-805A-D2EF82169F40}] => (Allow) M:\Games\Steam\SteamApps\common\Contagion\contagion.exe
FirewallRules: [{87DCA32C-F9F5-423E-99B3-3233D44F1B4D}] => (Allow) M:\Games\Steam\SteamApps\common\Contagion\contagion.exe
FirewallRules: [{D7DED483-1733-4F91-BB0E-0487D7D7B266}] => (Allow) M:\Games\Steam\SteamApps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{920D4BE6-06D0-44B1-9BAC-77BDDEBA048D}] => (Allow) M:\Games\Steam\SteamApps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{76F30BFB-CC77-4906-A75A-E3D5093A1F00}] => (Allow) M:\Games\Steam\SteamApps\common\How to Survive\Detect.exe
FirewallRules: [{D98EAAC6-9BAC-4531-B6AF-3B1F0E52B3D6}] => (Allow) M:\Games\Steam\SteamApps\common\How to Survive\Detect.exe
FirewallRules: [{1C8B61E4-0FB6-4894-ACEE-B49FF131F16D}] => (Allow) M:\Games\Steam\SteamApps\common\Depth\Binaries\Win64\DepthGame.exe
FirewallRules: [{12427FBA-C50C-48D9-86B1-4F958253598F}] => (Allow) M:\Games\Steam\SteamApps\common\Depth\Binaries\Win64\DepthGame.exe
FirewallRules: [{E71C36B8-6B00-4EC0-8662-9F53AB8A4A92}] => (Allow) M:\Games\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{6C74104F-2FC5-4AE5-A7D9-7C4722F69829}] => (Allow) M:\Games\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{8EC9B25A-4EDB-48C8-B6E0-2898F9A3E025}] => (Allow) M:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{5383EA28-70CB-4517-AB71-32CB05193080}] => (Allow) M:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{55A108E5-A6A7-4AD2-94AE-D3F97CE3F476}M:\program files\jitsi\jitsi.exe] => (Allow) M:\program files\jitsi\jitsi.exe
FirewallRules: [UDP Query User{B63A07FF-59FD-4580-A09E-73DAE9161CAF}M:\program files\jitsi\jitsi.exe] => (Allow) M:\program files\jitsi\jitsi.exe
FirewallRules: [{EC0633FB-51D5-49C4-AADC-184C8ABC411D}] => (Block) M:\program files\jitsi\jitsi.exe
FirewallRules: [{E4D48C8C-5D30-41BA-811C-7C4214CB8F51}] => (Block) M:\program files\jitsi\jitsi.exe
FirewallRules: [TCP Query User{00235518-81DE-4051-B77A-C71B70D27B37}M:\program files (x86)\free download manager\fdm.exe] => (Allow) M:\program files (x86)\free download manager\fdm.exe
FirewallRules: [UDP Query User{8FB43FF3-EE4A-4059-A1BF-4B595DACF09A}M:\program files (x86)\free download manager\fdm.exe] => (Allow) M:\program files (x86)\free download manager\fdm.exe
FirewallRules: [{BE8EFA65-8618-4B50-A992-1368DDB3D0E8}] => (Block) M:\program files (x86)\free download manager\fdm.exe
FirewallRules: [{31D00BD2-AF45-4E1B-8FD5-89E5B44088E4}] => (Block) M:\program files (x86)\free download manager\fdm.exe
FirewallRules: [{A0924598-58FE-46FA-A8A1-60FD1DA618BA}] => (Allow) M:\Program Files\Halite\Halite.exe
FirewallRules: [TCP Query User{7261A86F-2A25-48DC-878E-ABA339604219}B:\temp\mozopendownload\hfs.exe] => (Allow) B:\temp\mozopendownload\hfs.exe
FirewallRules: [UDP Query User{264C444C-77A6-4B4C-86EB-386217A7B862}B:\temp\mozopendownload\hfs.exe] => (Allow) B:\temp\mozopendownload\hfs.exe
FirewallRules: [{ECE4BD9E-E075-4D5D-B3DA-CD7819ADA9B9}] => (Allow) M:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{27925614-EE31-4402-A4B7-2D56EC8B840E}] => (Allow) M:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{D75C508E-E7A4-42F7-9F95-B171F7EFD21F}] => (Block) M:\Games\Tembo the Badass Elephant\Tembo The Badass Elephant.exe
FirewallRules: [{A1E91B3E-A276-4E9D-BD76-5724EDB18EFC}] => (Allow) M:\Games\Steam\SteamApps\common\Worms Reloaded\WormsReloaded.exe
FirewallRules: [{F2F5A0B3-D8A1-447E-88B0-52F757466A2F}] => (Allow) M:\Games\Steam\SteamApps\common\Worms Reloaded\WormsReloaded.exe
FirewallRules: [{EA560A31-A9E0-4356-9AD2-0EC8EBDA0B46}] => (Allow) M:\Games\Steam\SteamApps\common\Unreal Tournament\System\UnrealTournament.exe
FirewallRules: [{D8767F0C-DC04-4901-B2E7-D41A4B2E850E}] => (Allow) M:\Games\Steam\SteamApps\common\Unreal Tournament\System\UnrealTournament.exe
FirewallRules: [{5D902F96-EAB9-4A65-9769-A0F8ADB3960B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{95A846A8-4CEE-4CEC-9A8A-F558B4D8C164}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3F06409E-24AE-476B-89CE-F0BC56BC21FC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9B20C778-3D43-4464-9969-E45907517074}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7FC58F41-7894-4C15-AB3E-481BE5CD75BA}] => (Block) M:\Games\Trine 3 The Artifacts of Power\trine3_64bit.exe
FirewallRules: [{33F3AADD-F31E-4307-BE48-11D18ECBA39D}] => (Block) M:\Games\Trine 3 The Artifacts of Power\trine3_32bit.exe
FirewallRules: [{660ACE76-CC78-424D-A3F0-1640D22637A1}] => (Block) M:\Games\Trine 3 The Artifacts of Power\trine3_launcher.exe
FirewallRules: [TCP Query User{0E7FB79C-8EAC-48E9-ADF2-C1941E96B5DB}M:\program files\vuze\azureus.exe] => (Block) M:\program files\vuze\azureus.exe
FirewallRules: [UDP Query User{A2F161B0-9851-4656-8291-A7B664DFFBFF}M:\program files\vuze\azureus.exe] => (Block) M:\program files\vuze\azureus.exe
FirewallRules: [{023F5A2A-5189-4841-8332-99CA51500362}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{8864B29C-6D8A-4028-95D7-CBF99A82CC4F}] => (Block) F:\Games\Act of Aggression\ActOfAggression.exe
FirewallRules: [{9AA66804-AAAA-4728-AB35-5DEBBD9C730C}] => (Block) F:\Games\Act of Aggression\unins000.exe
FirewallRules: [{FAC1FAEA-0888-4F8A-A6F9-FA227B60DF70}] => (Allow) M:\Games\Steam\SteamApps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{8BF725F0-1371-4144-B039-C0C89604EAB4}] => (Allow) M:\Games\Steam\SteamApps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [TCP Query User{95A37C24-AE84-42A0-89B5-594944937687}B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpncmd.exe] => (Allow) B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpncmd.exe
FirewallRules: [UDP Query User{0141E4FC-BA4F-4A11-9A20-5B6EF376D63D}B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpncmd.exe] => (Allow) B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpncmd.exe
FirewallRules: [TCP Query User{B0462F46-07E7-425C-A6B2-C015FB0E3FF6}B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpnsmgr.exe] => (Allow) B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpnsmgr.exe
FirewallRules: [UDP Query User{BE8A9421-3A21-4817-AB58-8EB244F33A76}B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpnsmgr.exe] => (Allow) B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpnsmgr.exe
FirewallRules: [{E3B7C074-AB1B-4244-B1C2-1F6D2F2E2FA3}] => (Allow) M:\Games\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{E12E2D98-51B2-482A-9824-B05C64E5BD33}] => (Allow) M:\Games\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
Geändert von CptMw (25.09.2015 um 23:18 Uhr) |
|
26.09.2015, 02:30
| #3 |
| | Win 8.1: Trojaner eingefangenCode:
ATTFilter ==================== Faulty Device Manager Devices =============
Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: WeOnlyDo Network Adapter 2.5
Description: WeOnlyDo Network Adapter 2.5
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: WeOnlyDo Network Provider
Service: wod0205
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/25/2015 10:57:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm clover.exe, Version 3.0.406.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1daf8
Startzeit: 01d0f7d4adafc815
Endzeit: 4294967295
Anwendungspfad: C:\Program Files (x86)\Clover\clover.exe
Berichts-ID: fbae144a-63c7-11e5-82bc-0015833d0a57
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/25/2015 10:55:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm clover.exe, Version 3.0.406.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1d750
Startzeit: 01d0f7d480124ada
Endzeit: 4294967295
Anwendungspfad: C:\Program Files (x86)\Clover\clover.exe
Berichts-ID: c47a2c9f-63c7-11e5-82bc-0015833d0a57
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/25/2015 10:55:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm clover.exe, Version 3.0.406.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 17b4
Startzeit: 01d0f7a4a6dd407e
Endzeit: 3
Anwendungspfad: C:\Program Files (x86)\Clover\clover.exe
Berichts-ID: aebf9672-63c7-11e5-82bc-0015833d0a57
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/25/2015 10:39:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Soma.exe, Version: 0.0.0.0, Zeitstempel: 0x55fff75a
Name des fehlerhaften Moduls: fbxsdk-2012.2.dll, Version: 6.3.9600.18007, Zeitstempel: 0x55c4c16b
Ausnahmecode: 0xc0000135
Fehleroffset: 0x00000000000ec4e0
ID des fehlerhaften Prozesses: 0x1b080
Startzeit der fehlerhaften Anwendung: 0xSoma.exe0
Pfad der fehlerhaften Anwendung: Soma.exe1
Pfad des fehlerhaften Moduls: Soma.exe2
Berichtskennung: Soma.exe3
Vollständiger Name des fehlerhaften Pakets: Soma.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Soma.exe5
Error: (09/25/2015 10:05:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8
Error: (09/25/2015 10:05:43 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (09/25/2015 10:05:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL8
Error: (09/25/2015 10:05:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll8
Error: (09/25/2015 10:05:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\Windows\system32\esentprf.dll8
Error: (09/25/2015 10:05:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
System errors:
=============
Error: (09/25/2015 11:11:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/25/2015 11:11:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "uvnc_service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/25/2015 11:11:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Sandboxie Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/25/2015 11:11:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Sound Blaster Audio Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/25/2015 11:11:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Creative Audio Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/25/2015 11:11:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/25/2015 10:29:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/25/2015 10:29:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (09/25/2015 04:55:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%1062
Error: (09/25/2015 04:54:30 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "Z:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.
CodeIntegrity:
===================================
Date: 2015-07-11 02:34:41.736
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Programme\SysinternalsSuite\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-15 21:34:14.261
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-03-25 01:39:52.738
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-10 15:21:43.872
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-11-29 21:40:08.346
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-11-29 21:39:57.492
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-10-31 12:45:17.155
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-10-31 12:45:08.818
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-10-02 22:09:44.251
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-10-02 22:09:40.509
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 42%
Total physical RAM: 32716.61 MB
Available physical RAM: 18804.97 MB
Total Virtual: 36812.61 MB
Available Virtual: 22366.24 MB
==================== Drives ================================
Drive b: (RAMDisk) (Fixed) (Total:7.99 GB) (Free:7.77 GB) exFAT
Drive c: () (Fixed) (Total:111.45 GB) (Free:32.57 GB) NTFS
Drive f: (Backup) (Fixed) (Total:465.76 GB) (Free:19.61 GB) NTFS
Drive g: (SSD) (Fixed) (Total:59.62 GB) (Free:9.89 GB) NTFS
Drive m: (Data) (Fixed) (Total:931.39 GB) (Free:54.21 GB) NTFS
Drive x: () (Fixed) (Total:1863.01 GB) (Free:40.71 GB) NTFS
Drive z: () (Fixed) (Total:270 GB) (Free:5.98 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 49A204F8)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 3064FF80)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=06)
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 00000001)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
========================================================
Disk: 4 (Size: 59.6 GB) (Disk ID: 000BF271)
Partition 1: (Not Active) - (Size=59.6 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-09-26 00:16:46
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003d Samsung_SSD_840_EVO_120GB rev.EXT0BB6Q 111,79GB
Running: okr3kyhy.exe; Driver: B:\TEMP\kglcypob.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000248300 15 bytes [00, 0B, F2, 01, 00, 06, 6C, ...]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 16 fffff96000248310 8 bytes [00, D7, FB, FF, 00, D3, CD, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!VirtualAlloc 00007ffe094d11c0 7 bytes JMP 00007ffec94c08f8
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!MapViewOfFileEx 00007ffe094d1220 7 bytes JMP 00007ffec94c2578
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!VirtualProtect 00007ffe094d14b0 7 bytes JMP 00007ffec94c0cb8
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!MapViewOfFile 00007ffe094d1780 7 bytes JMP 00007ffec94c24b8
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!LoadLibraryW 00007ffe094d17e0 5 bytes JMP 00007ffec94c03b8
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!LoadLibraryExW 00007ffe094d2aa0 7 bytes JMP 00007ffec94c0538
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!LoadLibraryExA 00007ffe094d2ac0 7 bytes JMP 00007ffec94c0478
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!CreateFileMappingW 00007ffe094d2ad0 7 bytes JMP 00007ffec94c21b8
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!HeapCreate 00007ffe094d31a0 7 bytes JMP 00007ffec94c1078
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!LoadLibraryA 00007ffe094d4960 5 bytes JMP 00007ffec94c02f8
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!CreateFileMappingA 00007ffe094d49f0 7 bytes JMP 00007ffec94c20f8
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!CreateProcessA 00007ffe094d4ab0 7 bytes JMP 00007ffec94c12b8
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!CreateProcessW 00007ffe094d7b30 7 bytes JMP 00007ffec94c1378
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!VirtualAllocEx 00007ffe094ef2e0 7 bytes JMP 00007ffec94c09b8
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!WriteProcessMemory 00007ffe09592250 7 bytes JMP 00007ffec94c1af8
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!LoadPackagedLibrary 00007ffe095acc70 5 bytes JMP 00007ffec94c0778
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!WinExec 00007ffe095af840 5 bytes JMP 00007ffec94c1d38
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!CreateProcessInternalA 00007ffe095afff0 7 bytes JMP 00007ffec94c1438
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!CreateProcessInternalW 00007ffe095b0070 7 bytes JMP 00007ffec94c14f8
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!CreateRemoteThread 00007ffe095b00f0 7 bytes JMP 00007ffec94c17f8
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!VirtualProtectEx 00007ffe095b0d30 7 bytes JMP 00007ffec94c0d78
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!VirtualAlloc 00007ffe08fc1780 1 byte JMP 00007ffec94c0a78
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!VirtualAlloc + 2 00007ffe08fc1782 4 bytes {JMP 0xffffffffc04ff2f8}
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!MapViewOfFileEx 00007ffe08fc1e60 9 bytes JMP 00007ffec94c26f8
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!VirtualProtect 00007ffe08fc4c80 9 bytes JMP 00007ffec94c0e38
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!VirtualProtectEx 00007ffe08fc4cb0 7 bytes JMP 00007ffec94c0ef8
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!MapViewOfFile 00007ffe08fc5e10 9 bytes JMP 00007ffec94c2638
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!CreateFileW 00007ffe08fc7990 12 bytes JMP 00007ffec94c1eb8
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!CreateFileMappingNumaW 00007ffe08fc7f70 7 bytes JMP 00007ffec94c2338
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!CreateFileMappingW 00007ffe08fc80b0 9 bytes JMP 00007ffec94c2278
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe08fc8900 5 bytes JMP 00007ffec94c06b8
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 00007ffe08fc9330 5 bytes JMP 00007ffec94c05f8
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 00007ffe08fdfea0 5 bytes JMP 00007ffec94c18b8
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!HeapCreate 00007ffe08fe04e0 6 bytes JMP 00007ffec94c1138
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!CreateFileA 00007ffe08fe05b0 5 bytes JMP 00007ffec94c1df8
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 00007ffe08ff6d50 5 bytes JMP 00007ffec94c1bb8
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!MapViewOfFileFromApp 00007ffe0900e6a0 7 bytes JMP 00007ffec94c27b8
.text C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!VirtualAllocEx 00007ffe09020960 8 bytes JMP 00007ffec94c0b38
.text M:\Program Files (x86)\ownCloud\owncloud.exe[4432] M:\Program Files (x86)\ownCloud\libocsync.dll!csync_rename_adjust_path + 125 00000000633cb41d 4 bytes [98, E1, ED, 6F]
.text M:\Program Files (x86)\ownCloud\owncloud.exe[4432] M:\Program Files (x86)\ownCloud\libocsync.dll!csync_rename_adjust_path + 250 00000000633cb49a 4 bytes [98, E1, ED, 6F]
.text ... * 5
.text M:\Program Files (x86)\ownCloud\owncloud.exe[4432] M:\Program Files (x86)\ownCloud\libocsync.dll!csync_rename_adjust_path_source + 125 00000000633cb83d 4 bytes [98, E1, ED, 6F]
.text M:\Program Files (x86)\ownCloud\owncloud.exe[4432] M:\Program Files (x86)\ownCloud\libocsync.dll!csync_rename_adjust_path_source + 266 00000000633cb8ca 4 bytes [98, E1, ED, 6F]
.text ... * 5
.text M:\Program Files (x86)\ownCloud\owncloud.exe[4432] M:\Program Files (x86)\ownCloud\libocsync.dll!csync_rename_record + 359 00000000633cbd57 4 bytes [98, E1, ED, 6F]
.text M:\Program Files (x86)\ownCloud\owncloud.exe[4432] M:\Program Files (x86)\ownCloud\libocsync.dll!csync_rename_record + 679 00000000633cbe97 4 bytes [98, E1, ED, 6F]
.text M:\Program Files (x86)\ownCloud\owncloud.exe[4432] M:\Program Files (x86)\ownCloud\libocsync.dll!_ZNSt8_Rb_treeISsSt4pairIKSsSsESt10_Select1stIS2_ESt4lessISsESaIS2_EE22_M_emplace_hint_uniqueIIRKSt21piecewise_construct_tSt5tupleIIOSsEESD_IIEEEEESt17_Rb_tree_iteratorIS2_ESt23_Rb_tree_const_iteratorIS2_EDpOT_ + 38 000000006344ab66 4 bytes [A4, E1, ED, 6F]
.text M:\Program Files (x86)\ownCloud\owncloud.exe[4432] M:\Program Files (x86)\ownCloud\libocsync.dll!_ZNSt8_Rb_treeISsSt4pairIKSsSsESt10_Select1stIS2_ESt4lessISsESaIS2_EE22_M_emplace_hint_uniqueIIRKSt21piecewise_construct_tSt5tupleIIOSsEESD_IIEEEEESt17_Rb_tree_iteratorIS2_ESt23_Rb_tree_const_iteratorIS2_EDpOT_ + 48 000000006344ab70 4 bytes [A4, E1, ED, 6F]
.text ... * 3
.text M:\Program Files (x86)\ownCloud\owncloud.exe[4432] M:\Program Files (x86)\ownCloud\libocsync.dll!_ZNSt8_Rb_treeISsSt4pairIKSsSsESt10_Select1stIS2_ESt4lessISsESaIS2_EE8_M_eraseEPSt13_Rb_tree_nodeIS2_E + 40 000000006344b0a8 4 bytes [98, E1, ED, 6F]
.text M:\Program Files (x86)\ownCloud\owncloud.exe[4432] M:\Program Files (x86)\ownCloud\libocsync.dll!_ZNSt8_Rb_treeISsSt4pairIKSsSsESt10_Select1stIS2_ESt4lessISsESaIS2_EE8_M_eraseEPSt13_Rb_tree_nodeIS2_E + 91 000000006344b0db 4 bytes [98, E1, ED, 6F]
.text M:\Program Files (x86)\Pidgin\pidgin.exe[3196] M:\Program Files (x86)\Pidgin\plugins\.dll!purple_init_plugin + 9 000000005ea71f95 4 bytes [20, B0, 3A, 00]
.text M:\Program Files (x86)\Pidgin\pidgin.exe[3196] M:\Program Files (x86)\Pidgin\plugins\.dll!purple_init_plugin + 130 000000005ea7200e 4 bytes [20, B0, 3A, 00]
.text M:\Program Files (x86)\Pidgin\pidgin.exe[3196] M:\Program Files (x86)\Pidgin\plugins\autoaccept.dll!purple_init_plugin + 10 000000005e8d1ce2 4 bytes [20, B0, 3A, 00]
.text M:\Program Files (x86)\Pidgin\pidgin.exe[3196] M:\Program Files (x86)\Pidgin\plugins\autoaccept.dll!purple_init_plugin + 160 000000005e8d1d78 4 bytes [20, B0, 3A, 00]
.text M:\Program Files (x86)\Pidgin\pidgin.exe[3196] M:\Program Files (x86)\Pidgin\plugins\libgg.dll!purple_init_plugin + 11 000000005e7583ff 4 bytes [20, B0, 3A, 00]
.text M:\Program Files (x86)\Pidgin\pidgin.exe[3196] M:\Program Files (x86)\Pidgin\plugins\libgg.dll!purple_init_plugin + 412 000000005e758590 4 bytes [20, B0, 3A, 00]
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!VirtualAlloc 00007ffe094d11c0 7 bytes JMP 00007ffec94c08f8
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!MapViewOfFileEx 00007ffe094d1220 7 bytes JMP 00007ffec94c2578
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!VirtualProtect 00007ffe094d14b0 7 bytes JMP 00007ffec94c0cb8
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!MapViewOfFile 00007ffe094d1780 7 bytes JMP 00007ffec94c24b8
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!LoadLibraryW 00007ffe094d17e0 8 bytes JMP 00007ffec94c03b8
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!LoadLibraryW + 9 00007ffe094d17e9 3 bytes [CC, CC, CC]
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!LoadLibraryExW 00007ffe094d2aa0 7 bytes JMP 00007ffec94c0538
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!LoadLibraryExA 00007ffe094d2ac0 7 bytes JMP 00007ffec94c0478
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!CreateFileMappingW 00007ffe094d2ad0 7 bytes JMP 00007ffec94c21b8
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!HeapCreate 00007ffe094d31a0 7 bytes JMP 00007ffec94c1078
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!LoadLibraryA 00007ffe094d4960 10 bytes JMP 00007ffec94c02f8
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!CreateFileMappingA 00007ffe094d49f0 7 bytes JMP 00007ffec94c20f8
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!CreateProcessA 00007ffe094d4ab0 7 bytes JMP 00007ffec94c12b8
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!CreateProcessW 00007ffe094d7b30 7 bytes JMP 00007ffec94c1378
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!VirtualAllocEx 00007ffe094ef2e0 7 bytes JMP 00007ffec94c09b8
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!WriteProcessMemory 00007ffe09592250 7 bytes JMP 00007ffec94c1af8
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!LoadPackagedLibrary 00007ffe095acc70 10 bytes JMP 00007ffec94c0778
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!WinExec 00007ffe095af840 10 bytes JMP 00007ffec94c1d38
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!CreateProcessInternalA 00007ffe095afff0 7 bytes JMP 00007ffec94c1438
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!CreateProcessInternalW 00007ffe095b0070 7 bytes JMP 00007ffec94c14f8
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!CreateRemoteThread 00007ffe095b00f0 7 bytes JMP 00007ffec94c17f8
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!VirtualProtectEx 00007ffe095b0d30 7 bytes JMP 00007ffec94c0d78
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!VirtualAlloc 00007ffe08fc1780 1 byte JMP 00007ffec94c0a78
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!VirtualAlloc + 2 00007ffe08fc1782 6 bytes {JMP 0xffffffffc04ff2f8}
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!MapViewOfFileEx 00007ffe08fc1e60 9 bytes JMP 00007ffec94c26f8
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!VirtualProtect 00007ffe08fc4c80 9 bytes JMP 00007ffec94c0e38
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!VirtualProtectEx 00007ffe08fc4cb0 7 bytes JMP 00007ffec94c0ef8
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!MapViewOfFile 00007ffe08fc5e10 9 bytes JMP 00007ffec94c2638
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!CreateFileW 00007ffe08fc7990 12 bytes JMP 00007ffec94c1eb8
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!CreateFileMappingNumaW 00007ffe08fc7f70 7 bytes JMP 00007ffec94c2338
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!CreateFileMappingW 00007ffe08fc80b0 9 bytes JMP 00007ffec94c2278
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffe08fc8900 10 bytes JMP 00007ffec94c06b8
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA 00007ffe08fc9330 10 bytes JMP 00007ffec94c05f8
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 00007ffe08fdfea0 8 bytes JMP 00007ffec94c18b8
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!HeapCreate 00007ffe08fe04e0 13 bytes JMP 00007ffec94c1138
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!CreateFileA 00007ffe08fe05b0 10 bytes JMP 00007ffec94c1df8
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 00007ffe08ff6d50 10 bytes JMP 00007ffec94c1bb8
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!MapViewOfFileFromApp 00007ffe0900e6a0 7 bytes JMP 00007ffec94c27b8
.text C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!VirtualAllocEx 00007ffe09020960 8 bytes JMP 00007ffec94c0b38
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffe08fc14c0 5 bytes JMP 00007fff08fb0914
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!GetSystemTimeAsFileTime 00007ffe08fc1630 3 bytes JMP 00007fff08fb0d53
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!GetSystemTimeAsFileTime + 4 00007ffe08fc1634 1 byte [FF]
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!WriteFile 00007ffe08fc1c50 5 bytes JMP 00007fff08fb0995
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!UnmapViewOfFile 00007ffe08fc1d70 5 bytes JMP 00007fff08fb0f50
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!GetConsoleMode 00007ffe08fc1fa0 5 bytes JMP 00007fff08fb0894
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!GetSystemTime 00007ffe08fc30c0 5 bytes JMP 00007fff08fb0dd4
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!MapViewOfFile 00007ffe08fc5e10 5 bytes JMP 00007fff08fb0f97
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!GetLocalTime 00007ffe08fc6550 5 bytes JMP 00007fff08fb0d93
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!CreateFileW 00007ffe08fc7990 5 bytes JMP 00007fff08fb09da
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!ReadFile 00007ffe08fc7eb0 5 bytes JMP 00007fff08fb0953
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!OpenFileMappingW 00007ffe08fc87c0 5 bytes JMP 00007fff08fb0fd3
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!GetEnvironmentVariableW 00007ffe08fc8d30 5 bytes JMP 00007fff08fb0e53
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!GetEnvironmentStringsW 00007ffe08fca530 5 bytes JMP 00007fff08fb0e13
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetEnvironmentVariableW 00007ffe08fcb4b0 5 bytes JMP 00007fff08fb0ed4
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!TerminateThread 00007ffe08fcc140 5 bytes JMP 00007fff08fb0c13
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetCurrentDirectoryW 00007ffe08fcc950 5 bytes JMP 00007fff08fb0b14
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!CreateProcessW 00007ffe08fcfca0 5 bytes JMP 00007fff08fb0b95
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!GetEnvironmentVariableA 00007ffe08fcfd70 5 bytes JMP 00007fff08fb0e95
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleMode 00007ffe08fd26b0 5 bytes JMP 00007fff08fb0856
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!WriteConsoleW 00007ffe08fd4d80 5 bytes JMP 00007fff08fb0397
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleTitleW 00007ffe08fd4ed0 5 bytes JMP 00007fff08fb07d3
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!TerminateProcess 00007ffe08fe58c0 5 bytes JMP 00007fff08fb0cd3
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleTextAttribute 00007ffe0901fdb0 5 bytes JMP 00007fff08fb0695
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetEnvironmentVariableA 00007ffe09022690 5 bytes JMP 00007fff08fb0f13
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!CreateProcessA 00007ffe090237b0 5 bytes JMP 00007fff08fb0bd5
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!PeekConsoleInputW 00007ffe09024520 5 bytes JMP 00007fff08fb0557
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleCursorPosition 00007ffe090245f0 5 bytes JMP 00007fff08fa0fd5
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!FlushConsoleInputBuffer 00007ffe09024630 5 bytes JMP 00007fff08fb0215
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!GetNumberOfConsoleInputEvents 00007ffe09024670 5 bytes JMP 00007fff08fb0254
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetThreadContext 00007ffe09038e30 4 bytes JMP 00007fff08fb0c58
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffe0903abf0 5 bytes JMP 00007fff08fb0c95
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!WriteConsoleOutputW 00007ffe0903b540 5 bytes JMP 00007fff08fb0657
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!AllocConsole 00007ffe0908f0c0 5 bytes JMP 00007fff08fb0754
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!FreeConsole 00007ffe0908f450 5 bytes JMP 00007fff08fb0719
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!CreateConsoleScreenBuffer 00007ffe0908f4c0 5 bytes JMP 00007fff08fb01d3
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!PeekConsoleInputA 00007ffe0908f7b0 5 bytes JMP 00007fff08fb0517
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA 00007ffe0908f7e0 5 bytes JMP 00007fff08fb0494
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW 00007ffe0908f860 5 bytes JMP 00007fff08fb04d4
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!WriteConsoleInputA 00007ffe0908fa00 5 bytes JMP 00007fff08fb0457
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!WriteConsoleInputW 00007ffe0908fab0 5 bytes JMP 00007fff08fb0417
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!WriteConsoleOutputA 00007ffe0908fad0 5 bytes JMP 00007fff08fb0617
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!WriteConsoleOutputCharacterA 00007ffe0908fb40 5 bytes JMP 00007fff08fb02d7
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!WriteConsoleOutputCharacterW 00007ffe0908fb70 5 bytes JMP 00007fff08fb0297
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!GetLargestConsoleWindowSize 00007ffe0908fd20 5 bytes JMP 00007fff08fb0057
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!ScrollConsoleScreenBufferA 00007ffe0908fd70 5 bytes JMP 00007fff08fb0357
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!ScrollConsoleScreenBufferW 00007ffe0908fe20 5 bytes JMP 00007fff08fb0317
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleActiveScreenBuffer 00007ffe0908fe50 5 bytes JMP 00007fff08fb0195
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleCP 00007ffe0908fe90 5 bytes JMP 00007fff08fa0ed5
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleCursorInfo 00007ffe0908fee0 5 bytes JMP 00007fff08fa0f95
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleOutputCP 00007ffe0908ff30 5 bytes JMP 00007fff08fa0e95
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleScreenBufferInfoEx 00007ffe0908ff80 5 bytes JMP 00007fff08fb0095
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleScreenBufferSize 00007ffe09090080 5 bytes JMP 00007fff08fb0115
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleWindowInfo 00007ffe090900d0 5 bytes JMP 00007fff08fb0155
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffe09090310 5 bytes JMP 00007fff08fb0594
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffe09090540 5 bytes JMP 00007fff08fb05d4
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!WriteConsoleA 00007ffe09090590 5 bytes JMP 00007fff08fb03d7
.text C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetCurrentDirectoryA 00007ffe090a14c0 5 bytes JMP 00007fff08fb0b53
.text C:\Windows\explorer.exe[123448] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\Comctl32.dll!DPA_InsertPtr 00007ffe067f2fd0 5 bytes JMP 00007fff056d0f88
.text C:\Windows\explorer.exe[123448] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\Comctl32.dll!DPA_DeletePtr 00007ffe067f3050 5 bytes JMP 00007fff056d0f48
.text C:\Windows\explorer.exe[123448] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\Comctl32.dll!DPA_Create 00007ffe067f3230 5 bytes JMP 00007fff056d0fc8
.text C:\Windows\explorer.exe[123996] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffe0982d050 5 bytes JMP 00007fff06d40070
.text C:\Windows\explorer.exe[123996] C:\Windows\system32\USER32.dll!GetAncestor 00007ffe0b5412f0 5 bytes JMP 00007fff06d40028
.text C:\Windows\explorer.exe[123996] C:\Windows\SYSTEM32\dwmapi.dll!DwmIsCompositionEnabled 00007ffe06f01410 5 bytes JMP 00007fff06d40010
.text C:\Windows\explorer.exe[123996] C:\Windows\SYSTEM32\UIAutomationCore.dll!UiaReturnRawElementProvider 00007ffdf32e5740 5 bytes JMP 00007ffe06d40040
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [632:3996] fffff960009312d0
---- Processes - GMER 2.1 ----
Library C:\Users\mongole\AppData\Local\KeePass\PluginCache\3CCPp6DCHvRxKsWOsm1T\DataBaseBackup.dll (*** suspicious ***) @ C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [5104] (DataBaseBackup/Francis Noël)(2015-06-06 11:58:40) 000000001c2c0000
Library C:\Users\mongole\AppData\Local\KeePass\PluginCache\PwaUSoqXaMU2Mq5Ih23n\OtpKeyProv.dll (*** suspicious ***) @ C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [5104] (OtpKeyProv/Dominik Reichl)(2015-06-06 11:58:40) 000000001b670000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\Users\mongole\AppData\Roaming\chrome.exe??
