Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Infizierung mit locked-Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 06.06.2012, 22:14   #1
Hypocrite666
 
Infizierung mit locked-Trojaner - Standard

Infizierung mit locked-Trojaner



Hallo Leute,
heute morgen wurde bei mir der Verschlüsselungstrojaner aktiv. Aufgefallen ist es mir, als diverse Programme nicht mehr starten wollten. Bei meiner Fehlersuche habe ich dann die schönen "locked-"-Dateien bemerkt. Obwohl er wohl nur ca. 12min aktiv war, bevor ihn MSE in Quarantäne gesteckt hat, hat er über 50.000 Dateien verschlüsselt, die ich aber mit dem Decrypter-Tool wieder herstellen konnte. Es folgen die OTL-Logfiles:

OTL.txt:

OTL logfile created on: 06.06.2012 21:51:47 - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\***\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,97 Gb Total Physical Memory | 4,82 Gb Available Physical Memory | 60,51% Memory free
15,94 Gb Paging File | 13,04 Gb Available in Paging File | 81,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 73,05 Gb Free Space | 7,84% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 58,59 Gb Free Space | 6,29% Space Free | Partition Type: NTFS

Computer Name: COMPUTER677 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.06 14:51:41 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.03.29 13:45:40 | 001,626,952 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
PRC - [2012.03.29 13:43:16 | 000,545,608 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
PRC - [2012.03.29 13:43:16 | 000,267,080 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe
PRC - [2012.03.29 13:43:14 | 000,537,416 | ---- | M] (PacketVideo) -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
PRC - [2012.03.20 00:58:52 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012.02.14 21:25:37 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012.02.14 21:25:28 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.09.14 15:48:20 | 000,230,696 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.03.31 16:08:14 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010.11.17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.10.05 09:32:58 | 001,811,800 | ---- | M] (Logitech(c)) -- C:\Program Files (x86)\Logitech\G35\G35.exe


========== Modules (No Company Name) ==========

MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.05.19 16:42:43 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.06 02:47:33 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.29 13:43:16 | 000,545,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe -- (TwonkyProxy)
SRV - [2012.03.29 13:43:16 | 000,267,080 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe -- (TwonkyWebDav)
SRV - [2012.03.29 13:43:14 | 000,537,416 | ---- | M] (PacketVideo) [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe -- (TwonkyServer)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.28 00:06:48 | 003,280,208 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2012.02.14 21:25:37 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012.02.14 21:25:28 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.22 15:59:00 | 000,024,576 | ---- | M] (Realtek Semiconductor.) [Auto | Stopped] -- C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe -- (SetupARService)
SRV - [2011.09.02 06:13:49 | 000,292,136 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011.09.02 06:13:47 | 000,075,048 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2011.08.24 03:13:43 | 000,083,240 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011.06.17 09:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.05.03 19:57:33 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2011.03.31 16:08:14 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.05.01 15:02:56 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.08.23 22:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.04.30 13:59:32 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011.04.30 13:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.04.30 13:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.12.10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.22 09:09:06 | 000,303,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010.11.22 09:09:06 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2010.11.20 15:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 15:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 13:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010.11.20 13:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010.11.09 14:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010.10.19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.09.29 11:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:64bit: - [2010.09.29 11:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:64bit: - [2010.09.07 04:37:26 | 000,121,432 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010.08.24 19:28:24 | 000,030,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010.06.09 18:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nm3.sys -- (nm3)
DRV:64bit: - [2010.04.27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010.04.27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010.04.27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010.04.27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.11.01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2011.10.25 12:14:06 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011.09.02 12:08:46 | 000,148,976 | ---- | M] (CyberLink Corp.) [2011/10/20 10:54:49] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011.08.24 03:13:44 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2011.01.06 12:06:56 | 000,011,888 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Setup Files\Ms7681v1G0\NTIOLib_X64.sys -- (NTIOLib_1_0_6)
DRV - [2010.10.22 10:37:36 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys -- (NTIOLib_1_0_4)
DRV - [2010.07.01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010.05.10 10:44:40 | 000,033,592 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C5 AF DA FE E7 F4 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {5E0392FD-BFF4-4931-AFF0-2B13B19635EC}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5E0392FD-BFF4-4931-AFF0-2B13B19635EC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.18 19:47:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.20 01:58:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.19 16:20:44 | 000,000,000 | ---D | M]

[2011.11.08 18:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.11.08 18:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2012.05.20 01:58:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\y418s5aa.default\extensions
[2011.04.07 11:20:20 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\y418s5aa.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2011.05.26 11:02:50 | 000,000,000 | ---D | M] ("DHL Packstation Bestellhelfer") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\y418s5aa.default\extensions\{ff0981f1-9827-44a3-88cd-e760430793c9}
[2011.08.09 12:16:31 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\y418s5aa.default\extensions\DeviceDetection@logitech.com
[2011.08.05 22:26:12 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\y418s5aa.default\extensions\https-everywhere@eff.org
[2012.05.20 01:58:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.05 10:13:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {D6E0063B-7B09-45C9-A51D-1FB51840EBE0} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [OODefragTray] C:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [KeePass Password Safe 2] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKCU..\Run: [ncid.Net] "C:\Program Files (x86)\ncid.Net\ncid.Net.exe" wait File not found
O4 - HKCU..\Run: [TVgenial] C:\Program Files (x86)\TVgenial\TVgenial.exe (ARAKON TVgenial Systems GbR)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Add to Playlist - res://C:\Program Files (x86)\Twonky\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/314 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Add to Playlist - res://C:\Program Files (x86)\Twonky\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/314 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{351D8CE3-E5D2-4ED1-8315-AA4EDD4663F1}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64B4B76D-4E68-4B4E-B387-020CD9EC3264}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{63d9be46-6082-11e0-8228-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{63d9be46-6082-11e0-8228-806e6f6e6963}\Shell\AutoRun\command - "" = E:\DVDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.06.06 14:33:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.06.06 14:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.06 14:33:29 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.06 14:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.06 14:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.06 11:32:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Rprmdwdo
[2012.06.05 19:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Her Interactive
[2012.06.05 18:34:36 | 000,000,000 | ---D | C] -- C:\CloneDVDTemp
[2012.06.05 18:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Elaborate Bytes
[2012.06.05 18:06:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2012.06.05 17:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2012.06.05 17:51:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlySoft
[2012.06.01 15:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012.05.26 20:08:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\FLT
[2012.05.24 17:03:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ZinioTabletReader
[2012.05.22 17:18:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
[2012.05.20 01:58:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.05.20 01:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.19 16:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.05.19 16:20:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.05.09 20:25:29 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.05.09 18:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.05.09 18:06:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012.05.09 18:06:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.05.09 18:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.06.06 21:54:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2332116217-2143763194-2837301324-1000UA.job
[2012.06.06 21:51:38 | 000,000,250 | ---- | M] () -- C:\Windows\Brownie.ini
[2012.06.06 21:49:39 | 000,000,168 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.06.06 21:47:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.06 21:06:36 | 000,002,765 | ---- | M] () -- C:\Users\Public\Desktop\QuickKontoblatt 2012.lnk
[2012.06.06 21:06:36 | 000,002,759 | ---- | M] () -- C:\Users\Public\Desktop\Quicken DELUXE 2012.lnk
[2012.06.06 21:06:36 | 000,002,739 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2012 Zahlungserinnerung.lnk
[2012.06.06 21:04:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.06 21:01:08 | 000,000,083 | ---- | M] () -- C:\ProgramData\.zreglib
[2012.06.06 21:01:08 | 000,000,011 | ---- | M] () -- C:\ProgramData\.tv6
[2012.06.06 19:20:52 | 000,007,604 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.06.06 19:20:49 | 000,000,847 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2012.06.06 19:10:50 | 001,805,536 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.06 19:10:50 | 000,774,964 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.06 19:10:50 | 000,716,104 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.06 19:10:50 | 000,175,598 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.06 19:10:50 | 000,143,440 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.06 19:10:35 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.06 19:10:35 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.06 19:08:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.06 19:03:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.06 19:03:11 | 2122,235,903 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.06 19:03:09 | 000,122,929 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012.06.06 17:54:05 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2332116217-2143763194-2837301324-1000Core.job
[2012.06.06 11:44:50 | 000,007,604 | ---- | M] () -- C:\Users\***\AppData\Local\locked-Resmon.ResmonCfg.xgpf
[2012.06.06 11:43:54 | 000,000,847 | ---- | M] () -- C:\Users\***\locked-.recently-used.xbel.anxj
[2012.06.06 11:43:22 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\locked-00002C3C.LCS.tkfo
[2012.06.06 11:42:24 | 000,000,083 | ---- | M] () -- C:\ProgramData\locked-.zreglib.cyyp
[2012.06.06 11:42:24 | 000,000,011 | ---- | M] () -- C:\ProgramData\locked-.tv6.rntp
[2012.06.05 18:26:31 | 1805,090,816 | ---- | M] () -- C:\Users\***\Documents\DVD.ISO
[2012.06.05 18:26:31 | 000,004,316 | ---- | M] () -- C:\Users\***\Documents\DVD.MDS
[2012.06.05 18:21:54 | 2578,579,455 | ---- | M] () -- C:\Users\***\Documents\SAFE_FACHPUBLIKUM.ISO
[2012.06.05 18:21:54 | 000,008,430 | ---- | M] () -- C:\Users\***\Documents\SAFE_FACHPUBLIKUM.MDS
[2012.06.04 17:33:35 | 000,000,040 | ---- | M] () -- C:\Windows\RUNAWAY2.INI
[2012.06.01 15:10:31 | 000,000,856 | ---- | M] () -- C:\Users\***\Desktop\Max Payne 3.lnk
[2012.05.26 20:08:39 | 000,001,155 | ---- | M] () -- C:\Users\***\Desktop\DiRT Showdown.lnk
[2012.05.25 18:12:16 | 000,000,220 | ---- | M] () -- C:\Users\***\Desktop\Sid Meier's Civilization V.url
[2012.05.22 20:55:33 | 000,000,220 | ---- | M] () -- C:\Users\***\Desktop\Hitman Blood Money.url
[2012.05.19 16:11:11 | 000,001,061 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.05.09 20:27:07 | 000,001,594 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF
[2012.05.09 16:53:32 | 000,357,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.06.06 21:49:39 | 000,000,168 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.06.06 21:06:36 | 000,002,765 | ---- | C] () -- C:\Users\Public\Desktop\QuickKontoblatt 2012.lnk
[2012.06.06 21:06:36 | 000,002,759 | ---- | C] () -- C:\Users\Public\Desktop\Quicken DELUXE 2012.lnk
[2012.06.06 21:01:08 | 000,000,083 | ---- | C] () -- C:\ProgramData\.zreglib
[2012.06.06 21:01:08 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv6
[2012.06.06 19:20:52 | 000,007,604 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.06.06 19:20:49 | 000,000,847 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2012.06.05 18:26:31 | 000,004,316 | ---- | C] () -- C:\Users\***\Documents\DVD.MDS
[2012.06.05 18:23:16 | 1805,090,816 | ---- | C] () -- C:\Users\***\Documents\DVD.ISO
[2012.06.05 18:21:54 | 000,008,430 | ---- | C] () -- C:\Users\***\Documents\SAFE_FACHPUBLIKUM.MDS
[2012.06.05 18:08:36 | 2578,579,455 | ---- | C] () -- C:\Users\***\Documents\SAFE_FACHPUBLIKUM.ISO
[2012.06.05 17:54:50 | 000,000,083 | ---- | C] () -- C:\ProgramData\locked-.zreglib.cyyp
[2012.06.04 17:33:35 | 000,000,040 | ---- | C] () -- C:\Windows\RUNAWAY2.INI
[2012.06.01 15:31:40 | 000,000,856 | ---- | C] () -- C:\Users\***\Desktop\Max Payne 3.lnk
[2012.05.26 20:08:39 | 000,001,155 | ---- | C] () -- C:\Users\***\Desktop\DiRT Showdown.lnk
[2012.05.25 18:12:16 | 000,000,220 | ---- | C] () -- C:\Users\***\Desktop\Sid Meier's Civilization V.url
[2012.05.24 17:03:46 | 000,002,975 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zinio Tablet Reader Beta.lnk
[2012.05.22 20:55:33 | 000,000,220 | ---- | C] () -- C:\Users\***\Desktop\Hitman Blood Money.url
[2012.05.19 16:11:11 | 000,001,061 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.05.09 20:26:11 | 000,001,594 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.17 18:03:35 | 000,000,087 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.12.22 15:58:26 | 000,000,974 | ---- | C] () -- C:\Windows\SysWow64\setup.ini
[2011.12.22 15:58:26 | 000,000,473 | ---- | C] () -- C:\Windows\SysWow64\layout.bin
[2011.12.11 05:03:58 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.12.11 05:03:58 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.10.28 11:40:48 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.10.01 00:01:25 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.28 23:35:45 | 000,000,040 | ---- | C] () -- C:\Windows\RUNAWAY.INI
[2011.07.27 12:50:24 | 000,007,604 | ---- | C] () -- C:\Users\***\AppData\Local\locked-Resmon.ResmonCfg.xgpf
[2011.07.25 13:51:40 | 000,038,439 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.06.29 15:24:56 | 000,000,371 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011.06.15 21:31:58 | 000,000,011 | ---- | C] () -- C:\ProgramData\locked-.tv6.rntp
[2011.05.14 02:52:16 | 000,000,000 | ---- | C] () -- C:\Windows\Secrets.INI
[2011.05.09 02:53:32 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.04.29 10:43:46 | 000,000,087 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
[2011.04.24 00:27:28 | 000,000,062 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2011.04.17 08:21:56 | 000,000,021 | ---- | C] () -- C:\Windows\Quicken.ini
[2011.04.09 22:03:14 | 000,005,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.07 23:30:24 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2011.04.07 23:30:24 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2011.04.07 23:30:24 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011.04.07 23:30:22 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2140.INI
[2011.04.07 23:29:39 | 000,000,250 | ---- | C] () -- C:\Windows\Brownie.ini
[2011.04.07 23:27:07 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.04.07 23:27:07 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2140.DAT
[2011.04.07 13:50:15 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.04.07 13:50:13 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.04.06 22:14:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.06 21:44:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.06 21:43:32 | 001,830,866 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.21 14:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll
[2010.10.21 14:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll
[2010.10.21 14:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll