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -871816015
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833d0a57
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833d0a57@181eb02e593b 0xEE 0x81 0xAB 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833d0a57@d487d89d7a2f 0x7B 0xF0 0xFD 0x4F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833d0a57@d890e8586158 0x24 0x5E 0x35 0x12 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833d0a57@181eb02f42f1 0x89 0xEE 0x2C 0x1C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833d0a57@a49a5853ec4a 0x39 0x64 0x4B 0x2A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833d0a57@b43a28c20bc0 0x74 0x2F 0x19 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@Tag 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@ImagePath system32\drivers\MBAMSwissArmy.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@Group System Reserved
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy
Reg HKLM\SYSTEM\CurrentControlSet\Services\NdisCap\Parameters@RefCount 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 42345
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@HideIcons 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU@MRUList fedcba
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}\iexplore@Count 2806
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8A6CAA2-533D-4AED-9E05-8EB19A4021AB}\iexplore@Count 2783
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\xxx@xxx.comMessageCount 4
---- EOF - GMER 2.1 ----
Sample des Virus übermittelt an: Sophos, Symantec, ClamAV, Microsoft, Avira, McAfee, Kaspersky, Lavasoft, TrendMicro, Comodo, Baidu, Agnitum, Webroot, Vir.IT, Zoner. SUPERAntiSpyware. In der Hoffnung, bald vernünftige Erkennungsraten und spezifische Removal Instructions zu bekommen  Geändert von CptMw (26.09.2015 um 03:26 Uhr) |
|
28.09.2015, 15:15
| #4 |
| /// the machine /// TB-Ausbilder    | Win 8.1: Trojaner eingefangen hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.09.2015, 15:25
| #5 |
| | Win 8.1: Trojaner eingefangen Hi, hier das Log Code:
ATTFilter 16:21:03.0467 0x1ed8 TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
16:21:08.0358 0x1ed8 ============================================================
16:21:08.0358 0x1ed8 Current date / time: 2015/09/28 16:21:08.0358
16:21:08.0358 0x1ed8 SystemInfo:
16:21:08.0358 0x1ed8
16:21:08.0358 0x1ed8 OS Version: 6.3.9600 ServicePack: 0.0
16:21:08.0358 0x1ed8 Product type: Workstation
16:21:08.0358 0x1ed8 ComputerName: MONGOMACHINE-8
16:21:08.0359 0x1ed8 UserName: mongole
16:21:08.0359 0x1ed8 Windows directory: C:\Windows
16:21:08.0359 0x1ed8 System windows directory: C:\Windows
16:21:08.0359 0x1ed8 Running under WOW64
16:21:08.0359 0x1ed8 Processor architecture: Intel x64
16:21:08.0359 0x1ed8 Number of processors: 8
16:21:08.0359 0x1ed8 Page size: 0x1000
16:21:08.0359 0x1ed8 Boot type: Normal boot
16:21:08.0359 0x1ed8 ============================================================
16:21:16.0006 0x1ed8 KLMD registered as C:\Windows\system32\drivers\51290952.sys
16:21:16.0028 0x1ed8 System UUID: {E559B8D1-DD33-9557-D245-677D1438D609}
16:21:16.0185 0x1ed8 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:21:16.0207 0x1ed8 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:21:16.0229 0x1ed8 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:21:16.0249 0x1ed8 Drive \Device\Harddisk3\DR3 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:21:16.0251 0x1ed8 Drive \Device\Harddisk4\DR4 - Size: 0xEE8156000 ( 59.63 Gb ), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:21:16.0261 0x1ed8 ============================================================
16:21:16.0261 0x1ed8 \Device\Harddisk0\DR0:
16:21:16.0261 0x1ed8 MBR partitions:
16:21:16.0261 0x1ed8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAF000
16:21:16.0261 0x1ed8 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAF800, BlocksNum 0xDEE4800
16:21:16.0261 0x1ed8 \Device\Harddisk1\DR1:
16:21:16.0261 0x1ed8 GPT partitions:
16:21:16.0261 0x1ed8 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {63B9CFEB-4795-499B-AAF5-450B1D464EC4}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
16:21:16.0261 0x1ed8 \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {F3380D9A-D973-4488-A314-3BDB21372412}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x746C6000
16:21:16.0261 0x1ed8 MBR partitions:
16:21:16.0261 0x1ed8 \Device\Harddisk2\DR2:
16:21:16.0261 0x1ed8 MBR partitions:
16:21:16.0261 0x1ed8 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x6, StartLBA 0x800, BlocksNum 0xE8E07800
16:21:16.0261 0x1ed8 \Device\Harddisk3\DR3:
16:21:16.0262 0x1ed8 MBR partitions:
16:21:16.0262 0x1ed8 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
16:21:16.0262 0x1ed8 \Device\Harddisk4\DR4:
16:21:16.0262 0x1ed8 MBR partitions:
16:21:16.0262 0x1ed8 \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x773F800
16:21:16.0262 0x1ed8 ============================================================
16:21:16.0263 0x1ed8 C: <-> \Device\Harddisk0\DR0\Partition2
16:21:16.0271 0x1ed8 G: <-> \Device\Harddisk4\DR4\Partition1
16:21:16.0294 0x1ed8 M: <-> \Device\Harddisk1\DR1\Partition2
16:21:16.0319 0x1ed8 F: <-> \Device\Harddisk3\DR3\Partition1
16:21:16.0319 0x1ed8 ============================================================
16:21:16.0319 0x1ed8 Initialize success
16:21:16.0319 0x1ed8 ============================================================
16:21:43.0146 0x1e90 ============================================================
16:21:43.0146 0x1e90 Scan started
16:21:43.0146 0x1e90 Mode: Manual; SigCheck; TDLFS;
16:21:43.0146 0x1e90 ============================================================
16:21:43.0146 0x1e90 KSN ping started
16:21:45.0504 0x1e90 KSN ping finished: true
16:21:47.0253 0x1e90 ================ Scan system memory ========================
16:21:47.0253 0x1e90 System memory - ok
16:21:47.0254 0x1e90 ================ Scan services =============================
16:21:47.0278 0x1e90 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
16:21:47.0302 0x1e90 1394ohci - ok
16:21:47.0310 0x1e90 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\Windows\system32\drivers\3ware.sys
16:21:47.0320 0x1e90 3ware - ok
16:21:47.0338 0x1e90 [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:21:47.0350 0x1e90 ACPI - ok
16:21:47.0355 0x1e90 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\Windows\system32\Drivers\acpiex.sys
16:21:47.0361 0x1e90 acpiex - ok
16:21:47.0363 0x1e90 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
16:21:47.0368 0x1e90 acpipagr - ok
16:21:47.0370 0x1e90 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
16:21:47.0375 0x1e90 AcpiPmi - ok
16:21:47.0379 0x1e90 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\Windows\System32\drivers\acpitime.sys
16:21:47.0384 0x1e90 acpitime - ok
16:21:47.0421 0x1e90 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\Windows\system32\drivers\ADP80XX.SYS
16:21:47.0462 0x1e90 ADP80XX - ok
16:21:47.0471 0x1e90 [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:21:47.0481 0x1e90 AeLookupSvc - ok
16:21:47.0495 0x1e90 [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD C:\Windows\system32\drivers\afd.sys
16:21:47.0507 0x1e90 AFD - ok
16:21:47.0512 0x1e90 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:21:47.0517 0x1e90 agp440 - ok
16:21:47.0520 0x1e90 [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache C:\Windows\system32\DRIVERS\ahcache.sys
16:21:47.0526 0x1e90 ahcache - ok
16:21:47.0530 0x1e90 [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\Windows\System32\alg.exe
16:21:47.0536 0x1e90 ALG - ok
16:21:47.0541 0x1e90 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
16:21:47.0547 0x1e90 AmdK8 - ok
16:21:47.0554 0x1e90 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
16:21:47.0560 0x1e90 AmdPPM - ok
16:21:47.0567 0x1e90 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:21:47.0574 0x1e90 amdsata - ok
16:21:47.0580 0x1e90 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:21:47.0589 0x1e90 amdsbs - ok
16:21:47.0591 0x1e90 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:21:47.0596 0x1e90 amdxata - ok
16:21:47.0600 0x1e90 [ 4887E13C3154816A9503E34FC05F2804, CA05D85C3B63EEB2836D50FF99CDA70DC56D7F67B4296EC50A7D250BBA2F57C4 ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
16:21:47.0608 0x1e90 AnyDVD - ok
16:21:47.0612 0x1e90 [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\Windows\system32\drivers\appid.sys
16:21:47.0618 0x1e90 AppID - ok
16:21:47.0621 0x1e90 [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:21:47.0627 0x1e90 AppIDSvc - ok
16:21:47.0630 0x1e90 [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo C:\Windows\System32\appinfo.dll
16:21:47.0637 0x1e90 Appinfo - ok
16:21:47.0643 0x1e90 [ 1A8EA3500576DD4B43E9318F10709E0E, 85F8581C319DE241B223366F08A5F9301858DA9DA1A0CAA10ED387A2B99EC216 ] AppMgmt C:\Windows\System32\appmgmts.dll
16:21:47.0652 0x1e90 AppMgmt - ok
16:21:47.0674 0x1e90 [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\Windows\system32\AppReadiness.dll
16:21:47.0686 0x1e90 AppReadiness - ok
16:21:47.0721 0x1e90 [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc C:\Windows\system32\appxdeploymentserver.dll
16:21:47.0742 0x1e90 AppXSvc - ok
16:21:47.0748 0x1e90 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:21:47.0757 0x1e90 arcsas - ok
16:21:47.0759 0x1e90 [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:21:47.0770 0x1e90 AsyncMac - ok
16:21:47.0773 0x1e90 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\Windows\system32\drivers\atapi.sys
16:21:47.0777 0x1e90 atapi - ok
16:21:47.0782 0x1e90 [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
16:21:47.0790 0x1e90 AudioEndpointBuilder - ok
16:21:47.0803 0x1e90 [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:21:47.0821 0x1e90 Audiosrv - ok
16:21:47.0827 0x1e90 [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:21:47.0833 0x1e90 AxInstSV - ok
16:21:47.0856 0x1e90 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:21:47.0887 0x1e90 b06bdrv - ok
16:21:47.0890 0x1e90 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
16:21:47.0895 0x1e90 BasicDisplay - ok
16:21:47.0898 0x1e90 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
16:21:47.0903 0x1e90 BasicRender - ok
16:21:47.0908 0x1e90 [ 2C969095C2827EF4536C7D6FA434F993, 3C1AD826355AB1509DFF74B9168929A98CC207D96F97E356650DF9F9C5ADD9BE ] BazisVirtualCDBus C:\Windows\System32\drivers\BazisVirtualCDBus.sys
16:21:47.0914 0x1e90 BazisVirtualCDBus - ok
16:21:47.0916 0x1e90 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\Windows\System32\drivers\bcmfn2.sys
16:21:47.0919 0x1e90 bcmfn2 - ok
16:21:47.0927 0x1e90 [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC C:\Windows\System32\bdesvc.dll
16:21:47.0936 0x1e90 BDESVC - ok
16:21:47.0938 0x1e90 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\Windows\system32\drivers\Beep.sys
16:21:47.0943 0x1e90 Beep - ok
16:21:47.0956 0x1e90 [ 8F2AD111B47A190F325EE7495D3C1803, C61F1506E74A9EFBB61B8A06B30886B6E891C33211F755F30B924EBA202ECEC5 ] BFE C:\Windows\System32\bfe.dll
16:21:47.0970 0x1e90 BFE - ok
16:21:47.0974 0x1e90 [ 5A98C8DC3947110B792AD91F38EAA4A3, 43C0E7CB0A892A87B2AAF681C29DC2249CD5B4589914DF68122458C4639A04EE ] BfLwf C:\Windows\system32\DRIVERS\bwcW8x64.sys
16:21:47.0980 0x1e90 BfLwf - ok
16:21:48.0001 0x1e90 [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\Windows\System32\qmgr.dll
16:21:48.0019 0x1e90 BITS - ok
16:21:48.0028 0x1e90 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:21:48.0038 0x1e90 Bonjour Service - ok
16:21:48.0045 0x1e90 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:21:48.0051 0x1e90 bowser - ok
16:21:48.0060 0x1e90 [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
16:21:48.0067 0x1e90 BrokerInfrastructure - ok
16:21:48.0072 0x1e90 [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\Windows\System32\browser.dll
16:21:48.0078 0x1e90 Browser - ok
16:21:48.0081 0x1e90 [ 0B2EE8B36081C1039EA3D20B952A8DDC, 4849F424B15CBF2342811D944A599D762D206E33D284429483D9769FD07C3BE7 ] bthav C:\Windows\system32\drivers\bthav.sys
16:21:48.0086 0x1e90 bthav - ok
16:21:48.0089 0x1e90 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
16:21:48.0094 0x1e90 BthAvrcpTg - ok
16:21:48.0097 0x1e90 [ 12418846B057E4F92FC621F5C6CF737D, 0B8B0EADE4F2AD95D450A5C71C287C0F04F33897ABF27D3E3B6428A3C99C7B5D ] BthEnum C:\Windows\System32\drivers\BthEnum.sys
16:21:48.0102 0x1e90 BthEnum - ok
16:21:48.0105 0x1e90 [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
16:21:48.0110 0x1e90 BthHFEnum - ok
16:21:48.0113 0x1e90 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
16:21:48.0117 0x1e90 bthhfhid - ok
16:21:48.0128 0x1e90 [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\Windows\System32\BthHFSrv.dll
16:21:48.0136 0x1e90 BthHFSrv - ok
16:21:48.0139 0x1e90 [ EF4B9E7C9AD88C00C18A12B0D22D1894, 672537E75201E690D86CD65252B8AEF887C76EBD37AB0C419462D69164B350CC ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
16:21:48.0144 0x1e90 BTHMODEM - ok
16:21:48.0148 0x1e90 [ FEA8FC81431AD93F44D5FBFBBF096AA7, C0581DF6B2AD24836604B083F4866F93A3F4D9091D382029948A5E6221EDF788 ] BthPan C:\Windows\System32\drivers\bthpan.sys
16:21:48.0154 0x1e90 BthPan - ok
16:21:48.0178 0x1e90 [ B810B2B39CCA90DC6BF42AF1658AE0D1, D184F927BCFBDE7063A0C9873BF2C174226E1AB5081A7108FCC66210CD117465 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
16:21:48.0197 0x1e90 BTHPORT - ok
16:21:48.0202 0x1e90 [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\Windows\system32\bthserv.dll
16:21:48.0208 0x1e90 bthserv - ok
16:21:48.0211 0x1e90 [ 52A1B7ECAB4C9EF70FD41241691E09D3, F7A5BFE72D3151E73DD9922A76964C08AC1FDCB8460D9A17DCF8B7969006AD42 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
16:21:48.0216 0x1e90 BTHUSB - ok
16:21:48.0221 0x1e90 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:21:48.0227 0x1e90 cdfs - ok
16:21:48.0234 0x1e90 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\Windows\System32\drivers\cdrom.sys
16:21:48.0240 0x1e90 cdrom - ok
16:21:48.0247 0x1e90 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc C:\Windows\System32\certprop.dll
16:21:48.0253 0x1e90 CertPropSvc - ok
16:21:48.0256 0x1e90 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\Windows\System32\drivers\circlass.sys
16:21:48.0261 0x1e90 circlass - ok
16:21:48.0268 0x1e90 [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS C:\Windows\system32\drivers\CLFS.sys
16:21:48.0277 0x1e90 CLFS - ok
16:21:48.0283 0x1e90 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
16:21:48.0288 0x1e90 CmBatt - ok
16:21:48.0297 0x1e90 [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG C:\Windows\system32\Drivers\cng.sys
16:21:48.0310 0x1e90 CNG - ok
16:21:48.0314 0x1e90 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
16:21:48.0319 0x1e90 CompositeBus - ok
16:21:48.0321 0x1e90 COMSysApp - ok
16:21:48.0325 0x1e90 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\Windows\system32\drivers\condrv.sys
16:21:48.0331 0x1e90 condrv - ok
16:21:48.0337 0x1e90 [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:21:48.0343 0x1e90 CryptSvc - ok
16:21:48.0361 0x1e90 [ 9DBC32A45CFA67074432D2AF6C2832B6, B3B26302961A95EDFD4F994D56B1E5A8452266E0C2161D15C1213BBE376227A2 ] CSC C:\Windows\system32\drivers\csc.sys
16:21:48.0373 0x1e90 CSC - ok
16:21:48.0392 0x1e90 [ 86079FF8A3B625ABAEB68841D2BF6FE6, 49FF4D458DF8FAB4ECA8CAD9BBF88C929C8B9AB7F063938A6A332B31F2C0F8EB ] CscService C:\Windows\System32\cscsvc.dll
16:21:48.0406 0x1e90 CscService - ok
16:21:48.0415 0x1e90 [ 51D43B57EA8EFFE5CB1E27E01C100A2F, 68995F291422F2C5A2C9C4C673272754E3AC49ED53D6197675EB9E19028163C5 ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
16:21:48.0423 0x1e90 CTAudSvcService - detected UnsignedFile.Multi.Generic ( 1 )
16:21:50.0975 0x1e90 Detect skipped due to KSN trusted
16:21:50.0975 0x1e90 CTAudSvcService - ok
16:21:51.0005 0x1e90 [ A2D4288A7412D0D6AEA3490FB7D26BC8, 6FF5AAABA159E93E01FE6F5861D07C040DD4808597B85107E426F013DFAFE5AC ] cthda C:\Windows\system32\drivers\cthda.sys
16:21:51.0035 0x1e90 cthda - ok
16:21:51.0047 0x1e90 [ 39DFCFD2C32A7A4F5E3F9C77389F3BE1, 81C06CA42A8E1D495017019E41DE1A5B1DEA450D41BDDFB131EA33E11B60337B ] CtHdaSvc C:\Windows\sysWow64\CtHdaSvc.exe
16:21:51.0056 0x1e90 CtHdaSvc - ok
16:21:51.0058 0x1e90 [ 823702E03DBBADD5488992122EC86D7C, 8EFB9E871EEAD1A2CAE945356C8EC90B52845772BFAC02ACAFA0F8E5CEBB9C40 ] cthdb C:\Windows\system32\DRIVERS\cthdb.sys
16:21:51.0062 0x1e90 cthdb - ok
16:21:51.0068 0x1e90 [ 35D1B1D879926DA06B740547428A45B7, 467915863EAFF1F5C8BFFB3C3FAF6CAAC8E621EFBF399B796F420C7443B3B022 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
16:21:51.0074 0x1e90 ctxusbm - ok
16:21:51.0077 0x1e90 [ 389C998C64319CD97625B0550E52ECFA, DD0EDDD9C8412F78D2D2B648D67DA887C3040E05DF29F48F71299CB68FDDD0F8 ] dam C:\Windows\system32\drivers\dam.sys
16:21:51.0082 0x1e90 dam - ok
16:21:51.0084 0x1e90 dbupdate - ok
16:21:51.0084 0x1e90 dbupdatem - ok
16:21:51.0105 0x1e90 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:21:51.0121 0x1e90 DcomLaunch - ok
16:21:51.0130 0x1e90 [ EDB72F4A46C39452D1A5414F7D26454A, 0B2F863F4119DC88A22CC97C0A136C88A0127CB026751303B045F7322A8972F6 ] dcrypt C:\Windows\system32\drivers\dcrypt.sys
16:21:51.0139 0x1e90 dcrypt - ok
16:21:51.0153 0x1e90 [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\Windows\System32\defragsvc.dll
16:21:51.0164 0x1e90 defragsvc - ok
16:21:51.0180 0x1e90 [ 8C65D844F8B4484A71E220F13A48A3E5, BB09E997839984562CA2E96826578B712DD05EC9C18106AA00B8DB084BF78EE7 ] Desura Install Service C:\Program Files (x86)\Common Files\Desura\desura_service.exe
16:21:51.0200 0x1e90 Desura Install Service - ok
16:21:51.0213 0x1e90 [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\Windows\system32\das.dll
16:21:51.0222 0x1e90 DeviceAssociationService - ok
16:21:51.0230 0x1e90 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
16:21:51.0236 0x1e90 DeviceInstall - ok
16:21:51.0242 0x1e90 [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
16:21:51.0248 0x1e90 Dfsc - ok
16:21:51.0252 0x1e90 [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
16:21:51.0256 0x1e90 dg_ssudbus - ok
16:21:51.0268 0x1e90 [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\Windows\system32\dhcpcore.dll
16:21:51.0278 0x1e90 Dhcp - ok
16:21:51.0299 0x1e90 [ 21EDAD8188372C912B7BB9B1C6CB0D38, 4A102745DE8A2A82D2C069B30503BF9FF2312A035A82854F84EF9C27E3533CEE ] DiagTrack C:\Windows\system32\diagtrack.dll
16:21:51.0324 0x1e90 DiagTrack - ok
16:21:51.0358 0x1e90 [ 2A312D761AE650B1BF1296733E872AAC, A05BB3B3BF2DA68599E593BB4367774A74141DE327092C77BCDA3C0F36C8D6AD ] DirMngr m:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
16:21:51.0364 0x1e90 DirMngr - detected UnsignedFile.Multi.Generic ( 1 )
16:21:54.0803 0x1e90 Detect skipped due to KSN trusted
16:21:54.0803 0x1e90 DirMngr - ok
16:21:54.0811 0x1e90 [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\Windows\system32\drivers\disk.sys
16:21:54.0817 0x1e90 disk - ok
16:21:54.0820 0x1e90 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
16:21:54.0825 0x1e90 dmvsc - ok
16:21:54.0830 0x1e90 [ E9AE4FAE83FB38A2962F9032B24CEB3C, CC7D2D8C97CB779791613D76D6E4AF5D628C948C28BAC584C3C7F6A5A6036FBA ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:21:54.0838 0x1e90 Dnscache - ok
16:21:54.0846 0x1e90 [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\Windows\System32\dot3svc.dll
16:21:54.0854 0x1e90 dot3svc - ok
16:21:54.0862 0x1e90 [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\Windows\system32\dps.dll
16:21:54.0869 0x1e90 DPS - ok
16:21:54.0872 0x1e90 [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:21:54.0876 0x1e90 drmkaud - ok
16:21:54.0884 0x1e90 [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
16:21:54.0892 0x1e90 DsmSvc - ok
16:21:54.0897 0x1e90 [ FD2C67871FE7BCD81622857B2BDA5CB8, E5A4F712DEA37C203F154997821F38942B9AED06D2990A905C34FAD68DC76B26 ] dvblink_tuner C:\Windows\system32\drivers\dvblink_tuner.sys
16:21:54.0904 0x1e90 dvblink_tuner - ok
16:21:54.0945 0x1e90 [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:21:54.0970 0x1e90 DXGKrnl - ok
16:21:54.0973 0x1e90 EagleX64 - ok
16:21:54.0977 0x1e90 [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\Windows\System32\eapsvc.dll
16:21:54.0983 0x1e90 Eaphost - ok
16:21:55.0050 0x1e90 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:21:55.0137 0x1e90 ebdrv - ok
16:21:55.0143 0x1e90 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\Windows\System32\lsass.exe
16:21:55.0151 0x1e90 EFS - ok
16:21:55.0157 0x1e90 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
16:21:55.0162 0x1e90 EhStorClass - ok
16:21:55.0168 0x1e90 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
16:21:55.0174 0x1e90 EhStorTcgDrv - ok
16:21:55.0177 0x1e90 [ BDD265EEB37DF5953A547FE412E2472F, 17EB4FD54D62207937F8CA7454837DBF1EEC867AEDAF201FC2E839A3ED357F4F ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
16:21:55.0181 0x1e90 ElbyCDIO - ok
16:21:55.0183 0x1e90 [ 12B914E8AF6DC6948C54A1FC2C6F4581, CA7EB8CBD374900DB051C6C8A1E3BAC4B35BB56CCD654E86374C96B93F6BA45D ] EMET_Service C:\Program Files (x86)\EMET 5.2\EMET_Service.exe
16:21:55.0188 0x1e90 EMET_Service - ok
16:21:55.0190 0x1e90 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\Windows\System32\drivers\errdev.sys
16:21:55.0195 0x1e90 ErrDev - ok
16:21:55.0212 0x1e90 [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\Windows\system32\es.dll
16:21:55.0224 0x1e90 EventSystem - ok
16:21:55.0234 0x1e90 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\Windows\system32\drivers\exfat.sys
16:21:55.0244 0x1e90 exfat - ok
16:21:55.0255 0x1e90 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:21:55.0262 0x1e90 fastfat - ok
16:21:55.0279 0x1e90 [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\Windows\system32\fxssvc.exe
16:21:55.0292 0x1e90 Fax - ok
16:21:55.0295 0x1e90 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\Windows\System32\drivers\fdc.sys
16:21:55.0300 0x1e90 fdc - ok
16:21:55.0303 0x1e90 [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\Windows\system32\fdPHost.dll
16:21:55.0309 0x1e90 fdPHost - ok
16:21:55.0312 0x1e90 [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\Windows\system32\fdrespub.dll
16:21:55.0318 0x1e90 FDResPub - ok
16:21:55.0323 0x1e90 [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\Windows\system32\fhsvc.dll
16:21:55.0330 0x1e90 fhsvc - ok
16:21:55.0334 0x1e90 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:21:55.0339 0x1e90 FileInfo - ok
16:21:55.0342 0x1e90 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:21:55.0350 0x1e90 Filetrace - ok
16:21:55.0437 0x1e90 [ 78CD0E0DE02981654B8B60F95D791298, 234B0228D712949EA09701C0319FD260203F091B9A9EAA4160F6F58C47BA4A7E ] FileZilla Server m:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
16:21:55.0451 0x1e90 FileZilla Server - ok
16:21:55.0457 0x1e90 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
16:21:55.0462 0x1e90 flpydisk - ok
16:21:55.0472 0x1e90 [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:21:55.0481 0x1e90 FltMgr - ok
16:21:55.0501 0x1e90 [ 1E93CBB75D167CDF85501A8C790097A8, C9E5DD090C94E7855939CE1F416460DB408EFF897C2CD52E0D52A734D8ED18B7 ] FontCache C:\Windows\system32\FntCache.dll
16:21:55.0523 0x1e90 FontCache - ok
16:21:55.0527 0x1e90 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:21:55.0531 0x1e90 FontCache3.0.0.0 - ok
16:21:55.0535 0x1e90 [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:21:55.0539 0x1e90 FsDepends - ok
16:21:55.0542 0x1e90 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:21:55.0546 0x1e90 Fs_Rec - ok
16:21:55.0561 0x1e90 [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:21:55.0573 0x1e90 fvevol - ok
16:21:55.0576 0x1e90 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
16:21:55.0581 0x1e90 FxPPM - ok
16:21:55.0585 0x1e90 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:21:55.0592 0x1e90 gagp30kx - ok
16:21:55.0603 0x1e90 [ 898F20847EFAFA91EB8936D39A9B6F7D, 6BE43ADC7094016B555623F474D70E091751628C0A19A9C2D6C706B0487795D7 ] Garmin Device Interaction Service C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
16:21:55.0617 0x1e90 Garmin Device Interaction Service - ok
16:21:55.0621 0x1e90 [ 3F6F2BEF3880C4CC9A381EE227DA0BBD, 26E7BD7DB254125904911B1E751710C645C770AAB089442678D7ACFC2CDEDB0E ] GDKBBlocker C:\Windows\system32\drivers\GDKBBlocker64.sys
16:21:55.0626 0x1e90 GDKBBlocker - ok
16:21:55.0629 0x1e90 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
16:21:55.0634 0x1e90 gencounter - ok
16:21:56.0185 0x1e90 [ 75E7CCDA9A215B77100500DB56286F87, F6218D556333D5B0C55DD6E23322D61C3749A7621638FFD0AFF3992569C24494 ] GlassWire M:\Program Files (x86)\GlassWire\GWCtlSrv.exe
16:21:56.0416 0x1e90 GlassWire - ok
16:21:56.0428 0x1e90 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
16:21:56.0434 0x1e90 GPIOClx0101 - ok
16:21:56.0471 0x1e90 [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc C:\Windows\System32\gpsvc.dll
16:21:56.0493 0x1e90 gpsvc - ok
16:21:56.0496 0x1e90 GPUZ - ok
16:21:56.0498 0x1e90 [ 77621A3DF170D246DC744CD0767BFAB3, 08BA4984D8B19337A34E4A2BBCE4AD681FDE09D02A6C421A16F5A717AA12CD84 ] gwdrv C:\Windows\system32\DRIVERS\gwdrv.sys
16:21:56.0502 0x1e90 gwdrv - ok
16:21:56.0511 0x1e90 [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:21:56.0521 0x1e90 HdAudAddService - ok
16:21:56.0525 0x1e90 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
16:21:56.0530 0x1e90 HDAudBus - ok
16:21:56.0532 0x1e90 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
16:21:56.0537 0x1e90 HidBatt - ok
16:21:56.0540 0x1e90 [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\Windows\System32\drivers\hidbth.sys
16:21:56.0546 0x1e90 HidBth - ok
16:21:56.0549 0x1e90 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
16:21:56.0554 0x1e90 hidi2c - ok
16:21:56.0558 0x1e90 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\Windows\System32\drivers\hidir.sys
16:21:56.0565 0x1e90 HidIr - ok
16:21:56.0568 0x1e90 [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\Windows\system32\hidserv.dll
16:21:56.0573 0x1e90 hidserv - ok
16:21:56.0575 0x1e90 [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\Windows\System32\drivers\hidusb.sys
16:21:56.0580 0x1e90 HidUsb - ok
16:21:56.0584 0x1e90 [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\Windows\system32\kmsvc.dll
16:21:56.0591 0x1e90 hkmsvc - ok
16:21:56.0598 0x1e90 [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:21:56.0606 0x1e90 HomeGroupListener - ok
16:21:56.0618 0x1e90 [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:21:56.0628 0x1e90 HomeGroupProvider - ok
16:21:56.0634 0x1e90 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:21:56.0640 0x1e90 HpSAMD - ok
16:21:56.0642 0x1e90 [ F47CEC45FB85791D4AB237563AD0FA8F, 1035066D48BD179855BCA7F62EFA1B951E6E839D2E29E15A31844E18A126DD41 ] HTCAND64 C:\Windows\System32\Drivers\ANDROIDUSB.sys
16:21:56.0650 0x1e90 HTCAND64 - ok
16:21:56.0654 0x1e90 [ B8B1B284362E1D8135112573395D5DA5, 97BC6A7B2DCD7CC854B912A85BB2FCF199592E8E16A7C405EAF89B02D5DE4AEE ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
16:21:56.0657 0x1e90 htcnprot - ok
16:21:56.0671 0x1e90 [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:21:56.0690 0x1e90 HTTP - ok
16:21:56.0693 0x1e90 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:21:56.0697 0x1e90 hwpolicy - ok
16:21:56.0699 0x1e90 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
16:21:56.0703 0x1e90 hyperkbd - ok
16:21:56.0706 0x1e90 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
16:21:56.0711 0x1e90 HyperVideo - ok
16:21:56.0716 0x1e90 [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
16:21:56.0722 0x1e90 i8042prt - ok
16:21:56.0724 0x1e90 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
16:21:56.0727 0x1e90 iaLPSSi_GPIO - ok
16:21:56.0733 0x1e90 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\Windows\System32\drivers\iaLPSSi_I2C.sys
16:21:56.0740 0x1e90 iaLPSSi_I2C - ok
16:21:56.0761 0x1e90 [ 9EBE1AE8B3DA91D06BE1971EB37F7DA0, 55B0E66139C966AF0D4955B44363123198C559968C864DA85F6610CF1C844E8D ] iaStorA C:\Windows\system32\drivers\iaStorA.sys
16:21:56.0772 0x1e90 iaStorA - ok
16:21:56.0792 0x1e90 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\Windows\system32\drivers\iaStorAV.sys
16:21:56.0814 0x1e90 iaStorAV - ok