========== LOP Check ==========

[2012.05.07 00:48:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.mono
[2011.10.23 23:06:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\2K Sports
[2011.06.23 14:29:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Activision
[2012.02.08 21:34:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2012.01.18 12:06:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BigHugeEngine
[2012.04.04 15:57:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\bizarre creations
[2011.10.23 15:46:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BlackBean
[2011.07.08 12:44:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Brawsome
[2011.08.04 17:15:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command and Conquer 4
[2011.07.31 14:40:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ContentGuard
[2012.06.06 19:08:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.04.17 08:30:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DataDesign
[2012.06.06 19:09:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2011.05.26 14:55:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EAC
[2011.07.26 23:50:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ESM-Tools
[2012.06.02 15:01:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.07.28 11:57:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GoContactSyncMOD
[2012.04.23 22:47:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GOG.com
[2012.04.03 01:38:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.08.15 19:11:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ivacy
[2012.05.02 17:49:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Kalypso Media
[2012.06.06 19:22:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass
[2011.04.06 22:22:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2012.04.11 13:56:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LegacyInteractive
[2011.04.17 08:28:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexware
[2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LucasArts
[2012.04.27 17:01:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda
[2012.02.29 14:05:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mkvtoolnix
[2012.03.05 20:43:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2011.05.13 14:51:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MusicBee
[2012.04.18 21:27:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MysteryStudio
[2012.03.27 15:19:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2011.10.21 14:40:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin
[2011.07.28 11:27:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Outlook
[2012.05.07 00:51:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pole Position 2012
[2011.04.22 01:35:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PQube
[2011.12.07 16:56:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDISC
[2011.12.03 11:36:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PunkBuster
[2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Red Alert 3
[2012.04.15 22:52:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Red Alert 3 Uprising
[2012.06.06 19:01:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rprmdwdo
[2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\runic games
[2011.11.08 18:21:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Songbird2
[2012.03.30 10:54:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tropico 4
[2011.08.10 09:47:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tropico 4 Demo
[2011.12.19 21:40:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2012.06.06 19:21:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TVgenial
[2012.04.28 17:13:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TwonkyMedia
[2012.04.28 17:10:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TwonkyServer
[2012.03.16 22:00:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft
[2012.06.05 19:14:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent
[2012.05.22 17:18:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
[2011.12.08 13:10:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1.bak
[2012.04.01 01:42:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1.sic
[2012.03.15 00:50:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1.sic2
[2009.07.14 07:08:49 | 000,027,846 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:364682BC

< End of report >


extras.txt:

OTL Extras logfile created on: 06.06.2012 21:51:47 - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\***\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,97 Gb Total Physical Memory | 4,82 Gb Available Physical Memory | 60,51% Memory free
15,94 Gb Paging File | 13,04 Gb Available in Paging File | 81,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 73,05 Gb Free Space | 7,84% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 58,59 Gb Free Space | 6,29% Space Free | Partition Type: NTFS