16:21:56.0819 0x1e90 [ D524B034148F14C60F1CA66D267EE56A, 18045270C5CA718501285EE05EDED8B0EF998A881ACF19D9602F91A2A30E40AB ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:21:56.0822 0x1e90 IAStorDataMgrSvc - ok
16:21:56.0838 0x1e90 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:21:56.0858 0x1e90 iaStorV - ok
16:21:56.0863 0x1e90 [ D9A9FFC89F61CAD4AD9EF31FBB17E634, F81184889B30DA8947F22A9C9ED5C542295ED70F0A1C27D1C91BAC21F4BCD987 ] ICCS C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
16:21:56.0870 0x1e90 ICCS - ok
16:21:56.0871 0x1e90 IEEtwCollectorService - ok
16:21:56.0946 0x1e90 iked - ok
16:21:56.0962 0x1e90 [ 1EF41003FADB93DC4170803D70C63A9E, D2B6D51ECE5820EE071176331C6FE5B825255FDD83F1F3136D549648101EC1F3 ] IKEEXT C:\Windows\System32\ikeext.dll
16:21:56.0981 0x1e90 IKEEXT - ok
16:21:57.0134 0x1e90 [ CC2521C1BE66E922196431B77F765178, 07106F575F715F761E01D3788053CBA6E53DD8390CE79BD4F6FC2BCDDC34C982 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:21:57.0295 0x1e90 IntcAzAudAddService - ok
16:21:57.0312 0x1e90 [ 9A6DEB5DDF7E29728F6FEA5092AFA3F2, 21C47A0490EBA302657EF30C560E4AF83777685FFE126DCCAC310163C47401D1 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
16:21:57.0329 0x1e90 Intel(R) Capability Licensing Service TCP IP Interface - ok
16:21:57.0332 0x1e90 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\Windows\system32\drivers\intelide.sys
16:21:57.0336 0x1e90 intelide - ok
16:21:57.0340 0x1e90 [ 7AA01AB1C110916825E6E1389F1B9AF2, E2885955AFA0908E194B1BC364C9582249B2B2AFFF93F17F3414F55B1E5F2C42 ] intelpep C:\Windows\system32\drivers\intelpep.sys
16:21:57.0344 0x1e90 intelpep - ok
16:21:57.0350 0x1e90 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\Windows\System32\drivers\intelppm.sys
16:21:57.0356 0x1e90 intelppm - ok
16:21:57.0362 0x1e90 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:21:57.0369 0x1e90 IpFilterDriver - ok
16:21:57.0395 0x1e90 [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:21:57.0412 0x1e90 iphlpsvc - ok
16:21:57.0416 0x1e90 [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
16:21:57.0422 0x1e90 IPMIDRV - ok
16:21:57.0429 0x1e90 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:21:57.0435 0x1e90 IPNAT - ok
16:21:57.0436 0x1e90 ipsecd - ok
16:21:57.0439 0x1e90 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:21:57.0445 0x1e90 IRENUM - ok
16:21:57.0447 0x1e90 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:21:57.0452 0x1e90 isapnp - ok
16:21:57.0461 0x1e90 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
16:21:57.0469 0x1e90 iScsiPrt - ok
16:21:57.0472 0x1e90 [ 1ECC1A421B0AEBF9A6934451FBFD7848, 1A8DDEC42831C12760CF27FA02EDD06D5CCE25A606E2DECB7D8487B5961B11AC ] ISCT C:\Windows\System32\drivers\ISCTD64.sys
16:21:57.0476 0x1e90 ISCT - ok
16:21:57.0481 0x1e90 [ EC62720A72C1ACD6AB638C0D7D10F431, CB1DC7A7E2247C11D4F40041F889786CD20E0C5CF6EEDFC320F8E9646E974C07 ] iumsvc C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
16:21:57.0486 0x1e90 iumsvc - ok
16:21:57.0491 0x1e90 [ CA295D3E5032DDF8A3CBD1A256E646FA, 03879D331AE446FCF25D0193805A5E0C17764439B5B8FE1D684DDB96B1A358C9 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
16:21:57.0497 0x1e90 jhi_service - ok
16:21:57.0500 0x1e90 [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
16:21:57.0505 0x1e90 kbdclass - ok
16:21:57.0508 0x1e90 [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
16:21:57.0513 0x1e90 kbdhid - ok
16:21:57.0516 0x1e90 [ DB7A09BC90DF20F44F16F8B0F9ED3491, 2DF5E042284D61368A5801B2557351B2C4B1044AA6F966DF4DDCE7B453D1B9AE ] kbldfltr C:\Windows\system32\drivers\kbldfltr.sys
16:21:57.0520 0x1e90 kbldfltr - ok
16:21:57.0522 0x1e90 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
16:21:57.0526 0x1e90 kdnic - ok
16:21:57.0529 0x1e90 [ A23E2A41E729E7752347670BFED12A54, 8E349AE4B7193B8422F1BA6BA516DF2B2451D23DDD20CA11CE43204EE0DBBCBA ] Ke2200 C:\Windows\system32\DRIVERS\e22w8x64.sys
16:21:57.0534 0x1e90 Ke2200 - ok
16:21:57.0537 0x1e90 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\Windows\system32\lsass.exe
16:21:57.0542 0x1e90 KeyIso - ok
16:21:57.0548 0x1e90 [ A6A4F8CFE0796A691789F02423F1281B, B0BF411A627F890D1B6E11D5CD4A75E2A5655FBCDF8AEA639A17F310AE679737 ] Killer Service V2 C:\Program Files\Killer Networking\Network Manager\KillerService.exe
16:21:57.0555 0x1e90 Killer Service V2 - detected UnsignedFile.Multi.Generic ( 1 )
16:21:59.0896 0x1e90 Killer Service V2 ( UnsignedFile.Multi.Generic ) - warning
16:22:02.0449 0x1e90 [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:22:02.0454 0x1e90 KSecDD - ok
16:22:02.0459 0x1e90 [ 46711F40D0F9E63F786ED23F9BD5215E, 1FBC5101D843E5B43184C98B3D9AF3015C9409EEA6C7BB01B143FD08D4946FC0 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:22:02.0466 0x1e90 KSecPkg - ok
16:22:02.0469 0x1e90 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:22:02.0473 0x1e90 ksthunk - ok
16:22:02.0484 0x1e90 [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\Windows\system32\msdtckrm.dll
16:22:02.0493 0x1e90 KtmRm - ok
16:22:02.0504 0x1e90 [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer C:\Windows\system32\srvsvc.dll
16:22:02.0513 0x1e90 LanmanServer - ok
16:22:02.0523 0x1e90 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:22:02.0533 0x1e90 LanmanWorkstation - ok
16:22:02.0543 0x1e90 [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc C:\Windows\System32\GeofenceMonitorService.dll
16:22:02.0554 0x1e90 lfsvc - ok
16:22:02.0557 0x1e90 [ 17325C9B9ADB2BB99049936D0C9812C8, 70ADDC85FD5757BC9C4B97F382B25A19851FF8275021FFC04A81E208A604F83E ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
16:22:02.0562 0x1e90 LGBusEnum - ok
16:22:02.0565 0x1e90 [ 2D7F1C02B94D6F0F3E10107E5EA8E141, 93B266F38C3C3EAAB475D81597ABBD7CC07943035068BB6FD670DBBE15DE0131 ] LGCoreTemp C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys
16:22:02.0568 0x1e90 LGCoreTemp - ok
16:22:02.0571 0x1e90 [ C7AF05942E041D4B1F345ACF79993BB3, E8FAAE356C99A11F6CF17640FD9C67F87AFBFEFB70C458CB85178F2AD94DF848 ] LGJoyXlCore C:\Windows\system32\drivers\LGJoyXlCore.sys
16:22:02.0578 0x1e90 LGJoyXlCore - ok
16:22:02.0582 0x1e90 [ 94AF1384A67B9FCF5651E70BC9D4C526, 9C025F7BBB5BBE9DAF3DEF2F6385CE77C8F413912C4D16930814F6D19B62B367 ] LGSHidFilt C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
16:22:02.0587 0x1e90 LGSHidFilt - ok
16:22:02.0590 0x1e90 [ 1DDB8DE3D6EEF31EDCF4977B2D2FAACC, 24291B522A596E2D9A1CDAC192DB1C7422D5DD0E87E5C8A5F5E2CAA90296BF23 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
16:22:02.0595 0x1e90 LGVirHid - ok
16:22:02.0600 0x1e90 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:22:02.0607 0x1e90 lltdio - ok
16:22:02.0618 0x1e90 [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:22:02.0627 0x1e90 lltdsvc - ok
16:22:02.0630 0x1e90 [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:22:02.0635 0x1e90 lmhosts - ok
16:22:02.0642 0x1e90 [ ED5C8B920F2ACF11A26586B2FA66BF3D, D6F014F0CCAB7EDA38A8CC58F439D2A8CD89195AE84F82E25475CE11CB3883C9 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:22:02.0653 0x1e90 LMS - ok
16:22:02.0658 0x1e90 [ 7E74CE69AEF2F66F037E9000AF1209FB, AF5407AB507EB5F01167D4EFA0B235510F26287159C4594FB3B9CB2D086BDD6E ] LogiRegistryService C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
16:22:02.0664 0x1e90 LogiRegistryService - ok
16:22:02.0671 0x1e90 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:22:02.0680 0x1e90 LSI_SAS - ok
16:22:02.0685 0x1e90 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:22:02.0693 0x1e90 LSI_SAS2 - ok
16:22:02.0697 0x1e90 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\Windows\system32\drivers\lsi_sas3.sys
16:22:02.0705 0x1e90 LSI_SAS3 - ok
16:22:02.0711 0x1e90 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
16:22:02.0720 0x1e90 LSI_SSS - ok
16:22:02.0731 0x1e90 [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\Windows\System32\lsm.dll
16:22:02.0745 0x1e90 LSM - ok
16:22:02.0752 0x1e90 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\Windows\system32\drivers\luafv.sys
16:22:02.0758 0x1e90 luafv - ok
16:22:02.0761 0x1e90 [ A8D28D5B3E2A528D1EF0E338E44F2820, 40D1EFDD253BC0A0D984A5AD8A2721C3E83B15F14D538204714E6D5B00D92CEB ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:22:02.0764 0x1e90 MBAMProtector - ok
16:22:02.0882 0x1e90 [ 83C982A395D00BAFF6515FB38424EA76, 0E1B66F84A483D47550347D4A9426B95A066DB5104C4284F606A16768A11DB0C ] MBAMService m:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
16:22:02.0902 0x1e90 MBAMService - ok
16:22:02.0907 0x1e90 [ 85CFE7AB85B43B6B7AC7961AA3983A9F, 4E88B75818FD00C0ABBDF8E02EBFB550A67B46E5E13D3B3DF52611793F7DA0DD ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
16:22:02.0911 0x1e90 MBAMWebAccessControl - ok
16:22:02.0913 0x1e90 [ 8FF2D95CBA49B405C5DE27039FF0BF35, 03BF7FC7F1C2C76EDB583BA342EA1C325DB8058517744EF2A78529D3938F4DC1 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys
16:22:02.0917 0x1e90 MBfilt - ok
16:22:02.0921 0x1e90 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\Windows\system32\drivers\megasas.sys
16:22:02.0928 0x1e90 megasas - ok
16:22:02.0949 0x1e90 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\Windows\system32\drivers\megasr.sys
16:22:02.0977 0x1e90 megasr - ok
16:22:02.0981 0x1e90 [ 1BC9159CF58BABD89419072EA180A8F6, 6C9AB779C2355A341800A8F93AAAF9B19FAFF444CD6A7BD27C63D53F379A75EF ] MEIx64 C:\Windows\system32\DRIVERS\TeeDriverx64.sys
16:22:02.0986 0x1e90 MEIx64 - ok
16:22:02.0990 0x1e90 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\Windows\system32\mmcss.dll
16:22:02.0997 0x1e90 MMCSS - ok
16:22:03.0000 0x1e90 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\Windows\system32\drivers\modem.sys
16:22:03.0007 0x1e90 Modem - ok
16:22:03.0009 0x1e90 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\Windows\System32\drivers\monitor.sys
16:22:03.0016 0x1e90 monitor - ok
16:22:03.0019 0x1e90 [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass C:\Windows\System32\drivers\mouclass.sys
16:22:03.0024 0x1e90 mouclass - ok
16:22:03.0028 0x1e90 [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid C:\Windows\System32\drivers\mouhid.sys
16:22:03.0032 0x1e90 mouhid - ok
16:22:03.0036 0x1e90 [ 9A788037D768809DFD677F4BA08A224A, E0686B3318F924E440ADA439D6671D44D3FF97C13D45C2E0A3A7B9E23DA38350 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:22:03.0041 0x1e90 mountmgr - ok
16:22:03.0088 0x1e90 MPlayerWWService - ok
16:22:03.0092 0x1e90 [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:22:03.0097 0x1e90 mpsdrv - ok
16:22:03.0115 0x1e90 [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc C:\Windows\system32\mpssvc.dll
16:22:03.0132 0x1e90 MpsSvc - ok
16:22:03.0136 0x1e90 [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:22:03.0142 0x1e90 MRxDAV - ok
16:22:03.0150 0x1e90 [ 6FBDF2B1B025A8E6E069234362FFFFB7, CF1AFC088F59AD61037F4C4650F3BAEE7FE37C40B3A27B903475F005410F8155 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:22:03.0159 0x1e90 mrxsmb - ok
16:22:03.0165 0x1e90 [ BCBD64220AD85C26823453FF1DC3EFBD, 0245E3659E9135B9276F3CCFBEA0CEFFC4F4C0826F6D19B6329057620235F087 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:22:03.0173 0x1e90 mrxsmb10 - ok
16:22:03.0178 0x1e90 [ 57C2473D501331211D6885FD59F3E44B, 10253703DB32A32291C61B6962A79E374B5DF7DD14A6B6AFD08A99EF26206619 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:22:03.0185 0x1e90 mrxsmb20 - ok
16:22:03.0190 0x1e90 [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
16:22:03.0196 0x1e90 MsBridge - ok
16:22:03.0202 0x1e90 [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\Windows\System32\msdtc.exe
16:22:03.0208 0x1e90 MSDTC - ok
16:22:03.0211 0x1e90 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:22:03.0217 0x1e90 Msfs - ok
16:22:03.0220 0x1e90 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
16:22:03.0224 0x1e90 msgpiowin32 - ok
16:22:03.0226 0x1e90 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:22:03.0231 0x1e90 mshidkmdf - ok
16:22:03.0234 0x1e90 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
16:22:03.0239 0x1e90 mshidumdf - ok
16:22:03.0267 0x1e90 [ 390EA2F54CBEC1AB7BAA51F3294E37A8, BF996E3205D600D88485B9074D23EBF7456EE64007C664C9238D2BFACBB6D4C7 ] MSIBIOSData_CC C:\Program Files (x86)\MSI\Command Center\BIOSData\MSIBIOSDataService.exe
16:22:03.0301 0x1e90 MSIBIOSData_CC - ok
16:22:03.0352 0x1e90 [ 7B8D56ADE37DB6A66E2DC8E104B5C7D0, E00A42ECF9D24F2CC341DF2AC1974355925731BDCD6E971785EBA9DEC90F1AAB ] MSIClock_CC C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe
16:22:03.0424 0x1e90 MSIClock_CC - ok
16:22:03.0455 0x1e90 [ 928F8C7A0ADE7E41B4A05A2672FCBFAF, DE29C92B8BAE43EEFB793160BCA7C51889B7ADAC72EF4D4C1570252B8C24DCD7 ] MSICOMM_CC C:\Program Files (x86)\MSI\Command Center\MSICommService.exe
16:22:03.0495 0x1e90 MSICOMM_CC - ok
16:22:03.0547 0x1e90 [ AFF08249D96D797BF1298EE074D4A1B3, 471FA817A3FB1F5C9D4E54C7AB5FA7C49C051EBAB94C3961F0C2ADFFDE1DDA55 ] MSICPU_CC C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe
16:22:03.0611 0x1e90 MSICPU_CC - ok
16:22:03.0642 0x1e90 [ 9100DE93D89D3E57A9F585A79C1B70CC, 378FCBAD9ADBE0C268FBDCB68B2FA0265F6A6C200E129A952A58C696AA312EA3 ] MSICTL_CC C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
16:22:03.0675 0x1e90 MSICTL_CC - ok
16:22:03.0710 0x1e90 [ D7865975915164D09A6D5409D601E174, 36D0067DDE4395A31013929F8F3DBB7F16AD9638F4AB2D12FAA9017BC63265A9 ] MSIDDR_CC C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe
16:22:03.0746 0x1e90 MSIDDR_CC - ok
16:22:03.0751 0x1e90 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:22:03.0755 0x1e90 msisadrv - ok
16:22:03.0761 0x1e90 [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:22:03.0767 0x1e90 MSiSCSI - ok
16:22:03.0769 0x1e90 msiserver - ok
16:22:03.0796 0x1e90 [ E83766864194277B13037D80D3A92CC2, D93C793D49CE6B824885D64E80AC91AABFBFBA0AD990BA2950C925948B456DC6 ] MSISMB_CC C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe
16:22:03.0830 0x1e90 MSISMB_CC - ok
16:22:03.0840 0x1e90 [ E87777FD1ACA88A77E3330FA50B9A3EF, D8BB8F6F3AD7A73380A9134E696F44E0DB786F0708232E5F7C5397028E724622 ] MSISuperIO_CC C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe
16:22:03.0851 0x1e90 MSISuperIO_CC - ok
16:22:03.0882 0x1e90 [ D784D62BFE153792F341F6C37842D3E0, CF7963BD01A35D1DAE070C96C13B8D35ECCD2389B1035789B14D625EE4BB274A ] MSI_ECOSERVICE C:\Program Files (x86)\MSI\ECO Center\ECO_Service.exe
16:22:03.0918 0x1e90 MSI_ECOSERVICE - ok
16:22:03.0941 0x1e90 [ 591591EFF4B05FEC751148BA1FF8B595, 49516EAF3132DD8DB1D0C531E8106BCB585C64A3442A4C6660BE0135C0DC33EC ] MSI_LiveUpdate_Service C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
16:22:03.0970 0x1e90 MSI_LiveUpdate_Service - ok
16:22:03.0975 0x1e90 [ 4C1A0E9B4C6CC09E8C68FD33998013AA, 190ADFCCAE844DB9F807BD9668EB90BE0C9887719DF2820E66D121655AF27614 ] MsKeyboardFilter C:\Windows\System32\KeyboardFilterSvc.dll
16:22:03.0981 0x1e90 MsKeyboardFilter - ok
16:22:03.0983 0x1e90 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:22:03.0989 0x1e90 MSKSSRV - ok
16:22:03.0992 0x1e90 [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
16:22:03.0998 0x1e90 MsLldp - ok
16:22:04.0000 0x1e90 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:22:04.0004 0x1e90 MSPCLOCK - ok
16:22:04.0006 0x1e90 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:22:04.0011 0x1e90 MSPQM - ok
16:22:04.0030 0x1e90 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:22:04.0039 0x1e90 MsRPC - ok
16:22:04.0042 0x1e90 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
16:22:04.0047 0x1e90 mssmbios - ok
16:22:04.0049 0x1e90 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:22:04.0054 0x1e90 MSTEE - ok
16:22:04.0056 0x1e90 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
16:22:04.0061 0x1e90 MTConfig - ok
16:22:04.0067 0x1e90 [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\Windows\system32\Drivers\mup.sys
16:22:04.0072 0x1e90 Mup - ok
16:22:04.0076 0x1e90 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\Windows\system32\drivers\mvumis.sys
16:22:04.0082 0x1e90 mvumis - ok
16:22:04.0095 0x1e90 [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\Windows\system32\qagentRT.dll
16:22:04.0106 0x1e90 napagent - ok
16:22:04.0118 0x1e90 [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:22:04.0130 0x1e90 NativeWifiP - ok
16:22:04.0137 0x1e90 [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\Windows\System32\ncasvc.dll
16:22:04.0144 0x1e90 NcaSvc - ok
16:22:04.0150 0x1e90 [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\Windows\System32\ncbservice.dll
16:22:04.0157 0x1e90 NcbService - ok
16:22:04.0160 0x1e90 [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
16:22:04.0166 0x1e90 NcdAutoSetup - ok
16:22:04.0181 0x1e90 [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:22:04.0202 0x1e90 NDIS - ok
16:22:04.0206 0x1e90 [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:22:04.0211 0x1e90 NdisCap - ok
16:22:04.0216 0x1e90 [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
16:22:04.0222 0x1e90 NdisImPlatform - ok
16:22:04.0224 0x1e90 [ DC1D9F692C2AD84C214584C28501C1F7, 96FC0D1EC48FED963E02648541A2AAC8E72ED00D797EA8E3D0ED02F5EB4816C5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:22:04.0229 0x1e90 NdisTapi - ok
16:22:04.0232 0x1e90 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:22:04.0237 0x1e90 Ndisuio - ok
16:22:04.0239 0x1e90 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\Windows\System32\drivers\NdisVirtualBus.sys
16:22:04.0245 0x1e90 NdisVirtualBus - ok
16:22:04.0254 0x1e90 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:22:04.0262 0x1e90 NdisWan - ok
16:22:04.0270 0x1e90 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\Windows\system32\DRIVERS\ndiswan.sys
16:22:04.0281 0x1e90 NdisWanLegacy - ok
|
|
28.09.2015, 15:25
| #6 |
| | Win 8.1: Trojaner eingefangenCode:
ATTFilter 16:22:04.0284 0x1e90 [ B8F36CBC72FC5C8B8A30AD850165EA8E, 478454B1399700B745265A64EC9C797C66BD0141471200BCF222F5EB15B0F40C ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:22:04.0290 0x1e90 NDProxy - ok
16:22:04.0295 0x1e90 [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\Windows\system32\drivers\Ndu.sys
16:22:04.0301 0x1e90 Ndu - ok
16:22:04.0304 0x1e90 [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:22:04.0310 0x1e90 NetBIOS - ok
16:22:04.0322 0x1e90 [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:22:04.0330 0x1e90 NetBT - ok
16:22:04.0333 0x1e90 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\Windows\system32\lsass.exe
16:22:04.0338 0x1e90 Netlogon - ok
16:22:04.0348 0x1e90 [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\Windows\System32\netman.dll
16:22:04.0356 0x1e90 Netman - ok
16:22:04.0371 0x1e90 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\Windows\System32\netprofmsvc.dll
16:22:04.0382 0x1e90 netprofm - ok
16:22:04.0389 0x1e90 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:22:04.0395 0x1e90 NetTcpPortSharing - ok
16:22:04.0398 0x1e90 [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc C:\Windows\System32\drivers\netvsc63.sys
16:22:04.0404 0x1e90 netvsc - ok
16:22:04.0408 0x1e90 [ FCB80C81BB3C4B6EC9D900F82E2735A8, 176D3F5C28B6BF8CE91BB793AAE381BFAA763AFA221E9E7A02B75CB119A05749 ] NfsClnt C:\Windows\system32\nfsclnt.exe
16:22:04.0413 0x1e90 NfsClnt - ok
16:22:04.0419 0x1e90 [ 46157CC6A87CA5A063535D70FE145AFA, EAF821C6BA1DCEB3ED00AF69CA8209BAE8401A08D8868BAAAA05A7C8E1F95C4E ] NfsRdr C:\Windows\system32\drivers\nfsrdr.sys
16:22:04.0428 0x1e90 NfsRdr - ok
16:22:04.0435 0x1e90 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\Windows\System32\nlasvc.dll
16:22:04.0445 0x1e90 NlaSvc - ok
16:22:04.0447 0x1e90 [ DE7FCC77F4A503AF4CA6A47D49B3713D, 4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6 ] NPF C:\Windows\system32\drivers\npf.sys
16:22:04.0451 0x1e90 NPF - ok
16:22:04.0455 0x1e90 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:22:04.0461 0x1e90 Npfs - ok
16:22:04.0463 0x1e90 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
16:22:04.0468 0x1e90 npsvctrig - ok
16:22:04.0470 0x1e90 [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\Windows\system32\nsisvc.dll
16:22:04.0476 0x1e90 nsi - ok
16:22:04.0479 0x1e90 [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:22:04.0484 0x1e90 nsiproxy - ok
16:22:04.0529 0x1e90 [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:22:04.0561 0x1e90 Ntfs - ok
16:22:04.0565 0x1e90 [ 9638F265B1DDD5DA6ECDF5C0619DCBE6, 3D9E83B189FCF5C3541C62D1F54A0DA0A4E5B62C3243D2989AFC46644056C8E3 ] NTIOLib_ECO C:\Program Files (x86)\MSI\ECO Center\NTIOLib_X64.sys
16:22:04.0568 0x1e90 NTIOLib_ECO - ok
16:22:04.0571 0x1e90 [ 6CCE5BB9C8C2A8293DF2D3B1897941A2, 9254F012009D55F555418FF85F7D93B184AB7CB0E37AECDFDAB62CFE94DEA96B ] NTIOLib_MSIDDR_CC C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys
16:22:04.0574 0x1e90 NTIOLib_MSIDDR_CC - ok
16:22:04.0576 0x1e90 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\Windows\system32\drivers\Null.sys
16:22:04.0581 0x1e90 Null - ok
16:22:04.0732 0x1e90 [ 9A94B3F0DA75AAB7A5D80535A5841D8C, 91D3797163FC855EA9C70EDFCD2AEE4B3883C4D1DBF4D16762DE9873BFEF1500 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:22:04.0902 0x1e90 nvlddmkm - ok
16:22:04.0921 0x1e90 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:22:04.0930 0x1e90 nvraid - ok
16:22:04.0935 0x1e90 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:22:04.0943 0x1e90 nvstor - ok
16:22:04.0959 0x1e90 [ 7B9B5B31CB5BF1C023F7A0EDC85B9EF0, 20A0F48907AD7ABA21D564D1C10EE49BC0B60BD37812666DD9B3EEF4CA3138AE ] nvsvc C:\Windows\system32\nvvsvc.exe
16:22:04.0976 0x1e90 nvsvc - ok
16:22:04.0979 0x1e90 [ DBFE7B2DF103F74AE51840B3C5F25FE9, 436CAA417FD24BA870F117FA4BABA2AB694825795508BCFCC8C927CC2D5BBC5E ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
16:22:04.0983 0x1e90 nvvad_WaveExtensible - ok
16:22:04.0988 0x1e90 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:22:04.0996 0x1e90 nv_agp - ok
16:22:05.0079 0x1e90 [ 2874D22292C6348A30124051FDFB87CC, 0973CCDEB666A50C1AB142FAA3AC046C24896D954C68D6F6FD3CEE35FACB67C0 ] OODefragAgent M:\Program Files\OO Software\Defrag\oodag.exe
16:22:05.0110 0x1e90 OODefragAgent - ok
16:22:05.0125 0x1e90 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:22:05.0134 0x1e90 p2pimsvc - ok
16:22:05.0145 0x1e90 [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc C:\Windows\system32\p2psvc.dll
16:22:05.0155 0x1e90 p2psvc - ok
16:22:05.0161 0x1e90 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\Windows\System32\drivers\parport.sys
16:22:05.0166 0x1e90 Parport - ok
16:22:05.0170 0x1e90 [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:22:05.0175 0x1e90 partmgr - ok
16:22:05.0178 0x1e90 [ 446462BBA744DA60379574926FD51EAB, 4A79E8EF28670333F4733FA0016508DC88E9BDC566B455DA5EDEDC514612180A ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
16:22:05.0182 0x1e90 PassThru Service - detected UnsignedFile.Multi.Generic ( 1 )
16:22:07.0493 0x1e90 Detect skipped due to KSN trusted
16:22:07.0493 0x1e90 PassThru Service - ok
16:22:07.0565 0x1e90 [ D1F41F0CED2BDD82148D4E5269EE01B9, F15B470B5C0DD5983DE2CF00EC5F2BB7797F332C257447D9CF2BC6A00179134F ] pbfilter M:\Program Files\PeerBlock\pbfilter.sys
16:22:07.0569 0x1e90 pbfilter - ok
16:22:07.0585 0x1e90 [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:22:07.0597 0x1e90 PcaSvc - ok
16:22:07.0607 0x1e90 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\Windows\system32\drivers\pci.sys
16:22:07.0615 0x1e90 pci - ok
16:22:07.0618 0x1e90 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\Windows\system32\drivers\pciide.sys
16:22:07.0623 0x1e90 pciide - ok
16:22:07.0628 0x1e90 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:22:07.0634 0x1e90 pcmcia - ok
16:22:07.0637 0x1e90 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\Windows\system32\drivers\pcw.sys
16:22:07.0642 0x1e90 pcw - ok
16:22:07.0645 0x1e90 [ ED54A75050211DC77F9B98C41E026858, F92FB59ADE88469EAA50E91D43165C68CC32FDE11595A0069FD43103A674FE44 ] pdc C:\Windows\system32\drivers\pdc.sys
16:22:07.0651 0x1e90 pdc - ok
16:22:07.0673 0x1e90 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:22:07.0686 0x1e90 PEAUTH - ok
16:22:07.0748 0x1e90 [ A35EC8F902475350DA31BDF0E1402A91, 5AB43B4BD70B44A62FFD21A9D3CB8D1BC035B6E001DBB1BAC30D6D7A07475D83 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:22:07.0780 0x1e90 PeerDistSvc - ok
16:22:07.0792 0x1e90 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:22:07.0797 0x1e90 PerfHost - ok
16:22:07.0833 0x1e90 [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\Windows\system32\pla.dll
16:22:07.0857 0x1e90 pla - ok
16:22:07.0864 0x1e90 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:22:07.0870 0x1e90 PlugPlay - ok
16:22:07.0873 0x1e90 [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:22:07.0878 0x1e90 PNRPAutoReg - ok
16:22:07.0891 0x1e90 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:22:07.0900 0x1e90 PNRPsvc - ok
16:22:07.0915 0x1e90 [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:22:07.0924 0x1e90 PolicyAgent - ok
16:22:07.0980 0x1e90 [ C58AE9881CD83BB1662A7E062E11CBD6, 80969EC975C15718DC14136B7E1533FFD3E1530E1A1F6B1411ED3EE0F55016E6 ] PORTMON M:\Programme\SysinternalsSuite\PORTMSYS.SYS
16:22:07.0982 0x1e90 PORTMON - detected UnsignedFile.Multi.Generic ( 1 )
16:22:09.0645 0x1a58 Object required for P2P: [ 7B9B5B31CB5BF1C023F7A0EDC85B9EF0 ] nvsvc
16:22:10.0289 0x1e90 Detect skipped due to KSN trusted
16:22:10.0289 0x1e90 PORTMON - ok
16:22:10.0295 0x1e90 [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\Windows\system32\umpo.dll
16:22:10.0301 0x1e90 Power - ok
16:22:10.0306 0x1e90 [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:22:10.0316 0x1e90 PptpMiniport - ok
16:22:10.0364 0x1e90 [ 3C96A45CA3403A276B0F045C448EC27B, C0011DB8C5A85817CAF815CC0095EE2C1CDD5964DCD8EAF4C35A2495D6A873CC ] PrintNotify C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
16:22:10.0415 0x1e90 PrintNotify - ok
16:22:10.0422 0x1e90 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\Windows\System32\drivers\processr.sys
16:22:10.0427 0x1e90 Processor - ok
16:22:10.0432 0x1e90 [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc C:\Windows\system32\profsvc.dll
16:22:10.0440 0x1e90 ProfSvc - ok
16:22:10.0445 0x1e90 [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:22:10.0453 0x1e90 Psched - ok
16:22:10.0462 0x1e90 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\Windows\system32\qwave.dll
16:22:10.0470 0x1e90 QWAVE - ok
16:22:10.0474 0x1e90 [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:22:10.0479 0x1e90 QWAVEdrv - ok
16:22:10.0482 0x1e90 [ A8B33F54439997EDB6E3511D92A65CC5, 1EDFC596D24E7785EAD7609D7B3D266BD7C83E62529FA6B8E6CEA8F3AD233EC2 ] RAMDriv C:\Windows\system32\DRIVERS\ramdriv.sys
16:22:10.0486 0x1e90 RAMDriv - ok
16:22:10.0489 0x1e90 [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:22:10.0494 0x1e90 RasAcd - ok
16:22:10.0497 0x1e90 [ 3EE5097945A7F680E320953271EB2D4F, 0B9F2B458177A654F65C5E862B7C55B35E20271B76D5E20A20F30D3223A1216F ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:22:10.0502 0x1e90 RasAgileVpn - ok
16:22:10.0505 0x1e90 [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\Windows\System32\rasauto.dll
16:22:10.0511 0x1e90 RasAuto - ok
16:22:10.0514 0x1e90 [ 1BD3022FD6E450B00DE560265638FD2A, 3878B443053DFFED62641BE8736891F426C7121EB8C4DB38FF0F218697133A6D ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:22:10.0520 0x1e90 Rasl2tp - ok
16:22:10.0535 0x1e90 [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan C:\Windows\System32\rasmans.dll
16:22:10.0547 0x1e90 RasMan - ok
16:22:10.0552 0x1e90 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:22:10.0558 0x1e90 RasPppoe - ok
16:22:10.0562 0x1e90 [ 41F631007A158FEBB67F0E2AD1601BBA, EB5EA7277F4178BC27E55BF850AEBCD84B6BED80B2383CFB29548824AAFED135 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:22:10.0568 0x1e90 RasSstp - ok
16:22:10.0579 0x1e90 [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:22:10.0588 0x1e90 rdbss - ok
16:22:10.0591 0x1e90 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
16:22:10.0596 0x1e90 rdpbus - ok
16:22:10.0603 0x1e90 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:22:10.0611 0x1e90 RDPDR - ok
16:22:10.0615 0x1e90 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:22:10.0619 0x1e90 RdpVideoMiniport - ok
16:22:10.0628 0x1e90 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:22:10.0635 0x1e90 rdyboost - ok
16:22:10.0651 0x1e90 [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS C:\Windows\system32\drivers\ReFS.sys
16:22:10.0669 0x1e90 ReFS - ok
16:22:10.0678 0x1e90 [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:22:10.0685 0x1e90 RemoteAccess - ok
16:22:10.0690 0x1e90 [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:22:10.0696 0x1e90 RemoteRegistry - ok
16:22:10.0701 0x1e90 [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM C:\Windows\System32\drivers\rfcomm.sys
16:22:10.0707 0x1e90 RFCOMM - ok
16:22:10.0711 0x1e90 [ 83A6C2CAFE236652D1559640594A0EA8, 52360F17C9C70C9CEA3316560B40C4D89FD705ED7E6B6088C99FC54D4CC35EB5 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
16:22:10.0716 0x1e90 rpcapd - ok
16:22:10.0720 0x1e90 [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:22:10.0726 0x1e90 RpcEptMapper - ok
16:22:10.0728 0x1e90 [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\Windows\system32\locator.exe
16:22:10.0733 0x1e90 RpcLocator - ok
16:22:10.0755 0x1e90 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs C:\Windows\system32\rpcss.dll
16:22:10.0770 0x1e90 RpcSs - ok
16:22:10.0776 0x1e90 [ D666E0235D51B8C0B26CE9E587AF80E5, AB2D0FC4E702890419BB234E3C646CF90E333B89D172A418294BB95E6CDFBD3E ] RpcXdr C:\Windows\system32\drivers\rpcxdr.sys
16:22:10.0783 0x1e90 RpcXdr - ok
16:22:10.0787 0x1e90 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:22:10.0793 0x1e90 rspndr - ok
16:22:10.0795 0x1e90 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\Windows\System32\drivers\vms3cap.sys
16:22:10.0800 0x1e90 s3cap - ok
16:22:10.0803 0x1e90 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\Windows\system32\lsass.exe
16:22:10.0810 0x1e90 SamSs - ok
16:22:10.0960 0x1e90 [ 4752E1DBF5671A941CFA6DFC4C840EB7, FEA249AA3F153398161DA8A43165E5B76C291B690C3DDF5D496099771842E273 ] SbieDrv m:\Program Files\Sandboxie\SbieDrv.sys
16:22:10.0966 0x1e90 SbieDrv - ok
16:22:11.0044 0x1e90 [ 208D06C26717783E07104F30B9D3F301, 0F020277740B5AC03DC46592896B7B83AE658DAEDD796EDD1109AE4B7C14DF22 ] SbieSvc m:\Program Files\Sandboxie\SbieSvc.exe
16:22:11.0050 0x1e90 SbieSvc - ok
16:22:11.0055 0x1e90 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:22:11.0061 0x1e90 sbp2port - ok
16:22:11.0067 0x1e90 [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:22:11.0075 0x1e90 SCardSvr - ok
16:22:11.0080 0x1e90 [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum C:\Windows\System32\ScDeviceEnum.dll
16:22:11.0087 0x1e90 ScDeviceEnum - ok
16:22:11.0090 0x1e90 [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:22:11.0095 0x1e90 scfilter - ok
16:22:11.0112 0x1e90 [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule C:\Windows\system32\schedsvc.dll
16:22:11.0132 0x1e90 Schedule - ok
16:22:11.0139 0x1e90 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:22:11.0145 0x1e90 SCPolicySvc - ok
16:22:11.0151 0x1e90 [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus C:\Windows\System32\drivers\sdbus.sys
16:22:11.0159 0x1e90 sdbus - ok
16:22:11.0165 0x1e90 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\Windows\System32\drivers\sdstor.sys
16:22:11.0171 0x1e90 sdstor - ok
16:22:11.0173 0x1e90 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:22:11.0180 0x1e90 secdrv - ok
16:22:11.0184 0x1e90 [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon C:\Windows\system32\seclogon.dll
16:22:11.0190 0x1e90 seclogon - ok
16:22:11.0194 0x1e90 [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\Windows\System32\sens.dll
16:22:11.0201 0x1e90 SENS - ok
16:22:11.0209 0x1e90 [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:22:11.0216 0x1e90 SensrSvc - ok
16:22:11.0220 0x1e90 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\Windows\system32\drivers\SerCx.sys
16:22:11.0228 0x1e90 SerCx - ok
16:22:11.0233 0x1e90 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\Windows\system32\drivers\SerCx2.sys
16:22:11.0239 0x1e90 SerCx2 - ok
16:22:11.0241 0x1e90 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\Windows\System32\drivers\serenum.sys
16:22:11.0246 0x1e90 Serenum - ok
16:22:11.0251 0x1e90 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\Windows\System32\drivers\serial.sys
16:22:11.0256 0x1e90 Serial - ok
16:22:11.0259 0x1e90 [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse C:\Windows\System32\drivers\sermouse.sys
16:22:11.0264 0x1e90 sermouse - ok
16:22:11.0276 0x1e90 [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv C:\Windows\system32\sessenv.dll
16:22:11.0287 0x1e90 SessionEnv - ok
16:22:11.0289 0x1e90 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
16:22:11.0294 0x1e90 sfloppy - ok
16:22:11.0308 0x1e90 [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:22:11.0320 0x1e90 SharedAccess - ok
16:22:11.0339 0x1e90 [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:22:11.0357 0x1e90 ShellHWDetection - ok
16:22:11.0361 0x1e90 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:22:11.0366 0x1e90 SiSRaid2 - ok
16:22:11.0369 0x1e90 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:22:11.0377 0x1e90 SiSRaid4 - ok
16:22:11.0380 0x1e90 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\Windows\System32\smphost.dll
16:22:11.0385 0x1e90 smphost - ok
16:22:11.0389 0x1e90 [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:22:11.0394 0x1e90 SNMPTRAP - ok
16:22:11.0407 0x1e90 [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport C:\Windows\system32\drivers\spaceport.sys
16:22:11.0416 0x1e90 spaceport - ok
16:22:11.0420 0x1e90 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
16:22:11.0425 0x1e90 SpbCx - ok
16:22:11.0439 0x1e90 [ 2E3976C857D7230EC8D2B2276E688255, C0A6A84369CB3E709A6FFEBED2B38AB62D731B79D052D6D6FA8EF855BC428778 ] Spooler C:\Windows\System32\spoolsv.exe
16:22:11.0454 0x1e90 Spooler - ok
16:22:11.0533 0x1e90 [ 46549AF7CB672BC8138264CC4100E9F8, 6434249FADB07A033FD40C37DF2B775CF0617CF0C3E7C170F2984BD3CE423794 ] sppsvc C:\Windows\system32\sppsvc.exe
16:22:11.0639 0x1e90 sppsvc - ok
16:22:11.0657 0x1e90 [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:22:11.0669 0x1e90 srv - ok
16:22:11.0686 0x1e90 [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:22:11.0699 0x1e90 srv2 - ok
16:22:11.0707 0x1e90 [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:22:11.0714 0x1e90 srvnet - ok
16:22:11.0722 0x1e90 [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:22:11.0730 0x1e90 SSDPSRV - ok
16:22:11.0732 0x1e90 [ 0211AB46B73A2623B86C1CFCB30579AB, 7CC9BA2DF7B9EA6BB17EE342898EDD7F54703B93B6DED6A819E83A7EE9F938B4 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
16:22:11.0735 0x1e90 SSPORT - ok
16:22:11.0741 0x1e90 [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:22:11.0747 0x1e90 SstpSvc - ok
16:22:11.0752 0x1e90 [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
16:22:11.0758 0x1e90 ssudmdm - ok
16:22:11.0769 0x1e90 [ CE21C361EAA587AC778AD7422FFC3E84, AE8DB90661E67BDAB1A6E75341DEF27DF0FDA1765576D1260EC1384419628CE5 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
16:22:11.0783 0x1e90 Steam Client Service - ok
16:22:11.0786 0x1e90 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:22:11.0790 0x1e90 stexstor - ok
16:22:11.0793 0x1e90 [ 8F3C0CCF27CFFE89424F30E9FB3381AB, 74E54541B4A16DC97098428E1715A27557BAB97E05AF346F88958580199C1541 ] StillCam C:\Windows\System32\drivers\serscan.sys
16:22:11.0798 0x1e90 StillCam - ok
16:22:11.0813 0x1e90 [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\Windows\System32\wiaservc.dll
16:22:11.0826 0x1e90 stisvc - ok
16:22:11.0831 0x1e90 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\Windows\system32\drivers\storahci.sys
16:22:11.0840 0x1e90 storahci - ok
16:22:11.0843 0x1e90 [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:22:11.0848 0x1e90 storflt - ok
16:22:11.0850 0x1e90 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\Windows\system32\drivers\stornvme.sys
16:22:11.0855 0x1e90 stornvme - ok
16:22:11.0858 0x1e90 [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\Windows\system32\storsvc.dll
16:22:11.0864 0x1e90 StorSvc - ok
16:22:11.0867 0x1e90 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:22:11.0872 0x1e90 storvsc - ok
16:22:11.0875 0x1e90 [ 7D123389FCD97D84881BA9C07012BA0C, 044442D8FCFE7935A025602F817C726576BA1C515CB594C4320A8AC6D8DA8F41 ] storvsp C:\Windows\System32\drivers\storvsp.sys
16:22:11.0880 0x1e90 storvsp - ok
16:22:11.0883 0x1e90 [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\Windows\system32\svsvc.dll
16:22:11.0888 0x1e90 svsvc - ok
16:22:11.0890 0x1e90 [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\Windows\System32\drivers\swenum.sys
16:22:11.0894 0x1e90 swenum - ok
16:22:11.0912 0x1e90 [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\Windows\System32\swprv.dll
16:22:11.0927 0x1e90 swprv - ok
16:22:11.0986 0x1e90 [ 6843FF634C373DE7F150E144054ABE1C, 33CA8155A32A174B446FDE08F3F57A69DC928F3BFCBEE1C1DA569BACB541975C ] Synergy M:\Program Files\Synergy\synergyd.exe
16:22:11.0993 0x1e90 Synergy - detected UnsignedFile.Multi.Generic ( 1 )
16:22:12.0093 0x1a58 Object send P2P result: true
16:22:14.0298 0x1e90 Detect skipped due to KSN trusted
16:22:14.0299 0x1e90 Synergy - ok
16:22:14.0302 0x1e90 [ 25F0DA8E7F26416FDB5D77592B5C1A8B, 99E7ACA2FA0E3D98BA30947F7E7A59662D36048D9EB83E5BA04D643033B84DB5 ] Synth3dVsc C:\Windows\System32\drivers\Synth3dVsc.sys
16:22:14.0307 0x1e90 Synth3dVsc - ok
16:22:14.0324 0x1e90 [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain C:\Windows\system32\sysmain.dll
16:22:14.0345 0x1e90 SysMain - ok
16:22:14.0352 0x1e90 [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
16:22:14.0360 0x1e90 SystemEventsBroker - ok
16:22:14.0364 0x1e90 [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:22:14.0371 0x1e90 TabletInputService - ok
16:22:14.0382 0x1e90 [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\Windows\System32\tapisrv.dll
16:22:14.0390 0x1e90 TapiSrv - ok
16:22:14.0421 0x1e90 [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:22:14.0468 0x1e90 Tcpip - ok
16:22:14.0500 0x1e90 [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:22:14.0550 0x1e90 TCPIP6 - ok
16:22:14.0554 0x1e90 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:22:14.0561 0x1e90 tcpipreg - ok
16:22:14.0567 0x1e90 [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:22:14.0573 0x1e90 tdx - ok
16:22:14.0643 0x1e90 [ CFC9B7B465283378D374D5E380D5D244, 5E66A62C6A6272B65181F116031AA80E8DCEDA3B7E2C1130DD631347DF644D79 ] TeamViewer C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
16:22:14.0731 0x1e90 TeamViewer - ok
16:22:14.0737 0x1e90 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\Windows\System32\drivers\terminpt.sys
16:22:14.0742 0x1e90 terminpt - ok
16:22:14.0768 0x1e90 [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService C:\Windows\System32\termsrv.dll
16:22:14.0786 0x1e90 TermService - ok
16:22:14.0790 0x1e90 [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\Windows\system32\themeservice.dll
16:22:14.0796 0x1e90 Themes - ok
16:22:14.0799 0x1e90 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\Windows\system32\mmcss.dll
16:22:14.0805 0x1e90 THREADORDER - ok
16:22:14.0815 0x1e90 [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
16:22:14.0822 0x1e90 TimeBroker - ok
16:22:14.0828 0x1e90 [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM C:\Windows\system32\drivers\tpm.sys
16:22:14.0834 0x1e90 TPM - ok
16:22:14.0839 0x1e90 [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\Windows\System32\trkwks.dll
16:22:14.0845 0x1e90 TrkWks - ok
16:22:14.0853 0x1e90 [ 370A6907DDF79532A39319492B1FA38A, 46AECC5160F04FC3FFE4D37B404CCBBD1C5DC1501C2CEEE8284FF544DBDF10F8 ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
16:22:14.0862 0x1e90 truecrypt - ok
16:22:14.0865 0x1e90 [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:22:14.0871 0x1e90 TrustedInstaller - ok
16:22:14.0874 0x1e90 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:22:14.0879 0x1e90 TsUsbFlt - ok
16:22:14.0883 0x1e90 [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
16:22:14.0888 0x1e90 TsUsbGD - ok
16:22:14.0892 0x1e90 [ 4A445D5E44CD996D18E128EF321D54B2, 7B5F504F34B0CBBD1D4B0F3634F707F4876D6B14B41EEEB09AEAA4BDDC75FDDD ] tsusbhub C:\Windows\System32\drivers\tsusbhub.sys
16:22:14.0898 0x1e90 tsusbhub - ok
16:22:14.0903 0x1e90 [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:22:14.0910 0x1e90 tunnel - ok
16:22:14.0913 0x1e90 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:22:14.0918 0x1e90 uagp35 - ok
16:22:14.0922 0x1e90 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
16:22:14.0927 0x1e90 UASPStor - ok
16:22:14.0934 0x1e90 [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
16:22:14.0940 0x1e90 UCX01000 - ok
16:22:14.0946 0x1e90 [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:22:14.0954 0x1e90 udfs - ok
16:22:14.0976 0x1e90 [ CA26ECD9524C558A3E633F4CCE54617B, 8039FA9013DAEBD0F3A7708AEC3143DA6CDA6CA544ABE40425B40B7F41B90F20 ] UDST7000BDA C:\Windows\system32\DRIVERS\TerraTecUsbBda.sys
16:22:15.0000 0x1e90 UDST7000BDA - ok
16:22:15.0003 0x1e90 [ B066AC204336D85F19BF881B8B450391, E533B038EC6E72798C8C2250218B3577671BE4DB21C062E81FC87735C22BAD77 ] UDST7000HID C:\Windows\System32\drivers\TerraTecUsbHid.sys
16:22:15.0006 0x1e90 UDST7000HID - ok
16:22:15.0008 0x1e90 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\Windows\System32\drivers\UEFI.sys
16:22:15.0013 0x1e90 UEFI - ok
16:22:15.0017 0x1e90 [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:22:15.0023 0x1e90 UI0Detect - ok
16:22:15.0025 0x1e90 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:22:15.0031 0x1e90 uliagpkx - ok
16:22:15.0034 0x1e90 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\Windows\System32\drivers\umbus.sys
16:22:15.0039 0x1e90 umbus - ok
16:22:15.0041 0x1e90 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\Windows\System32\drivers\umpass.sys
16:22:15.0046 0x1e90 UmPass - ok
16:22:15.0055 0x1e90 [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService C:\Windows\System32\umrdp.dll
16:22:15.0064 0x1e90 UmRdpService - ok
16:22:15.0066 0x1e90 [ 9DC07E73A4ABB9ACF692113B36A5009F, CA7176FC219515D58DCFA66EC61880ECE5617275C9B83701BB74D8B60E733D34 ] UnlockerDriver5 c:\Program Files\Unlocker\UnlockerDriver5.sys
16:22:15.0069 0x1e90 UnlockerDriver5 - ok
16:22:15.0082 0x1e90 [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\Windows\System32\upnphost.dll
16:22:15.0093 0x1e90 upnphost - ok
16:22:15.0099 0x1e90 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
16:22:15.0105 0x1e90 usbccgp - ok
16:22:15.0109 0x1e90 [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\Windows\System32\drivers\usbcir.sys
16:22:15.0114 0x1e90 usbcir - ok
16:22:15.0118 0x1e90 [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci C:\Windows\System32\drivers\usbehci.sys
16:22:15.0124 0x1e90 usbehci - ok
16:22:15.0136 0x1e90 [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub C:\Windows\System32\drivers\usbhub.sys
16:22:15.0146 0x1e90 usbhub - ok
16:22:15.0157 0x1e90 [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
16:22:15.0168 0x1e90 USBHUB3 - ok
16:22:15.0172 0x1e90 [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci C:\Windows\System32\drivers\usbohci.sys
16:22:15.0176 0x1e90 usbohci - ok
16:22:15.0179 0x1e90 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\Windows\System32\drivers\usbprint.sys
16:22:15.0184 0x1e90 usbprint - ok
16:22:15.0189 0x1e90 [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
16:22:15.0195 0x1e90 USBSTOR - ok
16:22:15.0198 0x1e90 [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
16:22:15.0203 0x1e90 usbuhci - ok
16:22:15.0210 0x1e90 [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
16:22:15.0219 0x1e90 USBXHCI - ok
16:22:15.0305 0x1e90 [ 470295FBBFB97EF104AA5AE409802165, 2BA34D54A68A5EE862EF7075A8FF4042546C85C6984C6F75B3ADEB1932287B30 ] uvnc_service m:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe
16:22:15.0335 0x1e90 uvnc_service - ok
16:22:15.0341 0x1e90 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\Windows\system32\lsass.exe
16:22:15.0346 0x1e90 VaultSvc - ok
16:22:15.0359 0x1e90 [ FA778992885636644FAE843E479A6774, C43789E3500F7B20D3AA234F806EEDC77C29AD71289FA1ADA6B2527978CC58A8 ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
16:22:15.0376 0x1e90 VBoxDrv - ok
16:22:15.0380 0x1e90 [ 63A1DDA8A5B1229A9F7A301EF9385909, D9053B0E311C34DC5ECAEFB34B8522F34C0627FFC547B0271313F570F20B9BF8 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys
16:22:15.0384 0x1e90 VBoxNetAdp - ok
16:22:15.0387 0x1e90 VBoxNetFlt - ok
16:22:15.0391 0x1e90 [ 5269C8EAA3499A3D371BEA543955540F, 4E02FC198F1F4E202989628657658C5354C4F9B2CA37A49425C7A617A8DD85A2 ] VBoxNetLwf C:\Windows\system32\DRIVERS\VBoxNetLwf.sys
16:22:15.0396 0x1e90 VBoxNetLwf - ok
16:22:15.0399 0x1e90 [ 7CA9F135666CE16742547271CD399557, 3BEAD11758DE731600088D2A5F0FAA6C38719DCC8B101F4B2BFDF3C0067C0751 ] VBoxUSB C:\Windows\System32\Drivers\VBoxUSB.sys
16:22:15.0404 0x1e90 VBoxUSB - ok
16:22:15.0408 0x1e90 [ 38450E440C613D0C88FD29716E159F68, 797DB2242E5AC2D126130E295B4AF832A394AAC43F0E21811CC94EE8A009C479 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
16:22:15.0413 0x1e90 VBoxUSBMon - ok
16:22:15.0416 0x1e90 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:22:15.0421 0x1e90 vdrvroot - ok
16:22:15.0448 0x1e90 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\Windows\System32\vds.exe
16:22:15.0474 0x1e90 vds - ok
16:22:15.0479 0x1e90 [ 7DDDC7BA58D226706553921D16C68E18, 8BAE0C47E7DA7E510254B485F091FC96124EA334845A09986901EE55E6C2C525 ] veracrypt C:\Windows\system32\drivers\veracrypt.sys
16:22:15.0486 0x1e90 veracrypt - ok
16:22:15.0491 0x1e90 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
16:22:15.0498 0x1e90 VerifierExt - ok
16:22:15.0500 0x1e90 [ E4DA1D85CCCB610DFF0C0E116900E17F, 874EB88B9E2743654094F04AB04C254BBDFBCDECBB200514E73F696098B847F3 ] vflt C:\Windows\system32\DRIVERS\vfilter.sys
16:22:15.0505 0x1e90 vflt - ok
16:22:15.0520 0x1e90 [ F6ECFD6128A16A4851CFE98D4E01B011, C349893E8D7FB9B510A3FAD040F70C3C72B0ACDD5F6EB336951849F9E953717D ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
16:22:15.0535 0x1e90 vhdmp - ok
16:22:15.0539 0x1e90 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\Windows\system32\drivers\viaide.sys
16:22:15.0542 0x1e90 viaide - ok
16:22:15.0548 0x1e90 [ 3CE922E34DB12D9F3C0EA856BC09687C, E50A1885FBC775E49614989ECFEA4ACBBDDA16AF459CC5361EED9E23CC7CD42C ] Vid C:\Windows\System32\drivers\Vid.sys
16:22:15.0555 0x1e90 Vid - ok
16:22:15.0558 0x1e90 [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:22:15.0564 0x1e90 vmbus - ok
16:22:15.0566 0x1e90 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
16:22:15.0571 0x1e90 VMBusHID - ok
16:22:15.0576 0x1e90 [ 68F8C26DEA2D42E8DEC0778943433C80, 81E8F9D62815F94952CEEABD0689473CC330F7890F66872DCD35A43C06ED33CD ] vmbusr C:\Windows\System32\drivers\vmbusr.sys
16:22:15.0584 0x1e90 vmbusr - ok
16:22:15.0597 0x1e90 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
16:22:15.0609 0x1e90 vmicguestinterface - ok
16:22:15.0625 0x1e90 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\Windows\System32\ICSvc.dll
16:22:15.0639 0x1e90 vmicheartbeat - ok
16:22:15.0654 0x1e90 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
16:22:15.0670 0x1e90 vmickvpexchange - ok
16:22:15.0684 0x1e90 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\Windows\System32\ICSvc.dll
16:22:15.0698 0x1e90 vmicrdv - ok
16:22:15.0712 0x1e90 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\Windows\System32\ICSvc.dll
16:22:15.0724 0x1e90 vmicshutdown - ok
16:22:15.0737 0x1e90 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\Windows\System32\ICSvc.dll
16:22:15.0747 0x1e90 vmictimesync - ok
16:22:15.0761 0x1e90 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\Windows\System32\ICSvc.dll
16:22:15.0772 0x1e90 vmicvss - ok
16:22:15.0775 0x1e90 [ A99CA064AD11266FE7067A79BF78BBB5, B5AFFBA1A9A6E51639A89B9F6C0678E70F73D2BF37D5F88F4AD45DFC6798597D ] vnet C:\Windows\system32\DRIVERS\virtualnet.sys
16:22:15.0779 0x1e90 vnet - ok
16:22:15.0784 0x1e90 [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:22:15.0789 0x1e90 volmgr - ok
16:22:15.0799 0x1e90 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:22:15.0808 0x1e90 volmgrx - ok
16:22:15.0818 0x1e90 [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:22:15.0827 0x1e90 volsnap - ok
16:22:15.0830 0x1e90 [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci C:\Windows\System32\drivers\vpci.sys
16:22:15.0835 0x1e90 vpci - ok
16:22:15.0838 0x1e90 [ ADBE96C33D1A5BB1BBAF90B4BC84F523, 6E9C9ED3D51E4B6E494D42ECA6F824AD86D676C12C39BBE6B8BD96366BCB02DA ] vpcivsp C:\Windows\System32\drivers\vpcivsp.sys
16:22:15.0844 0x1e90 vpcivsp - ok
16:22:15.0849 0x1e90 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:22:15.0858 0x1e90 vsmraid - ok
16:22:15.0881 0x1e90 [ 3B7F9612439EA47151EC5EAB232C1C3F, CA08CCB14CB46512F72E2C20454242B18BC57E34C55B42A37B7EC27B79242CDC ] VSS C:\Windows\system32\vssvc.exe
16:22:15.0904 0x1e90 VSS - ok
16:22:15.0912 0x1e90 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
16:22:15.0922 0x1e90 VSTXRAID - ok
16:22:15.0925 0x1e90 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:22:15.0930 0x1e90 vwifibus - ok
16:22:15.0941 0x1e90 [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\Windows\system32\w32time.dll
16:22:15.0952 0x1e90 W32Time - ok
16:22:15.0956 0x1e90 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\Windows\System32\drivers\wacompen.sys
16:22:15.0961 0x1e90 WacomPen - ok
16:22:15.0964 0x1e90 [ 23006D660C0E54BF1CE8253E15F5E995, 4FA7ED2F6B29BACBE2BB43C79FC8231C4C59F27C79AB09DB07BBFE36B35689E5 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:22:15.0969 0x1e90 WANARP - ok
16:22:15.0971 0x1e90 [ 23006D660C0E54BF1CE8253E15F5E995, 4FA7ED2F6B29BACBE2BB43C79FC8231C4C59F27C79AB09DB07BBFE36B35689E5 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:22:15.0976 0x1e90 Wanarpv6 - ok
16:22:16.0011 0x1e90 [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine C:\Windows\system32\wbengine.exe
16:22:16.0035 0x1e90 wbengine - ok
16:22:16.0048 0x1e90 [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:22:16.0059 0x1e90 WbioSrvc - ok
16:22:16.0070 0x1e90 [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
16:22:16.0080 0x1e90 Wcmsvc - ok
16:22:16.0090 0x1e90 [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:22:16.0100 0x1e90 wcncsvc - ok
16:22:16.0104 0x1e90 [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:22:16.0110 0x1e90 WcsPlugInService - ok
16:22:16.0113 0x1e90 [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
16:22:16.0117 0x1e90 WdBoot - ok
16:22:16.0136 0x1e90 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:22:16.0150 0x1e90 Wdf01000 - ok
16:22:16.0156 0x1e90 [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
16:22:16.0164 0x1e90 WdFilter - ok
16:22:16.0168 0x1e90 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:22:16.0175 0x1e90 WdiServiceHost - ok
16:22:16.0179 0x1e90 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:22:16.0186 0x1e90 WdiSystemHost - ok
16:22:16.0190 0x1e90 [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv C:\Windows\system32\Drivers\WdNisDrv.sys
16:22:16.0195 0x1e90 WdNisDrv - ok
16:22:16.0197 0x1e90 WdNisSvc - ok
16:22:16.0202 0x1e90 [ 40F83492DB9ABBA59773A45FB487C8B2, 0D0DE0B0C9B929FEFD2674CCF17F5F2FC4B16EAB8E1981BBCE51B0305FD7D75E ] WebClient C:\Windows\System32\webclnt.dll
16:22:16.0209 0x1e90 WebClient - ok
16:22:16.0215 0x1e90 [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:22:16.0222 0x1e90 Wecsvc - ok
16:22:16.0226 0x1e90 [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\Windows\system32\wephostsvc.dll
16:22:16.0232 0x1e90 WEPHOSTSVC - ok
16:22:16.0235 0x1e90 [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:22:16.0242 0x1e90 wercplsupport - ok
16:22:16.0248 0x1e90 [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\Windows\System32\WerSvc.dll
16:22:16.0255 0x1e90 WerSvc - ok
16:22:16.0259 0x1e90 [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
16:22:16.0265 0x1e90 WFPLWFS - ok
16:22:16.0269 0x1e90 [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\Windows\System32\wiarpc.dll
16:22:16.0275 0x1e90 WiaRpc - ok
16:22:16.0277 0x1e90 [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:22:16.0282 0x1e90 WIMMount - ok
16:22:16.0283 0x1e90 WinDefend - ok
16:22:16.0307 0x1e90 [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
16:22:16.0322 0x1e90 WinHttpAutoProxySvc - ok
16:22:16.0332 0x1e90 [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:22:16.0340 0x1e90 Winmgmt - ok
16:22:16.0407 0x1e90 [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM C:\Windows\system32\WsmSvc.dll
16:22:16.0445 0x1e90 WinRM - ok
16:22:16.0453 0x1e90 [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb C:\Windows\System32\drivers\WinUsb.sys
16:22:16.0459 0x1e90 WinUsb - ok
16:22:16.0491 0x1e90 [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc C:\Windows\System32\wlansvc.dll
16:22:16.0514 0x1e90 WlanSvc - ok
16:22:16.0564 0x1e90 [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\Windows\system32\wlidsvc.dll
16:22:16.0588 0x1e90 wlidsvc - ok
16:22:16.0591 0x1e90 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
16:22:16.0595 0x1e90 WmiAcpi - ok
16:22:16.0603 0x1e90 [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:22:16.0610 0x1e90 wmiApSrv - ok
16:22:16.0613 0x1e90 [ 92C6184E6F62D542B8DCDC93BD73CB7E, CFC98601730ADEE4802C55C07B6DFF6037E3EECC818802A698448C68819F5308 ] wod0205 C:\Windows\system32\DRIVERS\wod0205.sys
16:22:16.0616 0x1e90 wod0205 - ok
16:22:16.0620 0x1e90 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\Windows\system32\drivers\Wof.sys
16:22:16.0627 0x1e90 Wof - ok
16:22:16.0665 0x1e90 [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc C:\Windows\system32\workfolderssvc.dll
16:22:16.0697 0x1e90 workfolderssvc - ok
16:22:16.0701 0x1e90 [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
16:22:16.0706 0x1e90 wpcfltr - ok
16:22:16.0708 0x1e90 [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:22:16.0714 0x1e90 WPCSvc - ok
16:22:16.0719 0x1e90 [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:22:16.0726 0x1e90 WPDBusEnum - ok
16:22:16.0729 0x1e90 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
16:22:16.0733 0x1e90 WpdUpFltr - ok
16:22:16.0736 0x1e90 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:22:16.0742 0x1e90 ws2ifsl - ok
16:22:16.0748 0x1e90 [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc C:\Windows\System32\wscsvc.dll
16:22:16.0755 0x1e90 wscsvc - ok
16:22:16.0757 0x1e90 [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice C:\Windows\System32\drivers\WSDPrint.sys
16:22:16.0762 0x1e90 WSDPrintDevice - ok
16:22:16.0765 0x1e90 [ 58035FD3369879E02D65989C44D27450, B9245DB5C17F7CE94FAA20AB4B0D06A4DFB6133C6E82343758CDC713EB64DFEF ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
16:22:16.0770 0x1e90 WSDScan - ok
16:22:16.0771 0x1e90 WSearch - ok
16:22:16.0848 0x1e90 [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\Windows\System32\WSService.dll
16:22:16.0906 0x1e90 WSService - ok
16:22:16.0958 0x1e90 [ 3F726FF7B1ACC7D5E89940EA5BFF0E61, DF84486870C677B30985005A909CFDF8446BD566F601A295FF29F258E1D1AFF4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:22:17.0008 0x1e90 wuauserv - ok
16:22:17.0015 0x1e90 [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:22:17.0021 0x1e90 WudfPf - ok
16:22:17.0028 0x1e90 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
16:22:17.0035 0x1e90 WUDFRd - ok
16:22:17.0040 0x1e90 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:22:17.0047 0x1e90 wudfsvc - ok
16:22:17.0054 0x1e90 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\Windows\System32\drivers\WUDFRd.sys
16:22:17.0061 0x1e90 WUDFWpdFs - ok
16:22:17.0068 0x1e90 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp C:\Windows\System32\drivers\WUDFRd.sys
16:22:17.0075 0x1e90 WUDFWpdMtp - ok
16:22:17.0089 0x1e90 [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\Windows\System32\wwansvc.dll
16:22:17.0101 0x1e90 WwanSvc - ok
16:22:17.0104 0x1e90 [ AAAF81690C24E2F1EE59F1B2AED5B632, 446AE85300FCB1CDEBFF2BDD69F6B322922F40EB688EF152F853B3AB6F4D4A6A ] xb1usb C:\Windows\System32\drivers\xb1usb.sys
16:22:17.0110 0x1e90 xb1usb - ok
16:22:17.0116 0x1e90 [ A0F661902AFCAAD77CC2ED3894927A10, 0DCD860F7F4029EBFE1F409BA23CC8BAA55BC22084C81940FF170B665E4804BD ] xusb22 C:\Windows\System32\drivers\xusb22.sys
16:22:17.0124 0x1e90 xusb22 - ok