Computer Name: COMPUTER677 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.ini [@ = Notepad++_file] -- Reg Error: Key error. File not found
.txt [@ = Notepad++_file] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07079019-BAC2-408D-8BE2-0613F94B82DA}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{08C8B36B-515D-4AEC-B6C9-F33548CEF89F}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{1A38F24D-438C-472B-88E6-6F8D4A6B6B3C}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{1F370DF9-FAD4-407C-A33D-5F084AC36979}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1F9A2A7A-AFDA-4A4E-88A6-62FC23EB0157}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2DAC6330-BA79-41CC-ADD9-83935F7A1C9A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{30957B6C-EE69-4F41-86DA-82DD4E3E36FD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4321DA8A-C18B-4D43-A244-A9B850B8BE12}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4A9E6A18-D19F-4EFF-9BEB-9108F3320185}" = lport=138 | protocol=17 | dir=in | app=system |
"{4BD71C72-2D6F-4C80-AA7B-E64C9017416D}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{556A9AE2-49A0-4AD4-9139-845AD749794E}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5843E091-B4D3-4E3F-8BC0-164C9BF1EE40}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5AF51FC0-F305-431F-8ECD-DD623A1A9537}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{5DA53699-BE38-4DC0-A69D-08FDF13E01C8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{623F3DFF-8536-4DDF-B5D8-2F4C68F796FC}" = lport=3333 | protocol=6 | dir=in | name=network caller id |
"{6262B7E5-B5DA-40E1-ABF8-6C1E5360DC01}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6344BAB9-3AC9-4848-AD40-8B0A734BA970}" = rport=445 | protocol=6 | dir=out | app=system |
"{6749B654-7187-4D0C-A965-ED4932C6C68E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6ABA42A5-B5BA-45A1-B878-B568C7592DC6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{72A47412-350B-4E6E-9E1E-1C791561C6ED}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7334FFCF-D383-486D-9019-03FF3105F6A6}" = lport=445 | protocol=6 | dir=in | app=system |
"{99468133-9119-4922-A378-FB0B4470B40C}" = rport=139 | protocol=6 | dir=out | app=system |
"{9D8B3644-034F-4B08-9F00-D447BE477C97}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9DA1E87B-24DA-4A97-B78A-6B6BB9650B8D}" = lport=139 | protocol=6 | dir=in | app=system |
"{A4297212-A50F-49AD-AAA6-93F53CA07633}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AA331C79-7D8D-4285-A83E-F496F4D09E31}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B0121EE2-CF39-4BFE-8B6B-14C854176376}" = rport=138 | protocol=17 | dir=out | app=system |
"{B257455F-1FEE-437E-A0E6-D2CB1D7F25BB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE7E4A75-6959-4599-A72D-DE192E0DD36B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BEE13D73-AA7F-44D1-9E04-7AEE00B26A34}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C089FAB7-71E7-46AD-920B-C7D76535EF83}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C1B16FB1-B9B5-429D-B508-6736F9C325FB}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{C4E010E2-C0A7-4F84-A6EC-54C7F119B9EF}" = lport=137 | protocol=17 | dir=in | app=system |
"{CBBCC64A-975D-478B-8EBF-2BDF63C54FB7}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{D4C9C895-A1FA-4FF0-ACDD-16DEE20DC580}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DE05AF0F-96CA-4F1F-B026-A09E1B140F86}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E368BB7A-EB39-451D-B5A2-C1D244026BEE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F939E50F-FB5A-47AD-B3BE-1F10FB9DE00A}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04ADBA1F-054D-401D-B087-BDE7DE3249AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0525FA8A-B6B5-4C47-BE58-43DDAF05A26F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{05993B37-B41E-4C36-B247-FC9A7AE5F15A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0645547D-CFB5-4348-8FAE-1EF0E4338E9E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
"{07E27360-33CD-4402-BBCF-AB894EEF3547}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe |
"{07FD1051-7026-4E8E-90F9-8EF3EA7730E8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{099CF369-DEA5-4D03-8199-492200764006}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{09E12737-0FCB-4885-B69B-F02F1E058549}" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkystarter.exe |
"{09E5888C-5AE6-4BCA-9325-B67E6CE64D8C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{0A5219A5-9D30-4C9B-9CE4-98616766BB3C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\powerdvd11.exe |
"{0ADCE080-F620-46F5-9A25-1AAF92C38270}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{0C675F38-A85C-4789-B8DA-9F931BE22B9F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{0C796A86-8925-4974-8E3C-6BE0CE199D26}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\need for speed the run limited edition\need for speed the run.exe |
"{10EC6CDB-4DE7-4245-B530-A6C142E00E9F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\pdvd11serv.exe |
"{11407DE3-13B8-46EE-9917-9286D37053D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\syberia\game.exe |
"{1162D98C-5280-4347-A441-A90B2A1478BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{11D10033-B046-4624-B106-14CFF7FB4C45}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\virtua tennis 4\launcher.exe |
"{11FD4058-1C54-4209-8C4C-8BF13A4D6EDB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{12470128-3837-4775-A030-8E3557F5BFD4}" = protocol=6 | dir=in | app=d:\spiele\dragon age 2\dragonage2launcher.exe |
"{12844895-7DFD-401B-A507-18F0892920F6}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\need for speed™ undercover\nfs.exe |
"{135B0A2E-8404-475A-A121-EC1419B6C33D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\from dust\from_dust.exe |
"{141CDC0D-25ED-4465-B9A2-5081A3541075}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\driver parallel lines\driverparallellines.exe |
"{14E7EA8E-EAB7-4B75-A64D-6DC46B6FFE82}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{150DDEB9-7DBB-4527-9D26-A9ED8B905247}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