16:22:17.0128 0x1e90 ================ Scan global ===============================
16:22:17.0130 0x1e90 [ 05B08C20B8428ECE088CB5635696A48D, 471642A2D0E5C3BB235962FC8D86A49AC30D7DDE80B97E348425BBFCDE4DCDC3 ] C:\Windows\system32\basesrv.dll
16:22:17.0137 0x1e90 [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\Windows\system32\winsrv.dll
16:22:17.0142 0x1e90 [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\Windows\system32\sxssrv.dll
16:22:17.0150 0x1e90 [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\Windows\system32\services.exe
16:22:17.0155 0x1e90 [ Global ] - ok
16:22:17.0155 0x1e90 ================ Scan MBR ==================================
16:22:17.0156 0x1e90 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:22:17.0223 0x1e90 \Device\Harddisk0\DR0 - ok
16:22:17.0245 0x1e90 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:22:17.0297 0x1e90 \Device\Harddisk1\DR1 - ok
16:22:17.0326 0x1e90 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
16:22:17.0394 0x1e90 \Device\Harddisk2\DR2 - ok
16:22:17.0406 0x1e90 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
16:22:17.0445 0x1e90 \Device\Harddisk3\DR3 - ok
16:22:17.0448 0x1e90 [ 0792F22BCC85CFD3B28324561FFFCABB ] \Device\Harddisk4\DR4
16:22:18.0355 0x1e90 \Device\Harddisk4\DR4 - ok
16:22:18.0355 0x1e90 ================ Scan VBR ==================================
16:22:18.0357 0x1e90 [ 22F7F4CC84FB7CEB9172DC9EAD8ABF16 ] \Device\Harddisk0\DR0\Partition1
16:22:18.0358 0x1e90 \Device\Harddisk0\DR0\Partition1 - ok
16:22:18.0359 0x1e90 [ 51638DFEA3FE416F2474CC8EB3736E73 ] \Device\Harddisk0\DR0\Partition2
16:22:18.0360 0x1e90 \Device\Harddisk0\DR0\Partition2 - ok
16:22:18.0361 0x1e90 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
16:22:18.0361 0x1e90 \Device\Harddisk1\DR1\Partition1 - ok
16:22:18.0393 0x1e90 [ 620224330BF335CC7447E5359D5DCD54 ] \Device\Harddisk1\DR1\Partition2
16:22:18.0471 0x1e90 \Device\Harddisk1\DR1\Partition2 - ok
16:22:18.0473 0x1e90 [ 577BE45835808EE0C021E3E996B5CC92 ] \Device\Harddisk2\DR2\Partition1
16:22:18.0473 0x1e90 \Device\Harddisk2\DR2\Partition1 - ok
16:22:18.0474 0x1e90 [ 876B3EA45D7E68593A9AADB52E3D6126 ] \Device\Harddisk3\DR3\Partition1
16:22:18.0475 0x1e90 \Device\Harddisk3\DR3\Partition1 - ok
16:22:18.0477 0x1e90 [ AB7DC4E148530D70F87AED2630FB343E ] \Device\Harddisk4\DR4\Partition1
16:22:18.0478 0x1e90 \Device\Harddisk4\DR4\Partition1 - ok
16:22:18.0478 0x1e90 ================ Scan generic autorun ======================
16:22:18.0481 0x1e90 [ F14327BA386AAA2246585BFADD8FE8E8, 2804D7985B116C808942B4501362D4F4BAE4B540E9A6AC9B176B30DD448BA5AC ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
16:22:18.0483 0x1e90 IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
16:22:20.0790 0x1e90 Detect skipped due to KSN trusted
16:22:20.0790 0x1e90 IAStorIcon - ok
16:22:21.0036 0x1e90 [ E1026B2975D308D43E896A108C92F1BD, 562903C88BC3CBD86E9A813001C72576181F2470286040240BAC92E5BF1F1583 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
16:22:21.0299 0x1e90 RTHDVCPL - ok
16:22:21.0499 0x1e90 [ D187A411C9C34F80B4D3AAB97CDB3C0A, 9406914A72D09B0090A263D03AD0E3006C3A30EDBEF0B87C062010AEF2D86B75 ] C:\Program Files\Logitech Gaming Software\LCore.exe
16:22:21.0721 0x1e90 Launch LCore - ok
16:22:21.0738 0x1e90 [ B1964E8776FD7633F149788F5B2A71CB, E30AC137B9DC2D3456499E0BB3B1955D2E0F7FFDB11E7A290A9DA25C76F4FAF8 ] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
16:22:21.0747 0x1e90 CDAServer - ok
16:22:21.0747 0x1e90 OODefragTray - ok
16:22:21.0818 0x1e90 [ DE91AA01B01FF8F5837C46EF0B51B57F, C896865F9C0613286C01AA3183D37B25C324D64963A2B1EE0CFA91100822D086 ] m:\Program Files\Greenshot\Greenshot.exe
16:22:21.0828 0x1e90 Greenshot - detected UnsignedFile.Multi.Generic ( 1 )
16:22:24.0138 0x1e90 Detect skipped due to KSN trusted
16:22:24.0138 0x1e90 Greenshot - ok
16:22:24.0143 0x1e90 [ 5917DC01B9AC1FD64136D4691FFC7987, 8AAB5E31A4F4056843EC0896BF3F0A91604FF39F4AD439F64D2E882E72511A98 ] C:\Program Files\Classic Shell\ClassicStartMenu.exe
16:22:24.0149 0x1e90 Classic Start Menu - ok
16:22:24.0182 0x1e90 [ E38338CC40DBFE16540EC767BF65E4A2, 8BA91F90E92F1F06129930ABB6A9280AF9C33B05D13BF91A3F1185A639D3DE78 ] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
16:22:24.0223 0x1e90 KeePass 2 PreLoad - ok
16:22:24.0241 0x1e90 [ 7389FE13F97605BFC1C18E6073BD3BE2, 5EC5BDD2AEFBC40FB55CA9BD623DCD5A79028657E2555839D04F9859D36DF03D ] C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
16:22:24.0257 0x1e90 Sound Blaster Z-Series Control Panel - detected UnsignedFile.Multi.Generic ( 1 )
16:22:26.0609 0x1e90 Detect skipped due to KSN trusted
16:22:26.0609 0x1e90 Sound Blaster Z-Series Control Panel - ok
16:22:26.0614 0x1e90 CitrixReceiver - ok
16:22:26.0627 0x1e90 [ 5DAB9A0A2D2B4C7DBB5FD381CB2C2B0D, 67A9661B2AC5CFF9DCB3D0B76D617742B93190E6DE4D501565D4FC2E9993934C ] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
16:22:26.0638 0x1e90 ConnectionCenter - ok
16:22:26.0644 0x1e90 [ F590FFAF1A12C4B4BE1BCCA29CCB10A2, 8F73820E7107AABD7A5F402D02D786725650311368F96024C92BB2F200BA2AEF ] C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
16:22:26.0650 0x1e90 Redirector - ok
16:22:26.0681 0x1e90 [ 92186E427B216F010C5886A618801CF7, D2B652C692A38B29CBF66B6264CE7EF9A155E968744DD642D519D240E83B5CC7 ] C:\Program Files (x86)\G DATA\USB KEYBOARD GUARD\GD2NDKBB.exe
16:22:26.0700 0x1e90 GDataUsbProtection - ok
16:22:26.0702 0x1e90 Dropbox - ok
16:22:26.0714 0x1e90 [ 9A37A8184FF394645C224DEC24B8E1BB, 07303575847EEF9A60E9C8AA89A5139E58EB909184D799310A869662EDF294FC ] C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe
16:22:26.0728 0x1e90 Command Center - ok
16:22:26.0738 0x1e90 [ 9AC10DF42CC1E811BB8608A0B609A7D0, 8337D83D40E5FA5A38109F3C4E6AF217AA4D112E9174FC2E5662A0DE77249F63 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
16:22:26.0750 0x1e90 SunJavaUpdateSched - ok
16:22:26.0886 0x1e90 [ D8AC78CDEC4EDC534EA0056D894CF004, 5809123847DE8CAA4CC657D9157C4D14751500625BCDDEB40088AE77290D7795 ] C:\Program Files (x86)\MSI\Live Update\Live Update.exe
16:22:27.0043 0x1e90 Live Update - ok
16:22:27.0152 0x1e90 [ 1C6A812AB0AF2CC2BF5E42722BDDB20E, FA5719BF1D11C5F04D7B3FDA911D23BF3213C53D53D35A3FB1952156515CB935 ] M:\Program Files (x86)\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
16:22:27.0160 0x1e90 7 Taskbar Tweaker - detected UnsignedFile.Multi.Generic ( 1 )
16:22:29.0466 0x1e90 7 Taskbar Tweaker ( UnsignedFile.Multi.Generic ) - warning
16:22:31.0871 0x1e90 [ 630B417FD7F878A4398D16FBD3F46690, 7B5A8866D72749C9F9576CD2EDBD66F3EB5CC8AF20FE979EB6D3D87495E473B1 ] m:\Program Files (x86)\ClamWin\bin\ClamTray.exe
16:22:31.0874 0x1e90 ClamWin - detected UnsignedFile.Multi.Generic ( 1 )
16:22:34.0184 0x1e90 Detect skipped due to KSN trusted
16:22:34.0184 0x1e90 ClamWin - ok
16:22:34.0338 0x1e90 [ 9DA1393F5C9350A3CFB039B6EB71A28F, 21DBC6ACFFBDEDAEB97690B83068B054DA9C3C117DF47135CFAA06E91916DBA8 ] m:\Program Files\Sandboxie\SbieCtrl.exe
16:22:34.0352 0x1e90 SandboxieControl - ok
16:22:34.0361 0x1e90 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe
16:22:34.0365 0x1e90 Google Update - ok
16:22:34.0541 0x1e90 [ 3570C7B35F9EB00BE68025CD10149640, 0FA72D4FC79D5D37177660A5A511A2D294C27FB3FF029F52720702321A4A7161 ] M:\Program Files (x86)\ownCloud\owncloud.exe
16:22:34.0563 0x1e90 ownCloud - detected UnsignedFile.Multi.Generic ( 1 )
16:22:36.0873 0x1e90 Detect skipped due to KSN trusted
16:22:36.0873 0x1e90 ownCloud - ok
16:22:36.0969 0x1e90 [ 28097821DE2D52E8B259E8D977DE229F, EAA3345F502ED0EB7DC02189F19F2648C6D1E79750AED0F968E5D33614861642 ] m:\Program Files\Ditto\Ditto.exe
16:22:37.0001 0x1e90 Ditto - detected UnsignedFile.Multi.Generic ( 1 )
16:22:39.0308 0x1e90 Detect skipped due to KSN trusted
16:22:39.0308 0x1e90 Ditto - ok
16:22:39.0368 0x1e90 [ 236D0DE39B72766935297687460324F7, 5E59F9B6227A22E7BE84B0A02A95A420DD5DC07704AE4337CA1131DF393A4B73 ] M:\Program Files (x86)\Loxone\LoxoneConfig\LoxCONTROL.exe
16:22:39.0404 0x1e90 LoxCONTROL - detected UnsignedFile.Multi.Generic ( 1 )
16:22:41.0711 0x1e90 Detect skipped due to KSN trusted
16:22:41.0711 0x1e90 LoxCONTROL - ok
16:22:41.0730 0x1e90 [ 44A9229022A519ED45294A1934C05EEC, 6DEF0DB5F9B50E9B0AFEE1CF50066BEB4FB7E15E2DC829A499509925660D6992 ] C:\Users\mongole\AppData\Local\FluxSoftware\Flux\flux.exe
16:22:41.0748 0x1e90 f.lux - ok
16:22:41.0759 0x1e90 [ F06C73D0AC21EA0D62E825AD047F778C, 01F3FE2D6A5C7C3007897F34AEBDB74B8EF3CEB6523F8CC5AF246FC4B44FBB5D ] C:\Program Files (x86)\ClamSentinel\ClamSentinel.exe
16:22:41.0768 0x1e90 Clam Sentinel - detected UnsignedFile.Multi.Generic ( 1 )
16:22:44.0083 0x1e90 Detect skipped due to KSN trusted
16:22:44.0083 0x1e90 Clam Sentinel - ok
16:22:44.0101 0x1e90 [ F5164E5D119C2892168B46D4C8FA16A7, D355DC94FF04AEB6160F496F92F5F864A1E5C6B909BFD341B79A358CE72B280E ] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
16:22:44.0125 0x1e90 GarminExpressTrayApp - ok
16:22:44.0957 0x1e90 [ 0BD96060678C1EC603E0DE78BFC4327A, 6E6D1BD58AFDCB3C75D29AC8A8D25137B7EDBBC5214DD76EEE13DC05078FC959 ] M:\Program Files (x86)\GlassWire\glasswire.exe
16:22:45.0638 0x1e90 GlassWire - ok
16:22:45.0663 0x1e90 [ F51BB12D8977D26C1A4CDA348770D9F1, DDA35CD8F8A6591B83821B5180D457740E0B820CCE000BC7FB1B78FB4AEAD3BA ] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe
16:22:45.0679 0x1e90 SpybotPostWindows10UpgradeReInstall - detected UnsignedFile.Multi.Generic ( 1 )
16:22:47.0987 0x1e90 Detect skipped due to KSN trusted
16:22:47.0987 0x1e90 SpybotPostWindows10UpgradeReInstall - ok
16:22:47.0987 0x1e90 Waiting for KSN requests completion. In queue: 3
16:22:48.0988 0x1e90 Waiting for KSN requests completion. In queue: 3
16:22:49.0988 0x1e90 Waiting for KSN requests completion. In queue: 3
16:22:50.0995 0x1e90 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x60100 ( disabled : updated )
16:22:50.0996 0x1e90 Win FW state via NFP2: disabled ( trusted )
16:22:53.0315 0x1e90 ============================================================
16:22:53.0315 0x1e90 Scan finished
16:22:53.0315 0x1e90 ============================================================
16:22:53.0318 0x0bcc Detected object count: 2
16:22:53.0318 0x0bcc Actual detected object count: 2
16:23:35.0156 0x0bcc Killer Service V2 ( UnsignedFile.Multi.Generic ) - skipped by user
16:23:35.0156 0x0bcc Killer Service V2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:23:35.0156 0x0bcc 7 Taskbar Tweaker ( UnsignedFile.Multi.Generic ) - skipped by user
16:23:35.0156 0x0bcc 7 Taskbar Tweaker ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:23:39.0588 0x1ef8 Deinitialize success
|
|
29.09.2015, 12:10
| #7 |
| /// the machine /// TB-Ausbilder | Win 8.1: Trojaner eingefangen MBAM updaten, scannen, Funde löschen. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.09.2015, 12:40
| #8 |
| | Win 8.1: Trojaner eingefangen Vielen Dank an der Stelle schon mal für deine Hilfe. MBAM hat nichts gefunden (Full Scan) Code:
ATTFilter # AdwCleaner v5.009 - Bericht erstellt am 29/09/2015 um 13:27:59
# Aktualisiert am 27/09/2015 von Xplode
# Datenbank : 2015-09-27.1 [Server]
# Betriebssystem : Windows 8.1 Enterprise (x64)
# Benutzername : mongole - MONGOMACHINE-8
# Gestartet von : C:\Users\mongole\Desktop\AdwCleaner_5.009.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner Gelöscht : C:\Users\mongole\AppData\Roaming\pdfforge
***** [ Dateien ] *****
***** [ Verknüpfungen ] *****
***** [ Geplante Tasks ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel Gelöscht : HKCU\Software\distromatic
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\distromatic
***** [ Internetbrowser ] *****
[-] [C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.requestpolicy.allowedOriginsToDestinations", "amazon.caimages-amazon.com amazon.cassl-images-amazon.com amazon.co.ukimages-amazon.com amazon.co.ukssl-images-amazon.com amazon[...]
[-] [C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.trackmenot.searchEngines", "aol,bing,yahoo,google");
[-] [C:\Users\mongole\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data] [Search Provider] Gelöscht : isohunt.us
*************************
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Chrome Richtlinien gelöscht
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1586 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.3 (09.21.2015:1)
OS: Windows 8.1 Enterprise x64
Ran by mongole on 29.09.2015 at 13:33:47,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Windows\SysWOW64\REN86DC.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\RENDC0C.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\RENE5DA.tmp
~~~ Folders
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(default)
Successfully deleted: [Folder] C:\Users\mongole\Appdata\Local\crashrpt
Successfully deleted: [Folder] C:\Windows\system32\tasks\update
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.09.2015 at 13:36:30,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-09-2015 01
Ran by mongole (administrator) on MONGOMACHINE-8 (29-09-2015 13:38:59)
Running from C:\Users\mongole\Desktop
Loaded Profiles: mongole (Available Profiles: mongole)
Platform: Windows 8.1 Enterprise (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: "C:\Program Files\Pale Moon\palemoon.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Moonchild Productions) C:\Program Files\Pale Moon\palemoon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\nfsclnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(EJIE Technology) C:\Program Files (x86)\Clover\clover.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-15] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14862456 2015-09-01] (Logitech Inc.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [OODefragTray] => M:\Program Files\OO Software\Defrag\oodtray.exe
HKLM\...\Run: [Greenshot] => m:\Program Files\Greenshot\Greenshot.exe [540672 2015-04-19] (Greenshot)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-08-09] (IvoSoft)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2715536 2015-04-10] (Dominik Reichl)
HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [735744 2013-02-27] (Creative Technology Ltd)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [GDataUsbProtection] => C:\Program Files (x86)\G DATA\USB KEYBOARD GUARD\GD2NDKBB.exe [1412216 2014-09-05] (G Data Software AG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [39175960 2015-08-14] (Dropbox, Inc.)
HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [830416 2015-08-03] (MSI)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [11328464 2015-09-11] (Micro-Star INT'L CO., LTD.)
HKLM\...\Command Processor: "C:\Program Files (x86)\clink\0.4.2\clink" inject --profile "~\clink" <======= ATTENTION
HKLM-x32\...\Command Processor: "C:\Program Files (x86)\clink\0.4.2\clink" inject --profile "~\clink" <======= ATTENTION
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [7 Taskbar Tweaker] => M:\Program Files (x86)\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [380416 2015-08-22] (RaMMicHaeL)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [ClamWin] => m:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2015-05-05] (alch)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [SandboxieControl] => m:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-06-23] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [Google Update] => C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [ownCloud] => M:\Program Files (x86)\ownCloud\owncloud.exe [1748494 2015-09-01] ()
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [Ditto] => m:\Program Files\Ditto\Ditto.exe [1975808 2015-01-10] ()
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [LoxCONTROL] => M:\Program Files (x86)\Loxone\LoxoneConfig\LoxCONTROL.exe [1865176 2014-05-07] (Loxone Electronics GmbH)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [f.lux] => C:\Users\mongole\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [Clam Sentinel] => C:\Program Files (x86)\ClamSentinel\ClamSentinel.exe [737280 2014-07-18] (Andrea Russo - Italy)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [GlassWire] => M:\Program Files (x86)\GlassWire\glasswire.exe [12771872 2015-07-30] (SecureMix LLC)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {00fc8422-4518-11e4-8264-0015833d0a57} - "Z:\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {07a2f1dc-dbb6-11e4-8291-97d8e33ee520} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0b248c5f-c9bc-11e4-8290-0015833d0a57} - "R:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0d1c3130-6b70-11e4-8273-0015833d0a57} - "J:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0d1c31a4-6b70-11e4-8273-0015833d0a57} - "J:\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0d1c31c9-6b70-11e4-8273-0015833d0a57} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0d1c3228-6b70-11e4-8273-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {14df6a04-0a84-11e5-82a0-0015833d0a57} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {162e6353-bf1e-11e4-828f-0015833d0a57} - "Q:\BvsC_Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {18bfff98-a6b1-11e4-8284-e65431e47091} - "R:\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {2df4f224-5338-11e5-82b8-c975e38b645c} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {2f6767ba-72b0-11e4-8277-0015833d0a57} - "P:\start.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {4ab32722-d8e7-11e4-8291-97d8e33ee520} - "H:\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {4ab327eb-d8e7-11e4-8291-97d8e33ee520} - "H:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {4ab328a3-d8e7-11e4-8291-97d8e33ee520} - "L:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {4fc9a4b0-580a-11e5-82ba-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {60881c93-86fc-11e4-827e-9f3555d7a4f3} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {642b4753-b3df-11e4-828e-a9ce0c2de137} - "P:\Autorun.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {642b4891-b3df-11e4-828e-a9ce0c2de137} - "P:\Autorun.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {714b828f-4260-11e5-82b7-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {762b7399-7812-11e4-827d-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {762b75e7-7812-11e4-827d-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {762b9426-7812-11e4-827d-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {83042a8e-617d-11e4-8273-0015833d0a57} - "J:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {83042bc2-617d-11e4-8273-0015833d0a57} - "J:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {83043e48-617d-11e4-8273-0015833d0a57} - "J:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {830440a0-617d-11e4-8273-0015833d0a57} - "K:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {83044447-617d-11e4-8273-0015833d0a57} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {89f42221-ff1a-11e4-82a0-0015833d0a57} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {9aada012-a252-11e4-8284-e65431e47091} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {9aadaf0b-a252-11e4-8284-e65431e47091} - "R:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {a4fef4da-5e67-11e5-82ba-0015833d0a57} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {a9a16c7d-0027-11e5-82a0-0015833d0a57} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {b22c0533-6397-11e5-82bc-0015833d0a57} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {b39f8cc0-1d22-11e5-82a9-0015833d0a57} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {d225db12-d660-11e4-8291-97d8e33ee520} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {d225e732-d660-11e4-8291-97d8e33ee520} - "H:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {dc266ba8-80b9-11e4-827d-0015833d0a57} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {dfac2b46-37c5-11e5-82b2-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e0617187-c45c-11e4-828f-0015833d0a57} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e06176a3-c45c-11e4-828f-0015833d0a57} - "R:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e54e06e4-b393-11e4-828e-a9ce0c2de137} - "H:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e54e0808-b393-11e4-828e-a9ce0c2de137} - "H:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e7b61e58-9e1a-11e4-8284-e65431e47091} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [{BF6DA836-4385-488D-8F01-89E886CAD41D}] => "B:\Killer_Network_Drivers_(driver_only)_1.1.50.1073\Killer\setup.exe"
HKU\S-1-5-18\...\Policies\system: [DisableLockWorkstation] 0
ShellIconOverlayIdentifiers: [ OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCErrorShared] -> {0960F091-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCOKShared] -> {0960F093-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCSyncShared] -> {0960F095-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCWarning] -> {0960F096-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCWarningShared] -> {0960F097-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BtProx.lnk [2015-03-29]
ShortcutTarget: BtProx.lnk -> C:\Program Files (x86)\BtProx\btprox.exe (BtProx)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Duplicati.lnk [2014-10-19]
ShortcutTarget: Duplicati.lnk -> M:\Program Files\Duplicati\Duplicati.exe (HexaD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-09-07]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)
Startup: C:\Users\mongole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk [2014-12-16]
ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)
Startup: C:\Users\mongole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VirtuaWin.lnk [2014-09-23]
ShortcutTarget: VirtuaWin.lnk -> C:\Program Files (x86)\VirtuaWin\VirtuaWin.exe (VirtuaWin)
BootExecute: autocheck autochk /m /P \Device\TrueCryptVolumeZautocheck autochk *
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{8F5EDCF9-F14F-4A0C-AEB1-5860B2A385C0}: [NameServer] 192.168.100.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-29] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-29] (Oracle Corporation)
BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> C:\Program Files (x86)\Clover\TabHelper64.dll [2014-01-23] (EJIE Technology)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> m:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-06-27] (FreeDownloadManager.ORG)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\mongole\AppData\Roaming\Mozilla\Firefox\Profiles\q1eucqck.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-29] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> m:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> m:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> m:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-11-27] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin HKU\S-1-5-21-3859236888-2619314948-3413747170-1001: @tools.google.com/Google Update;version=3 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-3859236888-2619314948-3413747170-1001: @tools.google.com/Google Update;version=9 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - m:\Program Files (x86)\Free Download Manager\Firefox\Extension
FF Extension: Free Download Manager plugin - m:\Program Files (x86)\Free Download Manager\Firefox\Extension [2014-09-25]
StartMenuInternet: FIREFOX.EXE - m:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
S2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [112640 2013-07-03] (Creative Technology Ltd)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-07-25] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-07-25] (Dropbox, Inc.)
S2 DirMngr; m:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2014-09-03] () [File not signed]
S2 EMET_Service; C:\Program Files (x86)\EMET 5.2\EMET_Service.exe [22680 2015-03-11] (Microsoft Corporation)
S3 FileZilla Server; m:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [794584 2015-06-12] (FileZilla Project)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [762272 2015-09-11] (Garmin Ltd. or its subsidiaries)
S2 GlassWire; M:\Program Files (x86)\GlassWire\GWCtlSrv.exe [7438880 2015-07-30] (SecureMix LLC)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 iked; m:\Program Files\ShrewSoft\VPN Client\iked.exe [1127736 2013-07-01] ()
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
S3 ipsecd; m:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-07-01] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-04-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
S2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [402432 2015-07-07] (Rivet Networks) [File not signed]
S2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [192120 2015-09-01] (Logitech Inc.)
S3 MBAMService; m:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MSIBIOSData_CC; C:\Program Files (x86)\MSI\Command Center\BIOSData\MSIBIOSDataService.exe [2106832 2015-06-29] (MSI)
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [4045264 2015-08-03] (MSI)
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2123216 2015-07-08] (MSI)
S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe [4177360 2015-07-07] (MSI)
S2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2002896 2015-07-28] (MSI)
S2 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2284496 2015-07-30] (MSI)
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2072528 2015-06-29] (MSI)
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [599504 2015-07-28] (MSI)
S2 MSI_ECOSERVICE; C:\Program Files (x86)\MSI\ECO Center\ECO_Service.exe [2266280 2015-03-27] (Micro-Star INT'L CO., LTD.)
S2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1768912 2015-09-11] (Micro-Star INT'L CO., LTD.)
R2 NfsClnt; C:\Windows\system32\nfsclnt.exe [100352 2014-09-25] (Microsoft Corporation)
S3 OODefragAgent; M:\Program Files\OO Software\Defrag\oodag.exe [1660200 2014-08-29] (O&O Software GmbH)
S3 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S2 SbieSvc; m:\Program Files\Sandboxie\SbieSvc.exe [175752 2015-06-23] (Sandboxie Holdings, LLC)
S3 Synergy; M:\Program Files\Synergy\synergyd.exe [298496 2014-05-23] () [File not signed]
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S2 uvnc_service; m:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe [1979136 2015-05-28] (UltraVNC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 MPlayerWWService; "M:\Programme\mplayer\tools\MPlayerWWService.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-04-28] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-04-28] (SlySoft, Inc.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [118320 2015-06-19] (Rivet Networks, LLC.)
R3 bthav; C:\Windows\system32\drivers\bthav.sys [40448 2008-07-10] (CSR, plc)
R3 cthda; C:\Windows\system32\drivers\cthda.sys [1060632 2013-07-03] (Creative Technology Ltd)
R3 cthdb; C:\Windows\system32\DRIVERS\cthdb.sys [34072 2013-07-03] (Creative Technology Ltd)
R0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [210632 2014-07-09] ()
S3 dvblink_tuner; C:\Windows\system32\drivers\dvblink_tuner.sys [78184 2013-10-24] (DVBLogic)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 GDKBBlocker; C:\Windows\system32\drivers\GDKBBlocker64.sys [30720 2015-03-04] (G Data Software AG)
R1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (SecureMix LLC)
S3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [126512 2015-03-18] (Qualcomm Atheros, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation)
R3 NfsRdr; C:\Windows\System32\drivers\nfsrdr.sys [261120 2014-09-25] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NTIOLib_ECO; C:\Program Files (x86)\MSI\ECO Center\NTIOLib_X64.sys [13808 2014-01-06] (MSI)
R3 NTIOLib_MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-26] (MSI)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-02-05] (NVIDIA Corporation)
S3 pbfilter; M:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
S3 PORTMON; M:\Programme\SysinternalsSuite\PORTMSYS.SYS [28656 2015-07-11] (Systems Internals) [File not signed]
R2 RAMDriv; C:\Windows\system32\DRIVERS\ramdriv.sys [81912 2012-12-27] (Micro-Star Int'l Co., Ltd.)
R3 RpcXdr; C:\Windows\System32\drivers\rpcxdr.sys [131072 2014-09-25] (Microsoft Corporation)
R3 SbieDrv; m:\Program Files\Sandboxie\SbieDrv.sys [190088 2015-06-23] (Sandboxie Holdings, LLC)
S3 UDST7000BDA; C:\Windows\system32\DRIVERS\TerraTecUsbBda.sys [917160 2012-08-20] (TerraTec Electronic GmbH.)
S3 UDST7000HID; C:\Windows\System32\drivers\TerraTecUsbHid.sys [26408 2012-08-20] (TerraTec Electronic GmbH.)