"{1593C7B6-0106-4EC4-B31D-E7AA57B78F73}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{164C4E47-6FD9-4C42-9D5E-8C7042839782}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{164FE90D-73BB-4C95-9123-E132F56DE4AD}" = protocol=17 | dir=in | app=d:\spiele\dragon age 2\dragonage2launcher.exe |
"{1712AB36-DA9D-43D0-8A72-76CB718BAA27}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{17BB54B6-887D-4A9D-9D18-2617E964E98A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 2\dirt2.exe |
"{1888AB9E-19C2-43EC-B857-FEBCCEAB0EC3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\runaway the dream of the turtle\runawaytdott.exe |
"{18D8DE57-F464-427D-9477-D8D61F4942E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe |
"{1A917D5E-8146-458F-8DF8-6B8B15F452F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction armageddon\redfactionarmageddon_dx11.exe |
"{1B7221DF-FEE7-4DE7-BD60-FA2CBD939000}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt showdown demo\showdown_demo.exe |
"{1BD7B623-D5DF-4240-A3A6-4679D3C48BD7}" = dir=out | app=%programfiles% (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{1BDB0691-51D4-4502-B0B4-7127CE393629}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt\dirt.exe |
"{1C209ED9-4275-4190-84F4-BEB0911B625C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction armageddon\rf4_launcher.exe |
"{1C890F70-88BF-4CC5-90C7-0876B998B1AF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
"{1E6507AA-0DFB-491C-A557-E3AC8401EF15}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\mass effect(tm)\masseffectlauncher.exe |
"{1ED31DE8-E8E3-4283-B8AB-4BDFD06E3EAB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe |
"{219E2E7A-C2FF-48AE-A0CD-B8486800BD67}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\mass effect 3\binaries\win32\masseffect3.exe |
"{22F226AC-7CAA-4A70-A1BB-0E2593F0AF45}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\driver parallel lines\driverparallellines.exe |
"{23FA060C-C421-47E8-A29D-DB4E28E2E9D0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
"{27251798-0761-42C8-8390-ED37C3CDC8FD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{27C2AA02-979D-40C7-A998-D8B88B9E8AE3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\runaway the dream of the turtle\runawaytdott.exe |
"{29EBAC88-A5AF-4B4B-BE20-905590270885}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2A28412B-7473-4CC2-B605-40E2B4204991}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\broken sword 3\bstsd.exe |
"{2A2B39AA-4E89-4BB0-BCBC-DA16DB162026}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe |
"{2AC9DF9F-6DC9-4CE9-9291-8949F087D3AE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2ACDACF4-F219-4CBB-A038-1F3DCE73E237}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\runlauncher.bat |
"{2CB80525-0947-43E4-9A40-81B1C1910F0E}" = dir=out | app=%programfiles% (x86)\kalypso media\port royale 3\appdata.exe |
"{2D99E0AE-5DDE-4835-BC34-32F35CC247ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bully scholarship edition\bully.exe |
"{2F33FA62-F41D-4BCA-9A46-7F6214471426}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\fifa soccer 12\game\fifa.exe |
"{2FAD90F3-580F-4F6A-B636-A125653B9EAC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3060B90D-D667-463A-ADE6-A07BDD40278C}" = protocol=17 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{30DF4119-4EB3-41D1-AE80-2114757C44EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{316AE8BE-2152-4198-BDE0-CD59725650DE}" = protocol=17 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\acrmp.exe |
"{32671100-BFB0-49F9-B6F9-C1EFAE4115F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{3373A350-9F4E-4CFC-8804-87C2AC5C9CAE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{34610804-991F-4C3E-B23B-FED8BF1973B3}" = dir=in | app=%programfiles% (x86)\kalypso media\port royale 3\appdata.exe |
"{355C5BB7-EC98-4006-B626-25454721524D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |
"{36F682D9-25E8-4BE4-AEE5-AEDB2DE0442B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{37136F2B-2037-441E-BA54-1D169789B3C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{391EEC7F-C63D-4C88-90AB-A77702AE5D9C}" = protocol=6 | dir=in | app=c:\program files (x86)\packetvideo\twonkybeam\tmslite\tms-beam.exe |
"{3A1C45DC-6486-4EAD-BE19-14267627B805}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{3A31BB95-6394-4414-9578-EBE973EB150E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the guild 2 renaissance\guildii.exe |
"{3A847941-7FC4-45AE-A4B0-EA552A60B82D}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\need for speed™ undercover\nfs.exe |
"{3B5931A7-F0B7-41F8-91D9-72883878BBAB}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{3B73D5F8-B18C-434A-82FF-AD45B23F73DE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\virtua tennis 4\vt4.exe |
"{3C032F4B-655A-4A9A-BD03-60D730DB52D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe |
"{3C2CD206-5BFD-4A5B-B4C2-1484D1236816}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{3D0E8693-37D2-4796-9B57-D423ABAFA74D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\broken sword 3\bstsd.exe |
"{3D810912-FC51-4F7B-98ED-0553A2CE225D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3F585BC1-BB00-41F6-8A07-FD5E401C4E3E}" = dir=in | app=c:\program files (x86)\kalypso media\port royale 3\portroyale3.exe |
"{4003D9B2-938A-41F4-9B4E-0659A00673CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe |
"{405EA4E4-DA51-4237-BC21-E5FFC0C74088}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bully scholarship edition\bully.exe |
"{42F3C16B-1961-4788-A07D-EF60A8940A38}" = dir=in | app=d:\spiele\electronic arts\command & conquer 3 kane's wrath\retailexe\1.2\cnc3ep1.dat |
"{43047640-C09E-43C9-A9F3-200799D0E4BA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{43472933-6F8A-4CDA-BE66-8D6679CD1C30}" = protocol=6 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\acrmp.exe |
"{44D88226-BA0D-49BA-BE66-4CC4533F59A3}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\mass effect 3\binaries\win32\masseffect3.exe |
"{45B886E1-CFA9-4A9F-A71E-F303B884A0F9}" = protocol=6 | dir=in | app=d:\spiele\codemasters\dirt 3\dirt3_game.exe |
"{45F29B69-AD57-4913-9172-B295D509F33F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{471982BB-CACB-4823-B574-6D4C6A188701}" = protocol=6 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{476F5E53-3376-4B71-80D1-3C1D90B1F559}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{48C03F16-7EA5-4A71-A5A2-99BE17AAFA30}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\broken sword 2\brokensword.bat |