U5 UnlockerDriver5; c:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [146072 2015-07-09] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115208 2015-05-13] (Oracle Corporation)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [192344 2015-07-25] (IDRIX)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wod0205; C:\Windows\system32\DRIVERS\wod0205.sys [33160 2011-04-23] (WeOnlyDo Software)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-29 13:38 - 2015-09-29 13:39 - 00037925 _____ C:\Users\mongole\Desktop\FRST.txt
2015-09-29 13:38 - 2015-09-29 13:38 - 02192384 _____ (Farbar) C:\Users\mongole\Desktop\FRST64.exe
2015-09-29 13:36 - 2015-09-29 13:36 - 00001029 _____ C:\Users\mongole\Desktop\JRT.txt
2015-09-29 13:32 - 2015-09-29 13:32 - 00001686 _____ C:\Users\mongole\Desktop\tb.txt
2015-09-29 13:32 - 2015-09-29 13:32 - 00000021 _____ C:\Windows\S.dirmngr
2015-09-29 13:32 - 2015-09-29 13:32 - 00000000 ____D C:\Users\mongole\Desktop\Neuer Ordner
2015-09-29 13:27 - 2015-09-29 13:26 - 01798976 _____ (Malwarebytes) C:\Users\mongole\Desktop\JRT.exe
2015-09-29 13:23 - 2015-09-29 13:23 - 01670656 _____ C:\Users\mongole\Desktop\AdwCleaner_5.009.exe
2015-09-28 16:19 - 2015-09-28 16:18 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\mongole\Desktop\tdsskiller.exe
2015-09-27 12:00 - 2015-09-27 12:05 - 00000040 ___SH C:\ProgramData\.zreglib
2015-09-27 11:57 - 2015-09-27 11:57 - 00000000 ____D C:\ProgramData\SlySoft
2015-09-27 11:57 - 2015-09-27 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
2015-09-27 11:57 - 2015-09-27 11:57 - 00000000 ____D C:\Program Files (x86)\SlySoft
2015-09-27 05:17 - 2015-09-27 05:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCDEmu
2015-09-27 03:09 - 2015-09-27 03:09 - 00000000 ____D C:\Users\mongole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2015-09-26 04:25 - 2015-09-26 04:25 - 00000000 ___RD C:\Sandbox
2015-09-26 02:57 - 2015-09-26 02:57 - 00000000 ____D C:\Program Files (x86)\ESET
2015-09-25 23:38 - 2015-09-29 13:39 - 00000000 ____D C:\FRST
2015-09-25 22:38 - 2015-09-25 22:38 - 00000445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOMA.lnk
2015-09-25 22:38 - 2015-09-25 22:38 - 00000000 ____D C:\Users\mongole\AppData\Roaming\F3247B3C-E835-478E-8AA4-F9949F685480
2015-09-25 16:05 - 2015-08-22 15:42 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-09-25 16:05 - 2015-08-10 20:15 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-09-25 16:05 - 2015-08-10 20:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-09-25 16:05 - 2015-08-10 20:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-09-25 16:05 - 2015-08-10 19:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-09-25 16:05 - 2015-08-10 18:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-09-25 16:05 - 2015-08-10 18:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-09-25 16:05 - 2015-08-07 23:41 - 07460168 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-25 16:05 - 2015-08-07 23:40 - 01736520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-25 16:05 - 2015-08-07 23:40 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-25 16:05 - 2015-08-07 23:40 - 01134752 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-25 16:05 - 2015-08-07 23:40 - 00686960 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-25 16:05 - 2015-08-07 23:40 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-25 16:05 - 2015-08-07 16:13 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-25 16:05 - 2015-08-06 21:15 - 01658544 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-25 16:05 - 2015-08-06 21:15 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-09-25 16:05 - 2015-08-06 21:15 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-25 16:05 - 2015-08-06 21:15 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-09-25 16:05 - 2015-08-06 19:05 - 00669184 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2015-09-25 16:05 - 2015-08-06 18:47 - 04710400 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-09-25 16:05 - 2015-08-06 18:37 - 00536576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2015-09-25 16:05 - 2015-08-06 18:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-09-25 16:05 - 2015-07-16 20:58 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\NcdAutoSetup.dll
2015-09-23 21:06 - 2015-09-23 21:09 - 00000000 ____D C:\Users\mongole\AppData\Roaming\FRITZ!
2015-09-23 21:04 - 2015-09-23 21:04 - 00000726 _____ C:\Users\Public\Desktop\FRITZ!fax.lnk
2015-09-23 21:04 - 2015-09-23 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!
2015-09-23 21:04 - 2006-02-23 12:16 - 00047616 _____ (TODO: <Company name>) C:\Windows\system32\AvmColorFax.dll
2015-09-23 21:04 - 2006-02-23 11:35 - 00020480 _____ C:\Windows\system32\FritzColorPort64.dll
2015-09-23 21:04 - 2006-02-22 10:53 - 00043520 _____ (TODO: <Company name>) C:\Windows\system32\AvmFax.dll
2015-09-23 21:04 - 2006-02-22 10:51 - 00027136 _____ (AVM Berlin GmbH) C:\Windows\system32\FriDru64.dll
2015-09-23 21:04 - 2006-02-22 10:39 - 00020480 _____ C:\Windows\system32\FritzPort64.dll
2015-09-23 21:03 - 2015-09-23 21:03 - 00000000 ____D C:\ProgramData\ISDNWatch
2015-09-23 21:03 - 2015-09-23 21:03 - 00000000 ____D C:\ProgramData\FRITZ!fax für FRITZ!Box
2015-09-23 20:58 - 2015-09-23 20:58 - 00000174 _____ C:\Windows\setup.log
2015-09-22 20:35 - 2015-09-14 02:29 - 42840368 _____ C:\Windows\system32\nvcompiler.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 37819000 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 22525560 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 16637528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 14936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 13660648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 12514824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 12185344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 11096696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-09-22 20:35 - 2015-09-14 02:29 - 03530608 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 03116160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 02940024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 02627192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 01898288 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435598.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 01558832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435598.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 01105976 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 01074808 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 01064056 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00986232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00944760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00943712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00879000 _____ C:\Windows\system32\nvmcumd.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00512904 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00421544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00408184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00364152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-09-17 16:50 - 2015-09-17 16:50 - 00000000 ____D C:\Users\mongole\AppData\Roaming\XnView
2015-09-16 18:58 - 2015-09-16 18:58 - 00000000 ____D C:\Users\mongole\AppData\Roaming\TagScanner
2015-09-16 18:58 - 2015-09-16 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner
2015-09-15 23:24 - 2015-09-15 23:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-09-15 23:24 - 2015-06-04 10:36 - 00115592 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2015-09-15 04:12 - 2015-09-15 04:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-09-12 03:14 - 2015-09-12 03:14 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-12 03:14 - 2015-09-12 03:14 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-09-12 03:14 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-09-11 20:08 - 2015-09-11 20:08 - 00000711 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hatred.lnk
2015-09-11 01:21 - 2015-09-27 03:09 - 00000000 ____D C:\Users\mongole\AppData\Roaming\IrfanView
2015-09-11 00:21 - 2015-09-29 13:32 - 00002766 _____ C:\Windows\setupact.log
2015-09-11 00:21 - 2015-09-11 00:21 - 00000000 _____ C:\Windows\setuperr.log
2015-09-10 22:18 - 2015-09-10 22:18 - 00000018 _____ C:\Users\mongole\start
2015-09-10 21:44 - 2015-09-10 22:18 - 00000018 _____ C:\Users\mongole\stop
2015-09-10 21:05 - 2015-09-14 02:29 - 14635600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-09-10 21:05 - 2015-08-25 20:46 - 01898288 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435582.dll
2015-09-10 21:05 - 2015-08-25 20:46 - 01558648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435582.dll
2015-09-10 20:57 - 2015-09-03 04:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-10 20:57 - 2015-09-03 04:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-10 20:57 - 2015-09-02 20:48 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-10 20:57 - 2015-09-02 19:09 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-10 20:57 - 2015-09-02 04:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-10 20:57 - 2015-09-02 04:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-10 20:57 - 2015-09-02 04:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-10 20:57 - 2015-09-02 04:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-10 20:57 - 2015-09-02 04:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-10 20:57 - 2015-08-27 04:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-10 20:57 - 2015-08-26 20:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-10 20:57 - 2015-08-26 20:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-10 20:57 - 2015-08-26 20:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-10 20:57 - 2015-08-26 20:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-10 20:57 - 2015-08-26 16:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-10 20:57 - 2015-08-26 16:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-10 20:57 - 2015-08-26 16:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-10 20:57 - 2015-08-26 16:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-09-10 20:57 - 2015-08-26 16:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-10 20:57 - 2015-08-26 16:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-10 20:57 - 2015-08-26 16:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-10 20:57 - 2015-08-22 20:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-10 20:57 - 2015-08-22 19:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-10 20:57 - 2015-08-22 19:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-10 20:57 - 2015-08-22 19:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-10 20:57 - 2015-08-22 19:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-10 20:57 - 2015-08-22 19:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-10 20:57 - 2015-08-22 18:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-10 20:57 - 2015-08-22 18:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-10 20:57 - 2015-08-22 18:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-09-10 20:57 - 2015-08-22 18:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-10 20:57 - 2015-08-22 18:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-09-10 20:57 - 2015-08-22 18:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-10 20:57 - 2015-08-22 18:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-10 20:57 - 2015-08-22 18:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-10 20:57 - 2015-08-22 18:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-10 20:57 - 2015-08-22 18:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-10 20:57 - 2015-08-22 18:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-10 20:57 - 2015-08-22 18:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-10 20:57 - 2015-08-22 18:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-09-10 20:57 - 2015-08-22 18:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-10 20:57 - 2015-08-22 18:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-09-10 20:57 - 2015-08-22 18:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-10 20:57 - 2015-08-22 18:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-10 20:57 - 2015-08-22 18:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-10 20:57 - 2015-08-22 18:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-10 20:57 - 2015-08-22 18:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-10 20:57 - 2015-08-22 18:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-10 20:57 - 2015-08-22 17:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-10 20:57 - 2015-08-22 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-10 20:57 - 2015-08-03 23:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-10 20:57 - 2015-08-03 23:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-10 20:57 - 2015-08-01 16:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-10 20:57 - 2015-08-01 05:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2015-09-10 20:57 - 2015-08-01 05:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2015-09-10 20:57 - 2015-08-01 05:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-10 20:57 - 2015-08-01 05:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2015-09-10 20:57 - 2015-08-01 05:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2015-09-10 20:57 - 2015-07-30 19:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-10 20:57 - 2015-07-30 18:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-10 20:57 - 2015-07-22 16:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-10 20:57 - 2015-07-22 16:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-09-10 20:57 - 2015-07-22 16:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-10 20:57 - 2015-07-22 16:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-09-10 20:57 - 2015-07-18 20:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2015-09-10 20:57 - 2015-07-18 20:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2015-09-10 20:57 - 2015-07-18 20:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2015-09-10 20:57 - 2015-07-18 20:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2015-09-07 01:18 - 2015-09-07 01:18 - 00002801 _____ C:\Users\Public\Desktop\Killer Network Manager.lnk
2015-09-07 01:18 - 2015-09-07 01:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Killer Networking
2015-09-07 01:18 - 2015-09-07 01:18 - 00000000 ____D C:\ProgramData\Killer
2015-09-07 01:18 - 2015-09-07 01:18 - 00000000 ____D C:\Program Files\Killer Networking
2015-09-05 17:51 - 2015-09-05 17:51 - 00000722 _____ C:\Users\mongole\Desktop\Act of Aggression.lnk
2015-09-05 17:51 - 2015-09-05 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Act of Aggression
2015-09-04 21:10 - 2015-09-04 21:12 - 00000000 ____D C:\Users\mongole\Documents\b1-keys
2015-09-04 21:10 - 2015-09-04 21:10 - 00000000 ____D C:\Users\mongole\b1-keys
2015-09-02 14:25 - 2015-09-02 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-02 13:36 - 2015-09-02 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.0
2015-08-30 19:57 - 2015-08-30 19:57 - 00000665 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2015-08-30 19:57 - 2015-08-30 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-08-30 19:57 - 2015-08-30 19:57 - 00000000 ____D C:\Program Files (x86)\WinPcap
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-29 13:38 - 2014-10-17 18:44 - 00002452 _____ C:\Users\mongole\Desktop\Google Chrome Canary.lnk
2015-09-29 13:38 - 2014-10-17 18:44 - 00001158 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001UA.job
2015-09-29 13:38 - 2014-09-21 21:26 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3859236888-2619314948-3413747170-1001
2015-09-29 13:37 - 2014-09-22 15:08 - 00763218 _____ C:\Windows\system32\perfh007.dat
2015-09-29 13:37 - 2014-09-22 15:08 - 00159364 _____ C:\Windows\system32\perfc007.dat
2015-09-29 13:37 - 2014-03-18 12:01 - 01780340 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-29 13:35 - 2014-09-26 00:20 - 00006469 _____ C:\Windows\SysWOW64\Gms.log
2015-09-29 13:35 - 2014-09-21 21:21 - 00000000 ____D C:\Users\mongole
2015-09-29 13:33 - 2015-07-25 19:36 - 00001242 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-09-29 13:33 - 2014-10-26 01:01 - 00000000 ____D C:\Users\mongole\AppData\Roaming\Ditto
2015-09-29 13:33 - 2014-09-24 22:03 - 00000000 ____D C:\Users\mongole\AppData\Roaming\Dropbox
2015-09-29 13:33 - 2014-09-21 21:27 - 01090976 _____ C:\Windows\WindowsUpdate.log
2015-09-29 13:33 - 2014-09-21 21:21 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2015-09-29 13:32 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-29 13:29 - 2014-03-18 11:51 - 00086172 _____ C:\Windows\PFRO.log
2015-09-29 13:27 - 2015-06-15 21:31 - 00000000 ____D C:\AdwCleaner
2015-09-29 13:27 - 2014-10-12 20:02 - 00000000 ____D C:\Users\mongole\AppData\Roaming\qBittorrent
2015-09-29 13:27 - 2014-09-23 01:24 - 00000000 ____D C:\Users\mongole\AppData\Roaming\HexChat
2015-09-29 13:27 - 2014-09-22 15:20 - 00000000 ____D C:\Users\mongole\AppData\Roaming\KeePass
2015-09-29 13:26 - 2014-09-22 21:43 - 00000000 ____D C:\Users\mongole\AppData\Roaming\.purple
2015-09-29 04:41 - 2015-07-25 19:36 - 00001246 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-09-29 04:37 - 2014-10-17 18:44 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001Core.job
2015-09-29 03:13 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-09-28 20:42 - 2015-02-08 19:27 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-09-28 20:42 - 2015-02-08 19:27 - 00001047 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-09-28 20:42 - 2015-02-08 19:26 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-09-28 19:01 - 2014-10-02 21:17 - 00001780 _____ C:\Windows\Sandboxie.ini
2015-09-28 11:30 - 2014-10-31 13:52 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-27 05:17 - 2014-09-22 22:22 - 00000000 ____D C:\Program Files (x86)\WinCDEmu
2015-09-27 00:19 - 2014-09-22 22:51 - 00000000 ____D C:\Users\mongole\AppData\Roaming\gnupg
2015-09-26 22:31 - 2015-03-16 21:35 - 00000000 ____D C:\Program Files\Pale Moon
2015-09-26 12:47 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\tracing
2015-09-25 23:40 - 2015-04-25 06:20 - 00000000 ____D C:\Program Files\McAfee
2015-09-25 23:30 - 2014-09-22 15:18 - 00070702 _____ C:\Users\mongole\Desktop\main.kdbx
2015-09-25 23:27 - 2015-04-25 06:20 - 00000000 ____D C:\Program Files\stinger
2015-09-25 22:48 - 2014-09-22 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ConEmu
2015-09-25 22:48 - 2014-09-22 21:39 - 00000000 ____D C:\Program Files\ConEmu
2015-09-25 16:55 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-09-25 16:05 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-09-25 01:47 - 2014-09-25 15:33 - 00000000 ____D C:\Users\mongole\AppData\Roaming\foobar2000
2015-09-24 22:58 - 2014-10-05 20:45 - 00000000 ____D C:\Users\mongole\AppData\Roaming\vlc
2015-09-24 20:29 - 2014-09-22 23:04 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2015-09-24 20:27 - 2014-09-22 23:04 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-09-24 20:27 - 2014-09-22 23:04 - 00006223 _____ C:\Windows\LkmdfCoInst.log
2015-09-24 20:27 - 2014-09-22 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-09-23 21:03 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\Help
2015-09-22 20:35 - 2014-09-24 01:32 - 00000000 ____D C:\Temp
2015-09-22 20:35 - 2014-09-22 15:15 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-22 20:34 - 2014-09-26 00:16 - 00000000 ____D C:\MSI
2015-09-22 20:34 - 2014-09-26 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2015-09-22 20:34 - 2014-09-26 00:12 - 00000000 ____D C:\Program Files (x86)\MSI
2015-09-15 04:32 - 2014-10-17 18:44 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001UA
2015-09-15 04:32 - 2014-10-17 18:44 - 00003728 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001Core
2015-09-15 04:12 - 2014-09-22 23:59 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2015-09-15 04:12 - 2014-09-22 23:59 - 00001906 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2015-09-15 04:12 - 2014-09-22 23:59 - 00000000 ____D C:\Program Files (x86)\Garmin
2015-09-15 04:12 - 2014-09-21 21:27 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-15 03:18 - 2013-08-22 17:38 - 00812008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-15 03:18 - 2013-08-22 17:38 - 00178152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-14 02:29 - 2015-02-21 21:30 - 18543736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-09-14 02:29 - 2014-11-17 00:00 - 15513208 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-09-14 02:29 - 2014-09-22 15:15 - 17082928 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-09-14 02:29 - 2014-09-22 15:15 - 00112760 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-09-14 02:29 - 2014-09-22 15:15 - 00105080 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-09-14 02:29 - 2014-09-22 15:15 - 00033079 _____ C:\Windows\system32\nvinfo.pb
2015-09-14 00:09 - 2014-09-22 15:15 - 06884984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-09-14 00:09 - 2014-09-22 15:15 - 03496056 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-09-14 00:09 - 2014-09-22 15:15 - 02558584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-09-14 00:09 - 2014-09-22 15:15 - 00937776 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-09-14 00:09 - 2014-09-22 15:15 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-09-14 00:09 - 2014-09-22 15:15 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-09-11 14:17 - 2014-09-22 15:15 - 05231082 _____ C:\Windows\system32\nvcoproc.bin
2015-09-11 01:00 - 2014-10-24 23:29 - 00000038 _____ C:\Users\mongole\.lesshst
2015-09-11 00:23 - 2014-10-19 23:36 - 00000738 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ownCloud.lnk
2015-09-10 21:08 - 2013-08-22 16:44 - 00409384 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-10 21:07 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-10 21:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-09-10 20:58 - 2014-03-18 11:43 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-08 22:55 - 2014-09-22 21:36 - 00001771 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FossaMail.lnk
2015-09-08 22:55 - 2014-09-22 21:36 - 00000000 ____D C:\Program Files\FossaMail
2015-09-06 00:52 - 2015-06-22 22:15 - 00000992 _____ C:\Users\mongole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2015-09-05 20:14 - 2014-09-25 20:49 - 00000000 ____D C:\Users\mongole\Documents\My Games
2015-09-05 17:38 - 2014-10-24 23:35 - 00000000 ____D C:\Users\mongole\.VirtualBox
2015-09-05 09:16 - 2014-11-16 20:05 - 00000600 _____ C:\Users\mongole\AppData\Roaming\winscp.rnd
2015-09-04 19:49 - 2015-01-11 17:43 - 00034426 _____ C:\Users\mongole\Documents\default.xdb
2015-09-02 14:25 - 2015-07-25 19:36 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-08-31 23:15 - 2014-09-26 01:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPU-Z
==================== Files in the root of some directories =======
2014-11-16 20:05 - 2015-09-05 09:16 - 0000600 _____ () C:\Users\mongole\AppData\Roaming\winscp.rnd
2014-09-24 04:01 - 2014-10-28 08:45 - 0005632 _____ () C:\Users\mongole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-22 14:53 - 2015-04-12 14:56 - 0000000 _____ () C:\Users\mongole\AppData\Local\Driver_LOM_8161Present.flag
2015-03-01 01:39 - 2015-03-01 01:39 - 0000000 ___SH () C:\Users\mongole\AppData\Local\LumaEmu
2014-11-24 20:59 - 2015-09-28 20:56 - 0000600 _____ () C:\Users\mongole\AppData\Local\PUTTY.RND
2014-09-26 12:29 - 2015-02-18 01:23 - 0007600 _____ () C:\Users\mongole\AppData\Local\resmon.resmoncfg
2014-10-13 07:21 - 2014-10-13 07:21 - 0004222 _____ () C:\Users\mongole\AppData\Local\Shrew Soft VPN.7z
2015-09-27 12:00 - 2015-09-27 12:05 - 0000040 ___SH () C:\ProgramData\.zreglib
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-09-23 02:12
==================== End of FRST.txt ============================
|
|
29.09.2015, 12:41
| #9 |
| | Win 8.1: Trojaner eingefangenCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-09-2015 01
Ran by mongole (2015-09-29 13:39:15)
Running from C:\Users\mongole\Desktop
Windows 8.1 Enterprise (X64) (2014-09-21 19:21:30)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3859236888-2619314948-3413747170-500 - Administrator - Disabled)
Guest (S-1-5-21-3859236888-2619314948-3413747170-501 - Limited - Disabled)
mongole (S-1-5-21-3859236888-2619314948-3413747170-1001 - Administrator - Enabled) => C:\Users\mongole
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7+ Taskbar Tweaker v5.0 (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\7 Taskbar Tweaker) (Version: 5.0 - RaMMicHaeL)
7-Zip 15.05 beta x64 (HKLM\...\7-Zip) (Version: - )
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Act of Aggression (HKLM-x32\...\Act of Aggression_is1) (Version: - )
Activision(R) (x32 Version: 1.00.0000 - Activision) Hidden
ADBGUI6 (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\979922cacf20f967) (Version: 6.0.1.22 - URGERO.ORG)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.8 - Sereby Corporation)
Among The Sleep (HKLM-x32\...\Among The Sleep_is1) (Version: - )
And Yet It Moves (HKLM-x32\...\Steam App 18700) (Version: - Broken Rules)
Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.3.3 - Angry IP Scanner)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.6.4.0 - SlySoft)
Areca (HKLM-x32\...\Areca) (Version: - )
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version: - Studio Wildcard)
Assassins Creed Unity (HKLM-x32\...\QXNzYXNzaW5zQ3JlZWRVbml0eQ==_is1) (Version: 1 - )
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version: - AVM Berlin)
AxCrypt 1.7.3156.0 (HKLM\...\{8B49CDB9-824C-44D6-A5D3-D0235D3030B8}) (Version: 1.7.3156.0 - Axantum Software AB)
Battle vs. Chess (HKLM-x32\...\Battle vs. Chess_is1) (Version: 1.0 - Zuxxez Entertainment)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)
BIT.TRIP RUNNER (HKLM-x32\...\Steam App 63710) (Version: - Gaijin Games)
Bitcoin Core (32-bit) (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Bitcoin Core (32-bit)) (Version: 0.10.1 - Bitcoin Core project)
Bitcoin Core (64-bit) (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Bitcoin Core (64-bit)) (Version: 0.11.0 - Bitcoin Core project)
BleachBit (HKLM-x32\...\BleachBit) (Version: 1.8 - BleachBit)
Bloodsports TV (HKLM-x32\...\Bloodsports TV_is1) (Version: - )
Blur(TM) (HKLM-x32\...\InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}) (Version: 1.00.0000 - Activision)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
BtProx (HKLM-x32\...\BtProx) (Version: - Uri Kogan)
Call of Duty - Advanced Warfare (HKLM-x32\...\Call of Duty - Advanced Warfare_is1) (Version: - )
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios)
Citrix AppCenter (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.Citrix AppCenter) (Version: 1.0 - Delivered by Citrix)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.2.0.10 - Citrix Systems, Inc.)
Citrix Terminalserver (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@TS.Citrix Terminalserver) (Version: 1.0 - Delivered by Citrix)
Clam Sentinel 1.22 (HKLM-x32\...\{060FE577-1BDF-4330-ACCA-B6760AB07191}_is1) (Version: - Andrea Russo - Italy)
ClamWin Free Antivirus 0.98.7 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version: - alch)
Classic Shell (HKLM\...\{E289B7DD-6732-4333-A47A-75A145D23EE3}) (Version: 4.2.4 - IvoSoft)
Clink v0.4.2 (HKLM-x32\...\clink_0.4.2) (Version: 0.4.2 - Martin Ridgers)
Closure (HKLM-x32\...\Steam App 72000) (Version: - Eyebrow Interactive)
Clover 3.0 (HKLM-x32\...\Clover) (Version: 3.0 - EJIE Technology)
cmd (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.cmd) (Version: 1.0 - Delivered by Citrix)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
ConEmu (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.ConEmu) (Version: 1.0 - Delivered by Citrix)
ConEmu 150913.x64 (HKLM\...\{FE293547-3E5B-4E1F-B9A8-724C4881CA22}) (Version: 11.150.9130 - ConEmu-Maximus5)
Contagion (HKLM-x32\...\Steam App 238430) (Version: - Monochrome, Inc)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version: - Nexon)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
CPUID CPU-Z 1.73 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
DBOX2 Image-Flashing-Assistent 3.1 (HKLM-x32\...\DBOX2 Image-Flashing-Assistent_is1) (Version: - Hallenberg.com)
Dead Island (HKLM-x32\...\Steam App 91310) (Version: - Techland)
DEAD OR ALIVE 5 Last Round (HKLM-x32\...\REVBRE9SQUxJVkU1TGFzdFJvdW5k_is1) (Version: 1 - )
Dead Rising 3 (HKLM-x32\...\Dead Rising 3_is1) (Version: - )
Depth (HKLM-x32\...\Steam App 274940) (Version: - Digital Confectioners)
Desura (HKLM-x32\...\Desura) (Version: 100.59 - Desura)
DigiTweet (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\7d5aa0ba8fedecb4) (Version: 1.0.0.59 - Digiflare Inc.)
DiskCryptor 1.1 (HKLM\...\DiskCryptor_is1) (Version: 1.1 - hxxp://diskcryptor.net/)
DiskInternals Linux Reader (HKLM-x32\...\DiskInternals Linux Reader) (Version: 2.2 - DiskInternals Research)
Ditto (HKLM\...\Ditto_is1) (Version: - Scott Brogden)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
DS Storage Manager 10 (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.DS Storage Manager 10) (Version: 1.0 - Delivered by Citrix)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
Duke Nukem 3D: Megaton Edition (HKLM-x32\...\Steam App 225140) (Version: - 3D Realms)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version: - Trendy Entertainment)
Duplicati (x64) (HKLM\...\{77BA8977-0BA6-4A83-A741-1DFAD23A6B23}) (Version: 1.3.4 - HexaD)
Dying Light (HKLM-x32\...\Dying Light_is1) (Version: - )
Dying Light Update v1.4.0 (HKLM-x32\...\RHlpbmdMaWdodA==_is1) (Version: 1 - )
Elevated Installer (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
EMET 5.2 (HKLM-x32\...\{F4DCB44D-F072-43A1-B4A5-57619C7B22D2}) (Version: 5.2 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Exact Audio Copy 1.1 (HKLM-x32\...\Exact Audio Copy) (Version: 1.1 - Andre Wiethoff)
f.lux (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Flux) (Version: - )
Fahrenheit Indigo Prophecy Remastered (HKLM-x32\...\Fahrenheit Indigo Prophecy Remastered_is1) (Version: - )
Far Cry 4 (HKLM-x32\...\Far Cry 4_is1) (Version: - )
Far Cry 4 Valley of the Yeti Addon (HKLM-x32\...\RmFyQ3J5NA==_is1) (Version: 1 - )
FileZilla Client 3.12.0.2 (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\FileZilla Client) (Version: 3.12.0.2 - Tim Kosse)
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.53 - FileZilla Project)
Firefox (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.Firefox) (Version: 1.0 - Delivered by Citrix)
FlatOut: Ultimate Carnage (HKLM-x32\...\Steam App 12360) (Version: - Bugbear Entertainment)
foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
FORCED (HKLM-x32\...\Steam App 249990) (Version: - BetaDwarf)
FossaMail 25.1.7 (x64 en-US) (HKLM\...\FossaMail 25.1.7 (x64 en-US)) (Version: 25.1.7 - Mozilla)
Free Download Manager 3.9.6 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
FTPRush 2.1.8 (HKLM-x32\...\FTP Rush_is1) (Version: 2.1.8 - wftpserver.com)
G DATA USB KEYBOARD GUARD (HKLM-x32\...\{D8CBD59F-B29D-4E38-9D66-DEAEAB473FA9}) (Version: 1.1.0.4 - G DATA Software AG)
Garmin Express (HKLM-x32\...\{44d9dfc0-3a4a-4439-870f-f97550a9bc8d}) (Version: 4.1.8.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Geometry Dash (HKLM-x32\...\R2VvbWV0cnlEYXNo_is1) (Version: 1 - )
GlassWire 1.1 (remove only) (HKLM-x32\...\GlassWire 1.1) (Version: 1.1.21 - SecureMix LLC)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version: - Coffee Stain Studios)
Google Chrome Canary (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Google Chrome SxS) (Version: 47.0.2522.1 - Google Inc.)
Gow (HKLM-x32\...\Gow) (Version: - )
Gpg4win (2.2.4) (HKLM-x32\...\GPG4Win) (Version: 2.2.4 - The Gpg4win Project)
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version: - Rockstar North)
Greenshot 1.2.6.7 (HKLM\...\Greenshot_is1) (Version: 1.2.6.7 - Greenshot)
Gtk# for .Net 2.12.22 (HKLM-x32\...\{06AF6533-F201-47C0-8675-AAAE5CB81B41}) (Version: 2.12.22 - Xamarin, Inc.)
Guacamelee! Super Turbo Championship Edition (HKLM-x32\...\1207665733_is1) (Version: 2.0.0.1 - GOG.com)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Halite (HKLM\...\{A6E8D850-4C28-4C6F-8B69-1109D0709F29}) (Version: 0.4.02 - BinaryNotions.com)
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
HashCheck Shell Extension (x86-32) (HKLM-x32\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
HashCheck Shell Extension (x86-64) (HKLM\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
Hatred Survival Addon (HKLM-x32\...\SGF0cmVk_is1) (Version: 1 - )
HexChat (HKLM\...\HexChat_is1) (Version: 2.10.2 - HexChat)
How to Survive (HKLM-x32\...\Steam App 250400) (Version: - EKO Software)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.16.0.001 - HTC Corporation)
i2pd version 0.2.1 (HKLM\...\i2pd_is1) (Version: 0.2.1 - )
iNFekt NFO Viewer (HKLM\...\{B1AC8E6A-6C47-4B6D-A853-B4BF5C83421C}_is1) (Version: 0.9.5 - syndicode)
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{84A2B59B-6A7B-4C01-8592-15C9BFE6AC36}) (Version: 2.4.3 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
IrfanView 64 (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
Jamestown (HKLM-x32\...\Steam App 94200) (Version: - Final Form Games)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Jitsi (HKLM\...\{1069D709-EDA7-472D-A5EE-97C8E3E398AB}) (Version: 2.8.5426 - Jitsi)
JSignPdf 1.6.1 (HKLM-x32\...\JSignPdf_is1) (Version: 1.6.1 - Josef Cacek)
KeePass Password Safe 2.29 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.29 - Dominik Reichl)
Killer Bandwidth Control Filter Driver (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer E220x Drivers (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer Network Manager (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.54.1095 - Qualcomm Atheros)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
LibreOffice 5.0.1.2 (HKLM\...\{A18CF6D8-7CE1-46F2-85B9-D87B7197B2F6}) (Version: 5.0.1.2 - The Document Foundation)
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.8.6.2 - Hermann Schinagl)
Logitech Gaming Software 8.72 (HKLM\...\Logitech Gaming Software) (Version: 8.72.107 - Logitech Inc.)
Loxone Config (HKLM-x32\...\LoxoneConfig_is1) (Version: 6.3 - Loxone Electronics GmbH)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MediaInfo 0.7.77 (HKLM\...\MediaInfo) (Version: 0.7.77 - MediaArea.net)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.2 (HKLM-x32\...\{06C90FCC-4C95-4142-A0AF-D3A4C12882DE}_is1) (Version: 1.2 - Sam Rodberg)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Firefox 40.0.3 (x86 de) (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
MSI Command Center (HKLM-x32\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 1.0.1.00 - MSI)
MSI ECO Center (HKLM-x32\...\{1E55202F-4D31-498A-8F72-97DCBA9F2866}_is1) (Version: 1.0.0.35 - MSI)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.1.008 - MSI)
Mumble 1.3.0 (HKLM\...\{006B90FD-7E67-4908-A718-9B87B875DD04}) (Version: 1.3.0 - The Mumble team)
My Game Long Name (HKLM\...\UDK-348e5299-f952-4ecf-bb48-70a2184543c0) (Version: - Epic Games, Inc.)
Namecoin 0.3.80 (HKLM-x32\...\Namecoin_is1) (Version: - )
Next Car Game Sneak Peek 2.0 (HKLM-x32\...\Steam App 272860) (Version: - Bugbear)
Next Car Game: Wreckfest (HKLM-x32\...\Steam App 228380) (Version: - Bugbear)
Nidhogg (HKLM-x32\...\Steam App 94400) (Version: - Messhof)
Nmap 6.47 (HKLM-x32\...\Nmap) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8 - Notepad++ Team)
NVIDIA Grafiktreiber 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.98 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
O&O Defrag Professional (HKLM\...\{46CD29D7-580C-4E2E-8469-BD7F7CB1CCF8}) (Version: 18.0.39 - O&O Software GmbH)
Oddworld - New 'n' Tasty (HKLM-x32\...\1424782569_is1) (Version: 2.0.0.1 - GOG.com)
OlliOlli (HKLM-x32\...\T2xsaU9sbGk=_is1) (Version: 1 - )
Online Plug-in (x32 Version: 14.2.0.10 - Citrix Systems, Inc.) Hidden
Oracle VM VirtualBox 5.0.0 (HKLM\...\{FCD0B365-2189-45F3-9AF2-2BCED86C121A}) (Version: 5.0.0 - Oracle Corporation)
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version: - Robot Entertainment)
Ori and the Blind Forest (HKLM-x32\...\Ori and the Blind Forest_is1) (Version: - )
ownCloud (HKLM-x32\...\ownCloud) (Version: 2.0.1.5446 - ownCloud)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Pale Moon 25.7.0 (x64 en-US) (HKLM\...\Pale Moon 25.7.0 (x64 en-US)) (Version: 25.7.0 - Moonchild Productions)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge)
PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.312.1 - Tracker Software Products (Canada) Ltd.)
PeaZip 5.7.0 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: - Giorgio Tani)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Peerunity (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Peerunity) (Version: 0.1.0.0 - Peerunity project)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.11 - )
pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
Pillars of Eternity (HKLM-x32\...\1207666813_is1) (Version: 2.0.0.1 - GOG.com)
PNGGauntlet (HKLM-x32\...\{B2D251E2-A78B-42C2-9D94-695A8CCC17E9}) (Version: 3.1.1 - Ben Hollis)
PokerTH (HKLM-x32\...\PokerTH 1.1.1) (Version: 1.1.1 - www.pokerth.net)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version: - Running With Scissors)
Pro Evolution Soccer 2015 GERMAN (HKLM-x32\...\UHJvRXZvbHV0aW9uU29jY2VyMjAxNQ==_is1) (Version: 1 - )
Process Hacker 2.36 (r6153) (HKLM\...\Process_Hacker2_is1) (Version: 2.36.0.6153 - wj32)
Psi (remove only) (HKLM-x32\...\Psi) (Version: - )
Putty (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.Putty) (Version: 1.0 - Delivered by Citrix)
qBittorrent 3.2.3 (HKLM-x32\...\qBittorrent) (Version: 3.2.3 - The qBittorrent project)
QNAP Qfinder (HKLM-x32\...\QNAP_FINDER) (Version: 5.0.1.0225 - QNAP Systems, Inc.)
QuickSFV (Remove only) (HKLM\...\QuickSFV) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)
Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.5 - Rockstar Games)
SABnzbd 0.7.20 (HKLM-x32\...\SABnzbd) (Version: 0.7.20 - The SABnzbd Team)
Saints Row: Gat out of Hell (HKLM-x32\...\U2FpbnRzUm93R2F0b3V0b2ZIZWxs_is1) (Version: 1 - )
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.51.00(19.06.2014) - Samsung Electronics Co., Ltd.)
Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.05.07 (20.07.2012) - Samsung Electronics Co., Ltd.)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.05.00 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.19.0 - Samsung Electronics Co., Ltd.)
Sandboxie 4.20 (64-bit) (HKLM\...\Sandboxie) (Version: 4.20 - Sandboxie Holdings, LLC)
Self-Service Plug-in (x32 Version: 4.2.0.2495 - Citrix Systems, Inc.) Hidden
SERVER-MGMT Desktop (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.SERVER-MGMT Desktop) (Version: 1.0 - Delivered by Citrix)
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version: - )
Sir You Are Being Hunted v1.3 64BiT version 1.3 (HKLM-x32\...\Sir You Are Being Hunted v1.3 64BiT_is1) (Version: 1.3 - WaLMaRT)
SOMA (HKLM\...\U09NQQ==_is1) (Version: 1 - )
Sonic & All-Stars Racing Transformed (HKLM-x32\...\Steam App 212480) (Version: - Sumo Digital)
Sound Blaster Z-Series (HKLM-x32\...\{47F19FB5-6878-4AE4-9313-446335E334D8}) (Version: 1.00.24 - Creative Technology Limited)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
Spaz (HKLM-x32\...\Spaz.AIR.16CB261D461B1CA2027F7C39946115FA2DC8CD7F.1) (Version: 0.9.24 - UNKNOWN)
Spaz (x32 Version: 0.9.24 - UNKNOWN) Hidden
Spintires (HKLM-x32\...\Spintires_is1) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.9811 - Krzysztof Kowalczyk)
Synergy (64-bit) (HKLM\...\{FDD88467-9C61-4E2D-BA69-2A89735A21CC}) (Version: 1.5.0 - The Synergy Project)
System Shock 2 (HKLM-x32\...\Steam App 238210) (Version: - Irrational Games)
TagScanner 5.1.668 (HKLM-x32\...\TagScanner_is1) (Version: - Sergey Serkov)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Tembo the Badass Elephant (HKLM-x32\...\Tembo the Badass Elephant_is1) (Version: - )
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Evil Within (HKLM-x32\...\VGhlRXZpbFdpdGhpbg==_is1) (Version: 1 - )
The Vanishing of Ethan Carter (HKLM-x32\...\The Vanishing of Ethan Carter_is1) (Version: - )
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version: - Telltale Games)
The Witcher 3 Wild Hunt (HKLM-x32\...\The Witcher 3 Wild Hunt_is1) (Version: - )
TOXIKK (HKLM-x32\...\Steam App 324810) (Version: - Reakktor Studios)
TrackMania² Stadium (HKLM-x32\...\Steam App 232910) (Version: - Nadeo)
Transmission Remote GUI 5.0.1 (HKLM-x32\...\transgui_is1) (Version: - Yury Sidorov)
Trials Fusion - After the Incident (HKLM-x32\...\Trials Fusion - After the Incident_is1) (Version: - )
Trials Fusion - Fire in the Deep (HKLM-x32\...\Trials Fusion - Fire in the Deep_is1) (Version: - )
Trials Fusion (HKLM-x32\...\Trials Fusion_is1) (Version: - )
Trine 3 The Artifacts of Power (HKLM-x32\...\Trine 3 The Artifacts of Power_is1) (Version: - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TV-Browser 3.4.1.0 (HKLM-x32\...\tvbrowser) (Version: 3.4.1.0 - TV-Browser Team)
Ultratron (HKLM-x32\...\Steam App 219190) (Version: - Puppygames)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.2.0.6 - uvnc bvba)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Universal Management Suite Administrator (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.Universal Management Suite Administrat) (Version: 1.0 - Delivered by Citrix)
Universal Management Suite Console (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.Universal Management Suite Console) (Version: 1.0 - Delivered by Citrix)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Unreal Tournament: Game of the Year Edition (HKLM-x32\...\Steam App 13240) (Version: - Epic Games, Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.0f-2 - IDRIX)
Vim 7.4.711 (HKLM-x32\...\Vim) (Version: - )
VirtuaWin Unicode v4.4 (HKLM-x32\...\VirtuaWin_is1) (Version: - )
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware vSphere Client (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.VMware vSphere Client) (Version: 1.0 - Delivered by Citrix)
VNC (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.VNC) (Version: 1.0 - Delivered by Citrix)
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft)
WATCH_DOGS Update v1.04.497 (HKLM-x32\...\V0FUQ0hfRE9HUw==_is1) (Version: 1 - )
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.0 - Sysprogs)
WinDirStat 1.1.2 (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\WinDirStat) (Version: - )
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinSCP 5.7.4 (HKLM-x32\...\winscp3_is1) (Version: 5.7.4 - Martin Prikryl)
Wippien 2.5 (HKLM\...\A4DA3EE7-C6FC-44AD-9E47-9A4D3B0099D3_is1) (Version: - )
Wireshark 1.12.7 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.7 - The Wireshark developer community, hxxp://www.wireshark.org)
Worms Reloaded (HKLM-x32\...\Steam App 22600) (Version: - Team17 Software Ltd.)
XCA (X Certificate and Key Management) (HKLM-x32\...\xca) (Version: 1.2.0 - Christian Hohnstaedt <christian@hohnstaedt.de>)
YubiKey Personalization Tool (HKLM-x32\...\yubikey-personalization-gui) (Version: 3.1.18 - Yubico AB)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{1BEAC3E3-B852-44F4-B468-8906C062422E}\localserver32 -> C:\Users\mongole\AppData\Local\Google\Chrome SxS\Application\47.0.2522.1\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{65713842-C410-4f44-8383-BFE01A398C90}\InprocServer32 -> m:\Program Files (x86)\ClamWin\bin\ExpShell64.dll ()
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> M:\Program Files\MediaInfo\MediaInfo_InfoTip.dll (MediaArea.net)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{B3F5EDE0-4267-49eb-A775-799895476453}\InprocServer32 -> m:\Program Files\iNFekt\infekt-nfo-shell.dll (syndicode)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{B8D080EE-9541-460f-A1AE-7C43CDA96C0F}\InprocServer32 -> m:\Program Files\iNFekt\infekt-nfo-shell.dll (syndicode)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
==================== Restore Points =========================
29-09-2015 13:31:00 JRT Pre-Junkware Removal
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2015-09-11 01:01 - 00002659 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 a-0001.a-msedge.net
127.0.0.1 choice.microsoft.com
127.0.0.1 choice.microsoft.com.nsatc.net
127.0.0.1 compatexchange.cloudapp.net
127.0.0.1 corp.sts.microsoft.com
127.0.0.1 corpext.msitadfs.glbdns2.microsoft.com
127.0.0.1 cs1.wpc.v0cdn.net
127.0.0.1 df.telemetry.microsoft.com
127.0.0.1 diagnostics.support.microsoft.com
127.0.0.1 fe2.update.microsoft.com.akadns.net
127.0.0.1 feedback.microsoft-hohm.com
127.0.0.1 feedback.search.microsoft.com
127.0.0.1 feedback.windows.com
127.0.0.1 i1.services.social.microsoft.com
127.0.0.1 i1.services.social.microsoft.com.nsatc.net
127.0.0.1 oca.telemetry.microsoft.com
127.0.0.1 oca.telemetry.microsoft.com.nsatc.net
127.0.0.1 pre.footprintpredict.com
127.0.0.1 redir.metaservices.microsoft.com
127.0.0.1 reports.wes.df.telemetry.microsoft.com
127.0.0.1 services.wes.df.telemetry.microsoft.com
127.0.0.1 settings-sandbox.data.microsoft.com
127.0.0.1 sls.update.microsoft.com.akadns.net
127.0.0.1 sqm.df.telemetry.microsoft.com
127.0.0.1 sqm.telemetry.microsoft.com
127.0.0.1 sqm.telemetry.microsoft.com.nsatc.net
127.0.0.1 statsfe1.ws.microsoft.com
127.0.0.1 statsfe2.update.microsoft.com.akadns.net
127.0.0.1 statsfe2.ws.microsoft.com
There are 14 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03AA455F-D91A-487D-91C6-2E460B1F5E08} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-25] (Dropbox, Inc.)
Task: {2E2385AA-5866-465A-8E65-9F4B95924710} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-08-13] ()
Task: {3930A1E9-B5C5-4B6C-A1E4-460A2E7CF383} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-09-11] ()
Task: {613F8E20-CB4F-4A29-A577-4785ED6840B1} - System32\Tasks\iSCSIAgentAutoStartup => m:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe [2015-02-25] ()
Task: {615C2D13-ECEC-4A3E-911F-12FF2E00F912} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001UA => C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {7EAD4639-8D71-41EC-A19B-50076B0EA426} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-04-09] ()
Task: {81721326-32A8-497D-B7E2-EAA4F81A8C59} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {88BFD09E-2004-42B8-8D29-4B8325C763B5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001Core => C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A361FEBF-4CF1-4B2D-9111-ADFE0688E332} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-25] (Dropbox, Inc.)
Task: {BD167EBE-9142-4D67-A1BA-B3D5A4DE701B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {D6E457A3-1C07-467F-AF60-227380CA1A9B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-04-09] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001Core.job => C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001UA.job => C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2015-09-23 21:04 - 2006-02-23 11:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2015-09-23 21:04 - 2006-02-22 10:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll
2014-10-02 18:47 - 2014-04-16 10:22 - 00029184 _____ () C:\Windows\System32\usp01l.dll
2015-06-19 03:31 - 2015-06-19 03:31 - 00059392 _____ () m:\Program Files (x86)\ownCloud\shellext\OCUtil_x64.dll
2004-09-30 20:15 - 2004-09-30 20:15 - 00192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2015-07-09 19:32 - 2015-07-09 19:32 - 00043480 _____ () m:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () c:\Program Files\Unlocker\UnlockerCOM.dll
2014-09-23 00:28 - 2008-04-19 16:35 - 00080384 _____ () m:\Program Files (x86)\ClamWin\bin\ExpShell64.dll
2015-04-15 22:13 - 2015-04-15 22:13 - 00222720 _____ () m:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-03-16 21:35 - 2015-08-27 23:19 - 04091904 _____ () C:\Program Files\Pale Moon\mozjs.dll
2014-10-02 18:49 - 2013-10-04 06:53 - 00734720 _____ () C:\Windows\system32\SnMinDrv.dll
2013-11-26 11:05 - 2013-11-26 11:05 - 00091136 _____ () C:\Windows\system32\SSDEVM64.DLL
2014-11-10 12:12 - 2014-11-10 12:12 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-07-09 19:32 - 2015-07-09 19:32 - 00039384 _____ () m:\Program Files\FileZilla FTP Client\fzshellext.dll
2004-09-30 19:09 - 2004-09-30 19:09 - 00155648 _____ () C:\Program Files\LinkShellExtension\32\RockallDLL.dll
==================== Alternate Data Streams (Whitelisted) =========
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk"
HKLM\...\StartupApproved\StartupFolder: => "BtProx.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Duplicati.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "OODefragTray"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "Command Center"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKLM\...\StartupApproved\Run32: => "CitrixReceiver"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\StartupApproved\StartupFolder: => "Citrix Receiver.lnk"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\StartupApproved\Run: => "LoxCONTROL"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{93A9D61A-C2CC-45FF-9736-23793DA77273}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{EA127691-ADB9-4F0B-B0FD-AB5EB632C67B}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{8F4D2F0C-BD4C-4B4D-90B3-77B222762829}] => (Allow) M:\Games\Steam\Steam.exe
FirewallRules: [{4E343A9F-EC5D-4F7A-8CF1-A750E276C07E}] => (Allow) M:\Games\Steam\Steam.exe
FirewallRules: [{03902AB5-B25F-45BB-8C16-90E425BC2AC2}] => (Allow) M:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{CC3563A8-7E9C-4CAF-8936-7B50032964E1}] => (Allow) M:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{D93BFC92-376E-42BD-A029-95D881FE2B20}] => (Block) M:\Games\Among The Sleep\Among the Sleep.exe
FirewallRules: [TCP Query User{CAE86FAE-9634-437F-958D-172A40D9404E}M:\program files\hexchat\hexchat.exe] => (Allow) M:\program files\hexchat\hexchat.exe
FirewallRules: [UDP Query User{FE4563EA-3D80-47A8-9586-E5C4EC0C6091}M:\program files\hexchat\hexchat.exe] => (Allow) M:\program files\hexchat\hexchat.exe
FirewallRules: [TCP Query User{0CB8D9BD-342F-4B68-BD34-EB0E126ABF8A}M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe] => (Allow) M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe
FirewallRules: [UDP Query User{6F261233-0EAF-4602-921B-0E348756F6B6}M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe] => (Allow) M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe
FirewallRules: [{719F55C5-3B05-428D-96A8-5B992A9FA14D}] => (Block) M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe
FirewallRules: [{5F409192-87EA-4082-9F85-245A307D55F7}] => (Block) M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe
FirewallRules: [{D5ACBDDB-67C1-49A2-8DD2-A912B57697E6}] => (Allow) M:\Games\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{B93FC633-5D81-4906-B52D-992178B5A689}] => (Allow) M:\Games\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{5750AFC2-4E6C-44ED-8940-A0FB8632D288}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Next Car Game.exe
FirewallRules: [{A966AA43-3589-4B86-9F65-D76F57E936D3}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Next Car Game.exe
FirewallRules: [{E8CB60F1-2C74-461C-BC20-8C3CF692EAEB}] => (Allow) M:\Games\Steam\SteamApps\common\Next Car Game Sneak Peek 2.0\Next Car Game Technology Sneak Peek.exe
FirewallRules: [{5CE349E4-8246-4224-8DBB-20676A117AA4}] => (Allow) M:\Games\Steam\SteamApps\common\Next Car Game Sneak Peek 2.0\Next Car Game Technology Sneak Peek.exe
FirewallRules: [{0E5E3A5F-1470-43D5-8183-A413609E76F6}] => (Allow) M:\Games\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [{B05D355A-5BDF-4A17-9416-D4F8509096BF}] => (Allow) M:\Games\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [{1DC7625F-FFD6-4C6A-81C4-10DF996F4983}] => (Allow) M:\Games\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
FirewallRules: [{FDCB3062-A859-4F1F-B8C2-D1C7B61DD02E}] => (Allow) M:\Games\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
FirewallRules: [{24B729FF-C01B-4FFA-B936-F6B312CA1E54}] => (Allow) M:\Games\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [{B9E06E7D-CBBE-4B5A-AF0C-64C519220453}] => (Allow) M:\Games\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [TCP Query User{AE566132-E296-40EC-B222-BA8946B8B0BA}C:\users\mongole\downloads\elemental\elemental\windowsnoeditor\elemental\binaries\win64\elemental.exe] => (Block) C:\users\mongole\downloads\elemental\elemental\windowsnoeditor\elemental\binaries\win64\elemental.exe
FirewallRules: [UDP Query User{57B759ED-0472-4B12-905F-FD888F0BC24F}C:\users\mongole\downloads\elemental\elemental\windowsnoeditor\elemental\binaries\win64\elemental.exe] => (Block) C:\users\mongole\downloads\elemental\elemental\windowsnoeditor\elemental\binaries\win64\elemental.exe
FirewallRules: [{D9FD30EB-C8EE-4679-8631-82DA268DCDD1}] => (Block) M:\Games\WATCH_DOGS\bin\watch_dogs.exe
FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-UDP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe
FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-TCP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe
FirewallRules: [TCP Query User{E04BA44D-E370-4EAA-9F3E-E484073EC533}M:\program files (x86)\ftprush\ftprush.exe] => (Allow) M:\program files (x86)\ftprush\ftprush.exe
FirewallRules: [UDP Query User{B3FA4B4F-5058-4652-9ECF-7A45B1ED2283}M:\program files (x86)\ftprush\ftprush.exe] => (Allow) M:\program files (x86)\ftprush\ftprush.exe
FirewallRules: [{187BB2E4-41B5-4F8C-BA26-B6F5187611FB}] => (Block) M:\Games\Trials Fusion\datapack\trials_fusion.exe
FirewallRules: [{DF7EBA93-CD1B-41F7-9817-2711459CC6BE}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{CC547B3F-96A2-4889-8F80-E2B1E7761801}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher64.exe
FirewallRules: [{1572EA49-ADE2-4C38-B281-79ADA014E6BA}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe
FirewallRules: [{DD90AC4E-1894-4727-9669-3A2599B31227}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\UplayCrashReporter.exe
FirewallRules: [{C58F9CFE-6A73-4F16-BF2C-42100D2E24A9}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\UplayService.exe
FirewallRules: [{CE0A13B8-58DC-4E41-A17F-60BEC59C6D5C}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
FirewallRules: [{6467AF19-0EE0-449E-8267-AE1CD9FE6C86}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{5E71C38C-12C2-4525-8368-140E9B0651AD}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{0553671B-D681-465E-8217-729E0B9F5C08}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{7355E8BA-3A49-4D2A-A914-EDDCD09092C0}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{FE8477E1-BFB5-453B-863E-18C87C49DCBD}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{92253110-3C21-46F0-8956-04F4818BB5D4}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{9AEE164A-094B-4D25-8C64-9B7312BF8F71}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{91376A69-DDA3-4AFD-B0D3-9FC1FB13118A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{F3706D39-519D-4DC5-A6F0-03ED0353321D}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{6A291437-DBEF-41BF-82FA-20FE0F40FFD5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{596DE404-29BE-48C7-8E0C-6F13A916F82E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{DDB25983-DA26-4F5D-B66A-E761589812EF}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{8B657919-489F-4601-A7FA-A2C6882D5FBB}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{2E8EAB9A-4AE2-4749-98B3-F4738A3DCF8A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{5F93B048-8BE3-42D9-8C18-95860B649000}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{3AC94CCE-9D93-4B37-AF99-D3B91E6C41E8}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{03888570-F02F-4B35-9B7A-7F824E874BC6}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{29F927E9-7C77-418E-AE49-6C49E7AB9938}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{F6A58D82-03B3-42D4-8572-307AB1778ADF}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
FirewallRules: [{D6BE42DA-F290-428D-8B53-B4D9A123D3A6}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{0DA83BAE-4CA8-48BB-994E-C5734FCD17BA}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{22500A13-0509-46B6-A1EA-DD384F13EFFC}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{A4C092C3-FD50-4497-9B03-2B986FD0610A}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{89B65D33-CB91-48E4-BB0F-7196148D003A}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{225FCD44-2F72-459E-A061-61C61B6BFB96}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{031901DB-691B-4225-AAEB-3B3012E0944B}] => (Block) M:\Games\Dead Rising 3\deadrising3.exe
FirewallRules: [{2FAA661B-FFE6-4E30-A795-45F4AFB1B5A3}] => (Allow) M:\Program Files\ShrewSoft\VPN Client\ipseca.exe
FirewallRules: [{A44800DD-9F6E-423E-A920-F28BF6394155}] => (Allow) M:\Program Files\ShrewSoft\VPN Client\ipseca.exe
FirewallRules: [{41A10A08-83DA-4902-AF3C-DFC140F9C2C1}] => (Allow) M:\Program Files\ShrewSoft\VPN Client\ipseca.exe
FirewallRules: [{548FF84B-1FD0-4B4B-B59F-6C4480ADA871}] => (Allow) M:\Program Files\ShrewSoft\VPN Client\ipseca.exe
FirewallRules: [TCP Query User{0B0F6C9B-A509-4A31-BDD0-DA090D38544A}M:\program files\bitcoin\bitcoin-qt.exe] => (Allow) M:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{D0F9293A-D5F9-4176-942A-14B0EE6FEFE2}M:\program files\bitcoin\bitcoin-qt.exe] => (Allow) M:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [TCP Query User{BA7F7F90-0A5D-4836-886C-7945BF025249}M:\program files (x86)\peerunity\peerunity.exe] => (Allow) M:\program files (x86)\peerunity\peerunity.exe
FirewallRules: [UDP Query User{593D609D-BB99-4C92-ACFA-2242B473087F}M:\program files (x86)\peerunity\peerunity.exe] => (Allow) M:\program files (x86)\peerunity\peerunity.exe
FirewallRules: [TCP Query User{353B3934-877C-444F-BB0F-05353D29F238}M:\games\rayman legends\rayman legends.exe] => (Block) M:\games\rayman legends\rayman legends.exe
FirewallRules: [UDP Query User{9E489310-FB55-422F-B256-C07A6B3464B9}M:\games\rayman legends\rayman legends.exe] => (Block) M:\games\rayman legends\rayman legends.exe
FirewallRules: [{7C448746-1ABA-4171-92D1-B3C1AEE15EBB}] => (Allow) M:\Games\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{52BA6252-B166-4F45-A26E-C3B5AABBDBEE}] => (Allow) M:\Games\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{3DCF4608-5EAA-49A7-A339-352A5D3088B8}] => (Allow) M:\Games\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{CDFD4323-40AF-4BAB-88A1-98CD9DACA9E6}] => (Allow) M:\Games\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{741DCFA0-D75A-4400-9429-AB0E47BA78AB}] => (Allow) M:\Games\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{C033527A-5BEA-412A-91A3-A7B812159165}] => (Allow) M:\Games\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{6D6FD5E4-BEEB-4E3C-8ED6-EC25A7FA8D90}] => (Allow) M:\Games\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{424FC9EB-D860-43BC-9F4C-CA7DF1D47A1F}] => (Allow) M:\Games\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [TCP Query User{A007A484-31C1-423A-9741-EF0F102E0A04}M:\program files (x86)\dbox_ifa\dbox_ifa.exe] => (Allow) M:\program files (x86)\dbox_ifa\dbox_ifa.exe
FirewallRules: [UDP Query User{F8D760CE-F07C-4D75-A223-7D3030BA4191}M:\program files (x86)\dbox_ifa\dbox_ifa.exe] => (Allow) M:\program files (x86)\dbox_ifa\dbox_ifa.exe
FirewallRules: [TCP Query User{B3D764C2-6B42-4AE0-BB14-E57855C49C81}M:\program files\ditto\ditto.exe] => (Block) M:\program files\ditto\ditto.exe
FirewallRules: [UDP Query User{2208B81E-9862-45CE-BF00-E06B06FE42FC}M:\program files\ditto\ditto.exe] => (Block) M:\program files\ditto\ditto.exe
FirewallRules: [TCP Query User{B118B254-1E4A-45DB-8896-42FE882592CE}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [UDP Query User{3E3D3325-65CD-4204-9FB0-7A6BC89025CD}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [{37A7B427-CA8B-436B-948B-201604E87AD3}] => (Allow) M:\Games\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{F0EB2202-4591-410F-BEF5-EACB99F653BB}] => (Allow) M:\Games\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{77B53A83-3F0C-4BE1-9B34-3942C55AEFF3}] => (Allow) M:\Games\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{567CA49D-EF01-4354-A9C0-A94A8C3DEB04}] => (Allow) M:\Games\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{22489C17-4A10-47E6-9DDB-40A465130AB7}] => (Allow) M:\Games\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{6F3316D0-397D-4AF4-94B5-146DCED31F04}] => (Allow) M:\Games\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{6E18E2EC-EB19-434D-A845-71DF8B3A0254}] => (Allow) M:\Games\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{635EC92B-D555-4026-B744-280CFA96E10B}] => (Allow) M:\Games\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{BE9DB318-4890-4372-856E-41EC1D7EECD2}] => (Allow) M:\Games\Blur(TM)\Blur.exe
FirewallRules: [{EA2E5CD4-23B2-4AF6-B156-3A573CAAED7D}] => (Allow) M:\Games\Blur(TM)\Blur.exe
FirewallRules: [{C5E3C8F5-A371-4923-9449-8092826FED5A}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Wreckfest.exe
FirewallRules: [{49E3C0FF-AD6A-4AEC-93B4-2B7E1BC9C30C}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Wreckfest.exe
FirewallRules: [{2D8BE52D-6E74-41E7-8588-8C529C454005}] => (Allow) M:\Games\Steam\SteamApps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{1DB302D7-6BF1-4DA4-BB7A-C8CF7C4BCAA2}] => (Allow) M:\Games\Steam\SteamApps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{EF65FD05-429F-486A-BE80-CAA534F858BB}] => (Block) M:\Games\The Vanishing of Ethan Carter\Binaries\Launcher.exe
FirewallRules: [{70DC3DBF-8E54-4852-AF6B-CA74585DDA34}] => (Block) M:\Games\The Vanishing of Ethan Carter\Binaries\Win32\AstronautsGame-Win32-Shipping.exe
FirewallRules: [{3CFBC750-DEBE-4991-B4F7-98EC7E5E110A}] => (Block) M:\Games\The Vanishing of Ethan Carter\Binaries\Win64\AstronautsGame-Win64-Shipping.exe
FirewallRules: [TCP Query User{DA619417-710D-4B45-AD6E-517A45D28327}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{9462B7D4-F5FB-489A-8C57-2D9CB066A4D0}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{B34AA0A5-85B1-418F-A075-CD9E6F6D16BD}M:\program files\i2pd\i2pd.exe] => (Allow) M:\program files\i2pd\i2pd.exe
FirewallRules: [UDP Query User{605315F6-8373-4389-BF68-C5A8EEF0AEAD}M:\program files\i2pd\i2pd.exe] => (Allow) M:\program files\i2pd\i2pd.exe
FirewallRules: [{AB1A890A-2AC5-4123-B154-4EF5B2AEB26B}] => (Block) M:\Games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{2E47CA85-99A9-4F88-B23A-8E12B8997BFF}] => (Block) M:\Games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{3089E656-5C03-4363-83C3-E7FA683A8F51}] => (Block) M:\Games\Assassin's Creed Unity\ACU.exe
FirewallRules: [{BDBF07E9-5DB8-4F48-BB53-58A9F7A6DFEA}] => (Block) M:\Games\Call of Duty - Advanced Warfare\s1_sp64_ship.exe
FirewallRules: [TCP Query User{248ED716-F16E-44DB-9AD4-B058324DE469}M:\program files (x86)\foobar2000\foobar2000.exe] => (Allow) M:\program files (x86)\foobar2000\foobar2000.exe
FirewallRules: [UDP Query User{481E01E6-2DCF-4B07-B4F0-CFE2A9B94A35}M:\program files (x86)\foobar2000\foobar2000.exe] => (Allow) M:\program files (x86)\foobar2000\foobar2000.exe
FirewallRules: [{994A1CE8-2287-416F-B04B-1AE713189E34}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4F951DC3-AE7F-4752-9A28-D7FE188CFE72}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A2657D70-93EE-4889-ADED-399F97137134}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AFC3D7CC-6E4A-43DA-9CD5-F84CF71A4AEF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{14BB8CD7-7D9B-4692-96EF-3424D851621F}] => (Allow) M:\Games\Steam\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{8697AC22-942A-473D-91DC-2927AF54E181}] => (Allow) M:\Games\Steam\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{49A9219E-D6A1-4331-959A-F8225D224646}] => (Block) M:\Games\Emergency 5\bin\x64r\emergency5.exe
FirewallRules: [{24D0EDF5-3D35-4BC6-A11C-0EA80F5B15C5}] => (Block) M:\Games\Emergency 5\bin\em5_launcher.exe
FirewallRules: [{3A5CE854-47D2-478F-A416-2A0D75D807A8}] => (Block) M:\Games\Pro Evolution Soccer 2015\PES2015.exe
FirewallRules: [{364E73A1-3F3A-48D2-BFC3-9EAA3BA8FCB7}] => (Allow) M:\Games\Steam\SteamApps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [{7D9BDA86-4F5F-4A0D-BC52-43FB70631D9C}] => (Allow) M:\Games\Steam\SteamApps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [{434C59DE-4EF6-421C-A076-377BA4555A78}] => (Allow) M:\Games\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{BD9A86DE-A41C-4D3C-8938-625D38B4AA2B}] => (Allow) M:\Games\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{5BC67C73-3F89-4144-88DE-851A05C5A7F5}] => (Allow) M:\Games\Steam\SteamApps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{E22BDA91-8BE1-4B58-ABE2-312B69F5F92E}] => (Allow) M:\Games\Steam\SteamApps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{91417446-187E-4267-B32C-C059EF295953}] => (Allow) M:\Games\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{6C4A73F7-42B8-4145-9570-5CD92BE6B74E}] => (Allow) M:\Games\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0F0C0F0D-5AB2-469B-8068-5E8BC056651D}] => (Block) M:\Games\Metal Gear Solid V Ground Zeroes\MgsGroundZeroes.exe
FirewallRules: [{AC9B1FCB-C8C2-4E45-B77E-E3B2D57AC311}] => (Allow) M:\Games\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanet.exe
FirewallRules: [{7AC59EA4-65D8-43BE-ACBA-2E57801BD21D}] => (Allow) M:\Games\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanet.exe
FirewallRules: [{BFBC1A6D-9314-4E9E-9673-FF0FB1F1384A}] => (Allow) M:\Games\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{9C5C78ED-A765-454B-9FAB-3F93D91B9B86}] => (Allow) M:\Games\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{5D9C1722-FBDD-4C74-87C0-A94AB690A075}] => (Allow) M:\Games\Steam\SteamApps\common\FlatOut Ultimate Carnage\launcher.exe