"{4923689B-E19C-4E81-ABCB-7BC1B19422D8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4961B935-6CFF-4C45-A8EA-79ADA9A4E3C2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oblivion\oblivionlauncher.exe |
"{4AB68D1C-CC19-4712-A851-74FC7B206CDD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt\dirt.exe |
"{4C489DC8-03CB-4AFF-9CC9-C728F0425591}" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkybeam\tmslite\tms-beam.exe |
"{4C973D36-F89E-48B1-A1F7-F9C0417995CF}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\need for speed the run limited edition\need for speed the run.exe |
"{4D2C3CCD-FB74-4FE6-B459-E9FC98C8473B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\syberia 2\game.exe |
"{4D632E11-E404-4512-BB92-4FBBAECA3D41}" = protocol=6 | dir=in | app=d:\spiele\rockstar games\eflc\launcheflc.exe |
"{4E460486-E7B9-4391-8376-8A7B8599C60A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{52F4DAB4-401D-4C9A-9F37-9AE83CD789A9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{53367FC4-887C-4955-B11E-4919D370681F}" = protocol=17 | dir=in | app=d:\spiele\disney interactive studios\split second\splitsecond.exe |
"{55B77324-0262-4CCA-8F12-9F3DABDDB655}" = protocol=6 | dir=in | app=c:\program files (x86)\twonkymedia\twonkymediaserverwatchdog.exe |
"{56B05415-504B-4231-8EC1-E2F1B79D2955}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{5ADC8666-2B8F-4FF7-A80A-1D0ECA7557D2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5B41B688-1863-47EB-B628-800F9E992709}" = protocol=17 | dir=in | app=d:\spiele\rockstar games\eflc\launcheflc.exe |
"{5F982D77-288C-46C3-B15F-DD77E9638AE3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{615B5D12-90FC-4187-AFDD-F2035C424523}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\fifa soccer 12\game\fifa.exe |
"{62B538B3-63D6-493B-AC76-917996B595E8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{63590C2E-B45B-4B45-9E45-6E84ED50D856}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\f1 2011\f1_2011.exe |
"{635BB72D-AD80-4873-8000-7FBEA8981DAB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{688816DF-8BDC-4DAC-90A8-DCD0310E8A1F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe |
"{6972E647-D906-45C9-AFF5-52AB9064B635}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{6D333D5F-5AF7-4666-BB95-4C17DBF13A03}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction armageddon\redfactionarmageddon_dx11.exe |
"{6DBEB15B-B7A5-4147-B38C-B07D855D076C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monkey2\monkey2.exe |
"{6DC66949-95DA-4F69-9566-CDA40D52053B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6E0B9818-653E-4817-BD6A-C73712396091}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe |
"{6EE0607B-EB92-44B4-8F5D-284C002A81FA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{70935B4B-7045-4190-9F64-B34963AE9587}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops rcon\blackopsrcon.exe |
"{717FA88B-1371-4887-BE5B-F71DBD841F0B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{728E6038-57C1-4793-8D94-C8A318FA92D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\syberia 2\game.exe |
"{74A285F2-B178-4A39-9D08-BD9186A7D47D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\virtua tennis 4\launcher.exe |
"{75810FC5-7FE6-431A-A62E-3871BEC0D31D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt showdown demo\showdown_demo.exe |
"{75ED039A-8806-4018-B40D-F127783123A5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe |
"{761F2DCE-4978-45C8-931F-A5613DD462BA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{761F8662-42FB-4257-9819-1AB7AC7F3D27}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe |
"{77CD4E3B-FA46-4DB2-B9E0-5BE7F3445EAE}" = protocol=6 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\acrsp.exe |
"{79C08357-682A-4B9B-B7B8-CBA77BD0CE8A}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\mass effect(tm)\binaries\masseffect.exe |
"{7A184AFE-4F31-4D46-847D-C0D7614A339E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction armageddon\rf4_launcher.exe |
"{7A7229CB-1493-46B7-90B1-AF6B0F3B6A30}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7AAF2A73-F880-49DA-AD53-3B7B1C2E22BC}" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkyserver.exe |
"{7ABA8879-E537-4D10-8C7A-47F65CB95A60}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\kingdoms of amalur reckoning\reckoning.exe |
"{7B29C6E5-32D3-4063-810B-4B8E5ACB48C4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7E818D6E-3796-4897-AC12-B3CE2DFEA16E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{809A0939-5F91-4BB3-AFF5-769CB4055A00}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\docs\ea help\electronic_arts_technical_support.htm |
"{80BE146A-CEF2-4B32-B413-316C4ED3FB8B}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{813A7159-7047-4F45-9FED-151ABAC63C92}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe |
"{81E9DE97-B87A-4F04-BB17-CC5BD3A8DBC6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{825E8ADC-3D39-4801-8732-4422B2ED5B46}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{831317EC-567D-4816-9626-B87FD10321A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grid\grid.exe |
"{831DC34C-B378-48D8-A7CB-3CCB9D051996}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
"{838C207A-9479-40C5-BF48-BAC6D120A8FB}" = dir=in | app=d:\spiele\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat |
"{86A0C8D3-9153-42A3-A6A7-88127DEBBD14}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{8789D27E-3E2F-4386-B9FF-32D23117E6EA}" = protocol=17 | dir=in | app=d:\spiele\codemasters\dirt 3\dirt3_game.exe |
"{8862F014-E49A-4729-BF77-C8619803E33C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\runaway a road adventure\video card setup.exe |
"{89AF12D7-BC60-4453-9824-FB9C8896FB85}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe |
"{8A3D87CB-5FD1-4956-8788-211AB854ACCF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poker night at the inventory\celebritypoker.exe |
"{8AA34C69-4F02-447A-948D-2C8BA38CD01D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8C6629E1-F745-4115-B3E6-7409A5254A90}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\driver san francisco\driver.exe |