FirewallRules: [{F44B4D68-2890-4DB1-BBE8-018CD747B1BE}] => (Allow) M:\Games\Steam\SteamApps\common\FlatOut Ultimate Carnage\launcher.exe
FirewallRules: [TCP Query User{BFB0493B-F9B2-4DEC-BAE3-C685C9019F0F}C:\program files (x86)\qtdsync\bin\rsync.exe] => (Allow) C:\program files (x86)\qtdsync\bin\rsync.exe
FirewallRules: [UDP Query User{BFA826F7-C0C0-4238-997C-2FB753CE6FB2}C:\program files (x86)\qtdsync\bin\rsync.exe] => (Allow) C:\program files (x86)\qtdsync\bin\rsync.exe
FirewallRules: [{35D61A5D-9977-4F07-9CC3-30B4FA52B1D0}] => (Block) C:\program files (x86)\qtdsync\bin\rsync.exe
FirewallRules: [{A9E99EF8-F7EA-42C4-8425-4180640D9C7B}] => (Block) C:\program files (x86)\qtdsync\bin\rsync.exe
FirewallRules: [{B579E7C8-7067-4018-94B5-53DFFC0F86AC}] => (Allow) m:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{714671A4-D83E-4843-8200-5EF35EEB6071}] => (Allow) m:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{8C9DED58-3E6C-4F1E-89E2-2B6CC8869C08}] => (Allow) M:\Games\Steam\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{70C6E6DF-16D1-4397-A00A-FD7FC9D5837B}] => (Allow) M:\Games\Steam\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [TCP Query User{B1294E6B-9A5F-4016-8B09-AB4DB9317ED8}M:\retroshare\retroshare.exe] => (Allow) M:\retroshare\retroshare.exe
FirewallRules: [UDP Query User{62B71617-8077-4ACC-BAE7-84C9B01C11DB}M:\retroshare\retroshare.exe] => (Allow) M:\retroshare\retroshare.exe
FirewallRules: [{4B7EECCA-3EA2-406D-A351-ACECAA053534}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{344ABB5D-B36B-4A47-AAF5-7ADD539C9819}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{A1230E38-BC6B-4423-884E-7C04AC6EAC4D}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{6137CAEF-525D-477E-B6F0-AE8653E9B9E6}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{552F8607-4925-48F5-BE29-AA29716535CD}] => (Allow) M:\Games\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{F0AF273C-F0D8-49B6-B5D0-140BAB3C20C8}] => (Allow) M:\Games\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [TCP Query User{129DA68C-10D5-4A54-AF78-FE14626F89FA}M:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) M:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{C96FEB0A-D1EC-4E8A-9D67-A9B88FFBCCE4}M:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) M:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{90635068-74C0-4A5E-89D7-A1002938EC7F}] => (Allow) M:\Games\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{DBFC02B6-D19F-4687-9775-9FC9C684EFFC}] => (Allow) M:\Games\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{86E9F973-34FA-45FC-B29F-10D355AC9A51}C:\users\mongole\appdata\roaming\tonido\tonido.exe] => (Allow) C:\users\mongole\appdata\roaming\tonido\tonido.exe
FirewallRules: [UDP Query User{5071F1DA-BC94-4605-8817-969D0BFD4F8C}C:\users\mongole\appdata\roaming\tonido\tonido.exe] => (Allow) C:\users\mongole\appdata\roaming\tonido\tonido.exe
FirewallRules: [{BBD735BF-2935-41CE-803D-F951C13DF71B}] => (Allow) M:\Program Files\Vuze\Azureus.exe
FirewallRules: [{182E01A8-6389-4022-90B0-F77DAD0D3A2D}] => (Allow) M:\Program Files\Vuze\Azureus.exe
FirewallRules: [{96093A0B-AE70-4943-BBA1-A1C943E10B1D}] => (Block) M:\Games\Saints Row Gat out of Hell\SaintsRowGatOutOfHell.exe
FirewallRules: [{C697EC6B-941F-4972-80A4-20BF80ADE92D}] => (Allow) M:\Program Files\Synergy\synergys.exe
FirewallRules: [{ED48CF50-3137-4FA0-AAA6-5129EBDE836B}] => (Block) F:\Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{AEB39B74-EA27-4022-9E46-5AF81D6A6A40}] => (Block) F:\Games\Dragon Age Inquisition\Launcher.exe
FirewallRules: [{5E27A642-B227-4D97-BF24-FB6531F7428A}] => (Block) F:\Games\Trials Fusion - Fire in the Deep\datapack\trials_fusion.exe
FirewallRules: [{06AECA0B-4B68-4A6C-BD7D-793672D2CFDB}] => (Block) F:\Games\3DMGAME-OMSI.2.Cracked-3DM\OMSI 2\Omsi.exe
FirewallRules: [{1F3E9DB3-03E8-4A19-9C64-9B1CC5CFCA35}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [{D39DA46A-34CE-4CDC-91E3-B23FCBB3CCF7}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [TCP Query User{9D01AC1A-8587-4434-9378-0AE4F03A5597}M:\program files (x86)\pidgin\pidgin.exe] => (Allow) M:\program files (x86)\pidgin\pidgin.exe
FirewallRules: [UDP Query User{5B6510ED-491C-4992-890F-2AFEF91BA430}M:\program files (x86)\pidgin\pidgin.exe] => (Allow) M:\program files (x86)\pidgin\pidgin.exe
FirewallRules: [TCP Query User{79003072-7204-4FD4-A113-F26A93E6666F}C:\program files (x86)\namecoin\namecoin-qt.exe] => (Allow) C:\program files (x86)\namecoin\namecoin-qt.exe
FirewallRules: [UDP Query User{79209835-BB21-48E2-88D3-2B4BBC0F3C7D}C:\program files (x86)\namecoin\namecoin-qt.exe] => (Allow) C:\program files (x86)\namecoin\namecoin-qt.exe
FirewallRules: [TCP Query User{4808077D-D942-4D3B-B786-201B96987BC5}C:\program files\psi\psi.exe] => (Allow) C:\program files\psi\psi.exe
FirewallRules: [UDP Query User{72C89448-729D-4574-8CDD-2D154030E0D6}C:\program files\psi\psi.exe] => (Allow) C:\program files\psi\psi.exe
FirewallRules: [{A8D44089-9785-43A4-9DC7-D27C5A79DC31}] => (Block) F:\Gamez\BroForce.v2014.10.07.Build.2598.Steam.Workshop.Update-TPTB\TPTB-BROF\TPTB-BROF\Broforce October Update\BROFORCE_Beta.exe
FirewallRules: [{736CB91D-01D2-46D3-B0A2-D3BE74141EE2}] => (Block) F:\Games\Dying Light\DyingLightGame.exe
FirewallRules: [{CD88DD7D-65A1-49CD-A9A4-885A38FDEA8A}] => (Block) F:\Games\Rockstar Games\Grand Theft Auto IV\GTAIV.exe
FirewallRules: [{AC11F986-70E8-4B52-AA75-40BE1BBF4EB7}] => (Block) F:\Games\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [TCP Query User{6F45770F-CC60-4B45-B987-6FFF5BCAC5C2}C:\users\mongole\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\mongole\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{C53BE3F0-1538-42CF-920E-70BC0FE9F2F0}C:\users\mongole\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\mongole\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{0E43AE6C-F566-441F-96DD-B2EC395A4B74}] => (Allow) B:\TEMP\_ISTMP1.DIR\_ISTMP0.DIR\igd_finder.exe
FirewallRules: [{BEF016FB-4A83-428F-AE38-F4CC47A8E977}] => (Allow) B:\TEMP\_ISTMP1.DIR\_ISTMP0.DIR\igd_finder.exe
FirewallRules: [{3ACC59E7-64E4-48BD-95DB-CEC3493EAD56}] => (Allow) LPort=5031
FirewallRules: [{985DEDCD-8156-49C2-A98C-0F5D568955C3}] => (Allow) B:\TEMP\_ISTMP1.DIR\_INS5576._MP
FirewallRules: [{3C8DF17D-7E92-4FE4-A012-90F339DBA74A}] => (Allow) B:\TEMP\_ISTMP1.DIR\_INS5576._MP
FirewallRules: [{9E35948F-1B11-4193-99FF-008033B75385}] => (Block) F:\Games\Battle vs. Chess\battlevschess.exe
FirewallRules: [{B35AEF73-DAB2-40F1-A36A-74686E90E011}] => (Block) F:\Games\Battle vs. Chess\Activation.exe
FirewallRules: [TCP Query User{2FDE19C3-BD20-4A2C-ADD7-176EB09056F0}M:\games\blur(tm)\blur.exe] => (Block) M:\games\blur(tm)\blur.exe
FirewallRules: [UDP Query User{558AA483-C8E2-4E0A-A7C7-B4188F6801BE}M:\games\blur(tm)\blur.exe] => (Block) M:\games\blur(tm)\blur.exe
FirewallRules: [TCP Query User{B37A88D8-AE18-4F67-A0D5-C8370A3CDEB1}M:\games\rayman legends\rayman legends.exe] => (Block) M:\games\rayman legends\rayman legends.exe
FirewallRules: [UDP Query User{696A7DD7-A729-4D59-A679-13A94CEEF629}M:\games\rayman legends\rayman legends.exe] => (Block) M:\games\rayman legends\rayman legends.exe
FirewallRules: [TCP Query User{05D25445-45D5-47B0-BDFC-D38C1618EDCE}C:\program files\pale moon\plugin-container.exe] => (Allow) C:\program files\pale moon\plugin-container.exe
FirewallRules: [UDP Query User{D6A37DB2-C5DD-41AA-A8F4-3624A8892794}C:\program files\pale moon\plugin-container.exe] => (Allow) C:\program files\pale moon\plugin-container.exe
FirewallRules: [{5D731F2D-E351-4A43-A2E5-E19D15A83FD8}] => (Block) F:\Gamez\The.Talos.Principle.Build.220996.Incl.DLC-TPTB\TPTB-TLOS\Steam\SteamApps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{D60796AB-0E37-4B2C-BCD2-3A0135FCC88B}] => (Block) F:\Games\Fahrenheit Indigo Prophecy Remastered\Fahrenheit.exe
FirewallRules: [{D1065750-03A4-4CE8-B5CD-6AD7E9CE0A2E}] => (Block) F:\Games\Oddworld - New 'n' Tasty\NNT.exe
FirewallRules: [TCP Query User{A7A7E28E-8338-4353-AC74-0E7D2A7EA058}M:\program files\ditto\ditto.exe] => (Block) M:\program files\ditto\ditto.exe
FirewallRules: [UDP Query User{6C3779EB-AFD3-414E-ACB7-B3BEEBEC2CEB}M:\program files\ditto\ditto.exe] => (Block) M:\program files\ditto\ditto.exe
FirewallRules: [{B4577D29-771C-48CD-A1E7-65339FE68945}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{4DB29EAC-77E7-41EC-99EB-570E5597E310}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [TCP Query User{A965A841-AE03-42FC-9F36-9BE27DA91E59}C:\program files\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\java.exe
FirewallRules: [UDP Query User{573A76E3-7DF7-4FAD-AEF0-67FDE6452099}C:\program files\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\java.exe
FirewallRules: [{34C111C1-EBAA-4987-AFD8-83EE4B0D0FD4}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [{DB2F5B50-E8F4-451C-B246-84561FAD53DA}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [TCP Query User{C70BBCDA-5126-4E1B-82C1-0A34064B2DEF}F:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) F:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{65D6FCA4-7447-4B0C-A805-F48B13CE81D4}F:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) F:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [{39BD05E6-034C-414E-8492-9A78F82FADD4}] => (Allow) M:\Games\Steam\SteamApps\common\SS2\Shock2.exe
FirewallRules: [{7E24D3D2-C045-43AA-8468-940A1423E5A1}] => (Allow) M:\Games\Steam\SteamApps\common\SS2\Shock2.exe
FirewallRules: [{A91A2A3D-69FE-478D-95DF-8E13C0A6F3BD}] => (Block) F:\Games\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{B08B78C4-702C-402E-9342-9F7FF8D98A97}] => (Block) F:\Games\Trials Fusion - After the Incident\datapack\trials_fusion.exe
FirewallRules: [{C76E1CA4-3F96-400F-A90A-87B12EF0417A}] => (Block) F:\Games\DEAD OR ALIVE 5 Last Round\game.exe
FirewallRules: [{2083F763-2AB4-4B67-9754-0D84DEF43F2C}] => (Block) F:\Games\DEAD OR ALIVE 5 Last Round\startup_setting.exe
FirewallRules: [{779CB0C0-93C8-40A1-9EA7-0227EF5E3309}] => (Block) F:\Games\Bloodsports TV\bloodsports.exe
FirewallRules: [TCP Query User{9FE9ED83-9B64-4FD4-AEBF-67739A0E27C7}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{B14740C1-962F-4B73-BF1B-6F892C6013B2}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{D44D9DE4-4333-493F-8612-D50976EFD424}] => (Block) F:\Games\Ori and the Blind Forest\ori.exe
FirewallRules: [{CE062D04-75A1-4186-9F23-EC9A12CE7715}] => (Allow) M:\Program Files\Wippien\Wippien.exe
FirewallRules: [{971FF926-DFC9-4AC2-B8D5-7AF50EA5AE63}] => (Allow) M:\Program Files\Wippien\Wippien.exe
FirewallRules: [{AECBF9FB-0FBB-4E78-8616-D5E91EAD280E}] => (Allow) C:\Users\mongole\AppData\Local\Maelstrom\Application\chrome.native.torrent.exe
FirewallRules: [{88E1287D-00D7-406A-96AB-5F593B01A404}] => (Allow) C:\Users\mongole\AppData\Local\Maelstrom\Application\chrome.native.torrent.exe
FirewallRules: [{CF7C1938-2A8A-46EB-AC5A-FEEDC692EC91}] => (Allow) M:\Games\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{16E625D0-D511-4E5D-BF1C-71F5DC0888FA}] => (Allow) M:\Games\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{641D6791-3FBC-4D66-BA37-0828F7A3DF4C}M:\games\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) M:\games\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{5E3155A6-D119-408B-B5CE-544F0B9E908A}M:\games\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) M:\games\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{73AD9C2C-228E-41B1-86DB-554541EE7022}] => (Block) M:\games\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{D4661D20-C5E0-4B2F-9B49-D355B2E44FDA}] => (Block) M:\games\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{CB34AD36-031F-43F7-A7B0-DBA351DAA6F2}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{127FE993-610A-4EE5-8D1E-DB2FF9F13367}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{1213E8AB-23AC-4820-B5C2-92F537D8F8E2}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{8D30DB3A-B89E-4C03-B1BA-A1C04C778825}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{11203B2E-2219-4493-9A4B-663998506188}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{D88E7769-DAD5-4764-9AEE-A5382D36FC6E}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{1A166CDC-F18D-49CB-B768-ED86C22697AC}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\Paradise Lost\System\ParadiseLost.exe
FirewallRules: [{5EF3BE44-4F20-42DF-9DD5-118EA597DEAB}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\Paradise Lost\System\ParadiseLost.exe
FirewallRules: [TCP Query User{EFE008D3-79C7-4413-B298-1A8C13399889}M:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) M:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CA960FFF-09E6-4DBF-9FEC-30078E7E18F7}M:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) M:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{05A367DC-A9AD-480C-A486-F0FDCB8A6CE0}] => (Block) M:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{318A177A-0184-4FF2-BAFD-2C3B0D2E7AC7}] => (Block) M:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{D77AAA5D-49E2-4562-AAA9-9A6789F4F407}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{CBF933FA-01D5-4200-85D8-90958F02DFAF}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{65B58FCE-85C8-4B19-B747-0C067DEAA68C}] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{F50DEFA1-AB04-4665-8620-E74261B95C31}] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{CB23A8B5-7631-44A5-A8A7-3B338917814F}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{52801A91-0552-494F-9891-472499331805}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{6759AF2D-B7BA-4662-9A18-24123561DBFA}] => (Allow) M:\Games\Steam\SteamApps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{25FFBEF5-EDBB-4AFE-A0E7-AFDFAD49EB60}] => (Allow) M:\Games\Steam\SteamApps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [TCP Query User{12A981BD-E07E-4110-BE87-A1AC5EF2C1B2}M:\program files (x86)\sabnzbd\sabnzbd.exe] => (Allow) M:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [UDP Query User{0DFEEF7D-5ABC-4AFF-A927-AD169872BC1B}M:\program files (x86)\sabnzbd\sabnzbd.exe] => (Allow) M:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [{52DA281E-9821-406D-A286-01C75E04A30B}] => (Block) M:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [{AB9BBED0-1FF8-486E-BCC9-E2C80BFE724E}] => (Block) M:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [{17382AC5-9476-4618-B108-4568A910BC63}] => (Block) G:\The Witcher 3 Wild Hunt\bin\x64\witcher3.exe
FirewallRules: [{1F0EDA63-387A-4E84-ACF6-C3CD2E0F49E6}] => (Allow) M:\Program Files (x86)\TV-Browser\tvbrowser.exe
FirewallRules: [{B1E3AF09-708F-46E0-91EA-D06A10529903}] => (Allow) M:\Program Files (x86)\TV-Browser\tvbrowser.exe
FirewallRules: [{4B091B33-232D-4E3B-BFDD-BED29239717C}] => (Allow) M:\Program Files (x86)\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{74C07DD3-D6E7-46D8-B311-D7F32E310458}] => (Allow) M:\Program Files (x86)\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{96AF514A-5398-45B6-BC6E-DE4420836BFA}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_45\bin\java.exe
FirewallRules: [{7138359E-C5DC-49F4-B8B3-193007C43EF9}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_45\bin\java.exe
FirewallRules: [{970B83BE-4ED5-4BB9-B20B-8F8B499F41BD}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{E440A275-5762-4E80-99E1-C3E9728ECAF3}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{8EB0BA31-7B99-4181-AFAE-C526D34AA2EC}] => (Block) G:\Hatred\Hatred\Binaries\Win64\Hatred-Win64-Shipping.exe
FirewallRules: [{89947782-B01B-489D-B391-1EBF191BFA53}] => (Block) F:\Gamez\Trine.3.The.Artifacts.of.Power.v0.06.Cracked-3DM\Trine 3\trine3_launcher.exe
FirewallRules: [{507F57F6-A191-4901-AC71-B6913F535D36}] => (Block) F:\Gamez\Trine.3.The.Artifacts.of.Power.v0.06.Cracked-3DM\Trine 3\trine3_64bit.exe
FirewallRules: [{90DE4BC8-1043-4DE3-9220-662E3444A074}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{06CB0103-7652-47F1-BDE8-FE744E614A48}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{11A69F30-6FBE-4C71-AD3A-3BE743364533}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{308744F5-3D25-4870-A6F6-99149F34AA3B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{45A10B15-5D3F-4267-B46F-8CD4D9CE4EF3}] => (Allow) M:\Games\Steam\SteamApps\common\Nidhogg\Nidhogg.exe
FirewallRules: [{2FE605A5-0756-4724-AC1F-24C64F04316A}] => (Allow) M:\Games\Steam\SteamApps\common\Nidhogg\Nidhogg.exe
FirewallRules: [{71764963-7970-4916-9E52-EEE8F9A590C5}] => (Allow) M:\Games\Steam\SteamApps\common\FORCED\FORCED.exe
FirewallRules: [{D8E79390-5873-4DA8-9A34-4429A18E062D}] => (Allow) M:\Games\Steam\SteamApps\common\FORCED\FORCED.exe
FirewallRules: [{66E4CD1B-797D-43A0-AD47-16F9F607FCF5}] => (Allow) M:\Games\Steam\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{33D865C0-874F-43CF-B308-18D3BA938064}] => (Allow) M:\Games\Steam\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{1F8B8068-4215-4F04-B340-D5E72C00CA69}] => (Allow) M:\Games\Steam\SteamApps\common\And Yet It Moves\And Yet It Moves.exe
FirewallRules: [{BACAE36C-F4C7-44B4-9866-D47900B4688B}] => (Allow) M:\Games\Steam\SteamApps\common\And Yet It Moves\And Yet It Moves.exe
FirewallRules: [{5C1E7824-B02C-4FCC-A39F-9F1D263A079A}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{4A674C27-C404-4E2A-98C3-61DCD39C0DC5}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{BD88A5D0-576A-48C2-84BB-9FC5306D4E91}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{E629AB3E-863F-4E04-A962-69D844A6DA10}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{6B9B3657-81CD-4F66-AE00-8BA5AF84C23D}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{D3E3A14D-4AE7-4D6E-A24C-E5E2E2BA37AE}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [TCP Query User{D9753E3C-9082-462F-AF67-922F33F2DECB}M:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) M:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [UDP Query User{B5F6FA34-9057-49F5-BCE2-6F250F08D27C}M:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) M:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [{065F22E2-E281-402C-85D8-A7E4DA317DF3}] => (Allow) M:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{16139CE7-9FAE-434A-8951-AE36A5672C35}] => (Allow) M:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{051289DE-CFC1-4850-B197-E523E3C340E1}] => (Allow) M:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{57501666-57BF-4A5A-8099-09157351DAE1}] => (Allow) M:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{61A8946B-D000-48CC-B097-0DCB32246503}] => (Allow) M:\Games\Steam\SteamApps\common\Jamestown\Jamestown.exe
FirewallRules: [{8C18E07B-3F1E-4B87-9BD9-E7102C7EBA68}] => (Allow) M:\Games\Steam\SteamApps\common\Jamestown\Jamestown.exe
FirewallRules: [{505362FB-C4C7-45C7-87BE-6C8E4229EF8B}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Wreckfest_x64.exe
FirewallRules: [{74BFEB60-AAA2-41DE-A381-15B9E8C3A44C}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Wreckfest_x64.exe
FirewallRules: [{F975DE6E-91DD-4EC6-805A-D2EF82169F40}] => (Allow) M:\Games\Steam\SteamApps\common\Contagion\contagion.exe
FirewallRules: [{87DCA32C-F9F5-423E-99B3-3233D44F1B4D}] => (Allow) M:\Games\Steam\SteamApps\common\Contagion\contagion.exe
FirewallRules: [{D7DED483-1733-4F91-BB0E-0487D7D7B266}] => (Allow) M:\Games\Steam\SteamApps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{920D4BE6-06D0-44B1-9BAC-77BDDEBA048D}] => (Allow) M:\Games\Steam\SteamApps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{76F30BFB-CC77-4906-A75A-E3D5093A1F00}] => (Allow) M:\Games\Steam\SteamApps\common\How to Survive\Detect.exe
FirewallRules: [{D98EAAC6-9BAC-4531-B6AF-3B1F0E52B3D6}] => (Allow) M:\Games\Steam\SteamApps\common\How to Survive\Detect.exe
FirewallRules: [{1C8B61E4-0FB6-4894-ACEE-B49FF131F16D}] => (Allow) M:\Games\Steam\SteamApps\common\Depth\Binaries\Win64\DepthGame.exe
FirewallRules: [{12427FBA-C50C-48D9-86B1-4F958253598F}] => (Allow) M:\Games\Steam\SteamApps\common\Depth\Binaries\Win64\DepthGame.exe
FirewallRules: [{E71C36B8-6B00-4EC0-8662-9F53AB8A4A92}] => (Allow) M:\Games\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{6C74104F-2FC5-4AE5-A7D9-7C4722F69829}] => (Allow) M:\Games\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{8EC9B25A-4EDB-48C8-B6E0-2898F9A3E025}] => (Allow) M:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{5383EA28-70CB-4517-AB71-32CB05193080}] => (Allow) M:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{55A108E5-A6A7-4AD2-94AE-D3F97CE3F476}M:\program files\jitsi\jitsi.exe] => (Allow) M:\program files\jitsi\jitsi.exe
FirewallRules: [UDP Query User{B63A07FF-59FD-4580-A09E-73DAE9161CAF}M:\program files\jitsi\jitsi.exe] => (Allow) M:\program files\jitsi\jitsi.exe
FirewallRules: [{EC0633FB-51D5-49C4-AADC-184C8ABC411D}] => (Block) M:\program files\jitsi\jitsi.exe
FirewallRules: [{E4D48C8C-5D30-41BA-811C-7C4214CB8F51}] => (Block) M:\program files\jitsi\jitsi.exe
FirewallRules: [TCP Query User{00235518-81DE-4051-B77A-C71B70D27B37}M:\program files (x86)\free download manager\fdm.exe] => (Allow) M:\program files (x86)\free download manager\fdm.exe
FirewallRules: [UDP Query User{8FB43FF3-EE4A-4059-A1BF-4B595DACF09A}M:\program files (x86)\free download manager\fdm.exe] => (Allow) M:\program files (x86)\free download manager\fdm.exe
FirewallRules: [{BE8EFA65-8618-4B50-A992-1368DDB3D0E8}] => (Block) M:\program files (x86)\free download manager\fdm.exe
FirewallRules: [{31D00BD2-AF45-4E1B-8FD5-89E5B44088E4}] => (Block) M:\program files (x86)\free download manager\fdm.exe
FirewallRules: [{A0924598-58FE-46FA-A8A1-60FD1DA618BA}] => (Allow) M:\Program Files\Halite\Halite.exe
FirewallRules: [TCP Query User{7261A86F-2A25-48DC-878E-ABA339604219}B:\temp\mozopendownload\hfs.exe] => (Allow) B:\temp\mozopendownload\hfs.exe
FirewallRules: [UDP Query User{264C444C-77A6-4B4C-86EB-386217A7B862}B:\temp\mozopendownload\hfs.exe] => (Allow) B:\temp\mozopendownload\hfs.exe
FirewallRules: [{ECE4BD9E-E075-4D5D-B3DA-CD7819ADA9B9}] => (Allow) M:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{27925614-EE31-4402-A4B7-2D56EC8B840E}] => (Allow) M:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{D75C508E-E7A4-42F7-9F95-B171F7EFD21F}] => (Block) M:\Games\Tembo the Badass Elephant\Tembo The Badass Elephant.exe
FirewallRules: [{A1E91B3E-A276-4E9D-BD76-5724EDB18EFC}] => (Allow) M:\Games\Steam\SteamApps\common\Worms Reloaded\WormsReloaded.exe
FirewallRules: [{F2F5A0B3-D8A1-447E-88B0-52F757466A2F}] => (Allow) M:\Games\Steam\SteamApps\common\Worms Reloaded\WormsReloaded.exe
FirewallRules: [{EA560A31-A9E0-4356-9AD2-0EC8EBDA0B46}] => (Allow) M:\Games\Steam\SteamApps\common\Unreal Tournament\System\UnrealTournament.exe
FirewallRules: [{D8767F0C-DC04-4901-B2E7-D41A4B2E850E}] => (Allow) M:\Games\Steam\SteamApps\common\Unreal Tournament\System\UnrealTournament.exe
FirewallRules: [{7FC58F41-7894-4C15-AB3E-481BE5CD75BA}] => (Block) M:\Games\Trine 3 The Artifacts of Power\trine3_64bit.exe
FirewallRules: [{33F3AADD-F31E-4307-BE48-11D18ECBA39D}] => (Block) M:\Games\Trine 3 The Artifacts of Power\trine3_32bit.exe
FirewallRules: [{660ACE76-CC78-424D-A3F0-1640D22637A1}] => (Block) M:\Games\Trine 3 The Artifacts of Power\trine3_launcher.exe
FirewallRules: [TCP Query User{0E7FB79C-8EAC-48E9-ADF2-C1941E96B5DB}M:\program files\vuze\azureus.exe] => (Block) M:\program files\vuze\azureus.exe
FirewallRules: [UDP Query User{A2F161B0-9851-4656-8291-A7B664DFFBFF}M:\program files\vuze\azureus.exe] => (Block) M:\program files\vuze\azureus.exe
FirewallRules: [{023F5A2A-5189-4841-8332-99CA51500362}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{8864B29C-6D8A-4028-95D7-CBF99A82CC4F}] => (Block) F:\Games\Act of Aggression\ActOfAggression.exe
FirewallRules: [{9AA66804-AAAA-4728-AB35-5DEBBD9C730C}] => (Block) F:\Games\Act of Aggression\unins000.exe
FirewallRules: [{FAC1FAEA-0888-4F8A-A6F9-FA227B60DF70}] => (Allow) M:\Games\Steam\SteamApps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{8BF725F0-1371-4144-B039-C0C89604EAB4}] => (Allow) M:\Games\Steam\SteamApps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [TCP Query User{95A37C24-AE84-42A0-89B5-594944937687}B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpncmd.exe] => (Allow) B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpncmd.exe
FirewallRules: [UDP Query User{0141E4FC-BA4F-4A11-9A20-5B6EF376D63D}B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpncmd.exe] => (Allow) B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpncmd.exe
FirewallRules: [TCP Query User{B0462F46-07E7-425C-A6B2-C015FB0E3FF6}B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpnsmgr.exe] => (Allow) B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpnsmgr.exe
FirewallRules: [UDP Query User{BE8A9421-3A21-4817-AB58-8EB244F33A76}B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpnsmgr.exe] => (Allow) B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpnsmgr.exe
FirewallRules: [{E3B7C074-AB1B-4244-B1C2-1F6D2F2E2FA3}] => (Allow) M:\Games\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{E12E2D98-51B2-482A-9824-B05C64E5BD33}] => (Allow) M:\Games\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{4577AF07-B811-4769-A76F-D5E1CBE67F3B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5C817070-8E84-46F7-9C27-89795EFF21A1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2B8D7556-880E-42A2-836B-CB23F598688A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E2C39B42-2952-4551-951E-4C987C9585C7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
==================== Faulty Device Manager Devices =============
Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: WeOnlyDo Network Adapter 2.5
Description: WeOnlyDo Network Adapter 2.5
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: WeOnlyDo Network Provider
Service: wod0205
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/29/2015 01:31:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm explorer.exe, Version 6.3.9600.17667 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: aac
Startzeit: 01d0faaa67fc6840
Endzeit: 12
Anwendungspfad: C:\Windows\explorer.exe
Berichts-ID: b194b1ce-669d-11e5-82c1-0015833d0a57
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/29/2015 01:31:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17667 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: fa8
Startzeit: 01d0faaa1dc9cc8a
Endzeit: 0
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID: a5768fe1-669d-11e5-82c1-0015833d0a57
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/29/2015 01:31:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (09/27/2015 11:51:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8
Error: (09/27/2015 11:51:19 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (09/27/2015 11:51:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL8
Error: (09/27/2015 11:51:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll8
Error: (09/27/2015 11:51:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\Windows\system32\esentprf.dll8
Error: (09/27/2015 11:51:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (09/27/2015 11:41:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8
System errors:
=============
Error: (09/29/2015 01:33:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Restart the service.
Error: (09/29/2015 01:33:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Client for NFS" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Restart the service.
Error: (09/29/2015 01:33:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "uvnc_service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/29/2015 01:33:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MSI_LiveUpdate_Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/29/2015 01:33:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MSI_ECOSERVICE" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/29/2015 01:33:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MSIDDR_CC" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/29/2015 01:33:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MSICTL_CC" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/29/2015 01:33:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Logitech Gaming Registry Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/29/2015 01:33:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Killer Service V2" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/29/2015 01:33:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "GlassWire Control Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
CodeIntegrity:
===================================
Date: 2015-09-27 04:31:06.038
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-07-11 02:34:41.736
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Programme\SysinternalsSuite\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-15 21:34:14.261
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-03-25 01:39:52.738
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-10 15:21:43.872
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-11-29 21:40:08.346
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-11-29 21:39:57.492
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-10-31 12:45:17.155
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-10-31 12:45:08.818
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-10-02 22:09:44.251
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 31%
Total physical RAM: 32716.61 MB
Available physical RAM: 22480.84 MB
Total Virtual: 36812.61 MB
Available Virtual: 26289.66 MB
==================== Drives ================================
Drive b: (RAMDisk) (Fixed) (Total:7.99 GB) (Free:7.98 GB) exFAT
Drive c: () (Fixed) (Total:111.45 GB) (Free:32.04 GB) NTFS
Drive f: (Backup) (Fixed) (Total:465.76 GB) (Free:53.51 GB) NTFS
Drive g: (SSD) (Fixed) (Total:59.62 GB) (Free:9.89 GB) NTFS
Drive m: (Data) (Fixed) (Total:931.39 GB) (Free:53.52 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 49A204F8)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 3064FF80)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=06)
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 00000001)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
========================================================
Disk: 4 (Size: 59.6 GB) (Disk ID: 000BF271)
Partition 1: (Not Active) - (Size=59.6 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
|
|
30.09.2015, 14:20
| #10 |
| /// the machine /// TB-Ausbilder | Win 8.1: Trojaner eingefangenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Win 8.1: Trojaner eingefangen |
| .dll, adware, antivirus, askbar, browser, defender, desktop, detected, dnsapi.dll, explorer, flash player, free download, google, inject, launch, microsoft, moonchild, mozilla, nvidia, performance, programme, realtek, robot, security, services.exe, software, svchost.exe, system, temp, trojaner, win10, windows, winlogon.exe |
Linear-Darstellung