"{931EE64C-E8F3-4C98-972E-F4DF7A7592DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 2070\anno5.exe |
"{940D3F3C-9418-493B-905A-48718AF27148}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{95B6E9A8-43A6-465A-BA1F-2E5E0258901A}" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkyserver.exe |
"{95E12FE0-04EC-46D7-A24B-DFC6EAA986BB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\docs\ea help\electronic_arts_technical_support.htm |
"{96EA3626-2D09-4BE4-8C54-D0D72180935F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{97C0E2DA-F4F5-405B-B95E-7975CE5FFEAC}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\mass effect(tm)\masseffectlauncher.exe |
"{97C86014-CE45-4900-BA93-FA7D75E03715}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\runaway a road adventure\video card setup.exe |
"{981D9147-4799-4FD7-B4C4-51851A27444A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\broken sword 2\brokensword.bat |
"{99C41CC2-6B76-44ED-A52C-B0CAC4DD2A71}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{9AF7EB69-B437-49AC-991A-79BF19D74A2F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{9E660286-E229-4973-90E7-2B560C083622}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\kingdoms of amalur reckoning demo\reckoningdemo.exe |
"{A1A11357-2EC2-4D66-B809-4C533C6FD58C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A21FFCF0-1396-4A5E-B1BA-F66DAF4F31EE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe |
"{A2731423-30E4-4FF7-8AB4-6E689512C273}" = protocol=17 | dir=in | app=c:\program files (x86)\twonkymedia\mediamanager\twonkymediamanager.exe |
"{A293111A-2AFC-4EF2-9E58-36BC651F3317}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A2DFCFA8-F8CC-47C6-B897-6C59A8BB771B}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\mass effect(tm)\binaries\masseffect.exe |
"{A35ED826-0627-41C5-995E-E8EA575988CB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A3BB10F3-1F93-4000-8E13-FC776054C107}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oblivion\oblivionlauncher.exe |
"{A3C2203C-F31A-43E8-BC2A-CBC9842042F8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe |
"{A6029BA6-CBAD-4AEA-B203-B49D2FE71460}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A6926B6E-A976-4E12-84C9-2D26AC39A8F9}" = protocol=6 | dir=in | app=d:\spiele\dragon age 2\bin_ship\dragonage2.exe |
"{A75A9622-4045-4BBF-BB55-80C1A10191E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\runaway a road adventure\runaway.exe |
"{A954F3D6-506A-407B-830E-627239187971}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe |
"{AA673FD2-6297-4614-8A5D-56D825BBB82A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
"{AB15EC6C-7123-434E-AC48-B2ECAD36038B}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{AEF87C11-4FA6-4B82-8BE4-6DD77439E481}" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkystarter.exe |
"{AF398751-F3D2-4F50-B693-7CB88F99EC6B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{AF621AA8-E119-4822-B798-621D0E730C2F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{AF64518B-DD17-4271-8B81-B7E0A8F64D44}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AFC21CE0-506F-4C7E-A314-BE80A82C884D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\runaway the dream of the turtle\video card setup.exe |
"{AFCE65D1-19E2-47EB-9287-696A74BD9D04}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe |
"{B3981839-C97E-411B-AEF4-2177056A103E}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{B4DB546D-1692-4A6C-903F-ABFA1FD2EB0E}" = dir=out | app=%programfiles% (x86)\kalypso media\port royale 3\portroyale3.exe |
"{B5B6327B-B87D-4D36-85E1-2CBCB15F1A65}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum of solace\testapp.exe |
"{B6E3D35F-D9E6-47A5-B58D-8DD76DEEE044}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B8EF3ED1-93F1-4EBB-84D1-2D4EC9E20F4D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B9183AD3-940B-49BE-96F2-381FC4A62836}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\test drive unlimited 2\uplauncher.exe |
"{B936A981-BDBC-4780-A4FC-3CEBDB35CC9C}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\kingdoms of amalur reckoning demo\reckoningdemo.exe |
"{B991BF38-D609-448A-9074-E44A29B6C79A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\binaries\win32\batmanac.exe |
"{BA6654FF-448C-4A4D-BDBC-A8B15D0A58B6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 2070\anno5.exe |
"{BB8D3DFB-BC0B-4787-A6D9-452FE296A9DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe |
"{BBA4506A-78A5-4913-836B-7260D281FF70}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BBDE134F-21C4-4823-B60F-EF1F1C8A8C2E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{BC173678-1E9A-4F73-95EE-C0579A4360A0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
"{BC6DB606-D16E-4BCF-8E36-E77801A8F1D3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 2\dirt2.exe |
"{BEB2D249-7A34-4AF0-9340-29693F25983E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the guild 2 renaissance\guildii.exe |
"{BF879B39-AD64-4C32-9C4F-BF3F7E2D8415}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bonuscontent\launch.bat |
"{BFF439AA-AFA9-4F19-B450-68EA10EAFA29}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{C1234128-62BA-4B34-8F47-6035829F3011}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction armageddon\redfactionarmageddon.exe |
"{C1D68001-E69E-4AE6-906C-FF9AD7BD3D61}" = protocol=17 | dir=in | app=c:\program files (x86)\twonkymedia\twonkymediaserverwatchdog.exe |
"{C620627F-D63A-440B-89A1-722CD0BD10BE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe |
"{C676D494-D493-4319-AF6D-7D3A10E85A0A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C6E39A19-2B15-4EB2-BBFB-4E4A540B9E26}" = dir=in | app=%programfiles% (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{CB01C104-6AE2-4236-B872-E3B4681FB142}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{CBECF99C-0BEE-4B1A-A378-BBE58895A64C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{CE20EAA4-FBD1-4D05-A2A4-F0F53A080186}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\f1 2011\f1_2011.exe |
"{CE3CA614-FB2C-413F-BD30-98D11D647202}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{CE90D3FB-EFE2-4D7C-B0F0-2ABD43A93176}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia\game.exe |
"{CFDCA182-E586-4B5A-B164-CA054ED4CD88}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe |
"{D26FF957-AE43-4C74-B887-4767F8451EE5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\runaway a road adventure\runaway.exe |
"{D29EF0AD-9241-4E4B-8A80-125E48642F28}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\runlauncher.bat |
"{D323CE74-60C0-4EE0-9456-5EC503C90367}" = protocol=17 | dir=in | app=d:\spiele\rockstar games\max payne 3\playmaxpayne3.exe |
"{D46969FA-1FB8-42DD-B4A8-C5A1882D633B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\binaries\win32\batmanac.exe |
"{D620F3D0-C926-453D-99ED-A545D8A8C022}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D67C0D63-C9B1-4170-8204-4A90CA3BFD4F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D93DCCB4-2079-48B5-92E7-9C176B6BFB4D}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\kingdoms of amalur reckoning\reckoning.exe |
"{D95788F1-FF67-4826-8D4D-B3D732EDD6AA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{D9A961A9-4D22-4269-BDA7-A2837A8B64DA}" = protocol=6 | dir=out | app=system |
"{DA5DF1DC-B08D-4508-8B61-3A2BF3F68B3B}" = protocol=6 | dir=in | app=d:\spiele\rockstar games\max payne 3\playmaxpayne3.exe |
"{DB9E9803-A32D-4378-9668-F714B6CB2997}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{DBC9C2D7-940B-4ECD-B752-02A6B513DE7C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe |
"{DBD1FD71-FC4A-45F5-8655-9B89573F8F11}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{DBEE98A7-F1B4-43B2-8622-23F71AED79FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bonuscontent\launch.bat |
"{DC825FB0-15A8-4E7C-AE3E-8DBA7DD2F4A7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\test drive unlimited 2\uplauncher.exe |
"{DD06856D-CB43-422F-82A7-5C107F10D446}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\common\mediaserver\clmsserverforpdvd11.exe |
"{DDD2704F-6E13-408D-8C9C-2B48AE00605F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe |
"{DDDF5673-BF4E-4303-B16D-948069D2145A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |
"{DFCD464A-A4F2-4345-9670-6207EA2A84B5}" = protocol=17 | dir=in | app=d:\spiele\dragon age 2\bin_ship\dragonage2.exe |
"{E040034B-F196-457D-A343-31569849F05F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{E13B089E-352B-4D93-B92A-ACF199382029}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe |
"{E17D2E29-1D7E-4722-B4CC-BE868403ED73}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poker night at the inventory\celebritypoker.exe |
"{E240FB7F-8A77-4B9C-9B95-E127717188E9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grid\grid.exe |
"{E31C178A-3D3D-43ED-9A79-ACD01ED01ADB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{E464EAC7-AD8A-4DA8-B2BF-BA2EF81FB5D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{E4663410-483C-4585-A3C5-294579128617}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monkey2\monkey2.exe |
"{E5F105ED-DF90-432C-9B9C-152C9391C425}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{E8C08C8D-196F-4B50-A578-5B0DAE83B171}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{E8F3A4B0-B554-4823-9B18-3E4227E8AAE2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction armageddon\redfactionarmageddon.exe |
"{EAEAFA43-B303-4CAC-A801-30E1C2D26F37}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia\game.exe |
"{EC1A5427-A442-4385-B85E-839E524A74CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ECFB9F36-5221-40B6-AB09-79535255FDFF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe |
"{ED05D442-C672-4FCC-AB1E-5B8DE9E4CFA4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{EF519410-0F02-479C-84AB-FFC3B79A1826}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
"{F14C2D0D-023F-4B98-87F2-38ABAD11A582}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum of solace\testapp.exe |
"{F286D02C-CB44-4EF2-A286-FB3451931131}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{F31831E3-0ADB-4EF9-9635-DD000023A72F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe |
"{F3D491CA-6699-48B2-8A1D-9405E3AAED0D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
"{F49783DE-00C0-4ED0-B923-A7593C4B46CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\virtua tennis 4\vt4.exe |
"{F4CF2523-8AA5-491B-AA88-056AF3F03569}" = protocol=6 | dir=in | app=d:\spiele\disney interactive studios\split second\splitsecond.exe |
"{F4ECE582-4506-4FCD-B6F5-39197285F60C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\runaway the dream of the turtle\video card setup.exe |
"{F6124DAA-AE49-44B2-98D4-56048AD68285}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{F6445840-2C68-41CD-A1BA-9AE19711E40F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\driver san francisco\driver.exe |
"{F73C549C-F32F-447F-A775-BD5CB4C19EC1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{F7505251-2AAA-4AAF-8019-79B897A1FAA5}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{F7E314B3-7BDC-4A62-93EE-3727D5629704}" = protocol=6 | dir=in | app=c:\program files (x86)\twonkymedia\mediamanager\twonkymediamanager.exe |
"{F93A4B25-D5B3-4481-9C30-0A32FC5159DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops rcon\blackopsrcon.exe |
"{FA3B318E-DEC1-4787-B42D-C7CA1CECD611}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\from dust\from_dust.exe |
"{FA401A7C-1105-410C-B68E-B363E4607811}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\syberia\game.exe |
"{FB090C11-2BC9-43D1-9D02-84F56155BE9C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{FC278A29-A879-48B6-A4E4-8370D13B25E2}" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkybeam\tmslite\tms-beam.exe |
"{FC565523-C3C5-4668-8ED9-8B3D15B10CBC}" = protocol=17 | dir=in | app=c:\program files (x86)\packetvideo\twonkybeam\tmslite\tms-beam.exe |
"{FE4DECAE-F6BD-4395-99FD-1ADF9B0B54F6}" = protocol=17 | dir=in | app=c:\program files (x86)\twonkymedia\twonkymediaserver.exe |
"{FF0D9EC2-1642-4988-BD8F-38C1B81B2EF3}" = protocol=6 | dir=in | app=c:\program files (x86)\twonkymedia\twonkymediaserver.exe |
"{FF4AC1FC-C051-4D63-9A3E-22DB474904A1}" = protocol=17 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\acrsp.exe |
"{FF4D97F9-C97D-4B26-BA49-778A8BC74960}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"TCP Query User{000D9CA1-50F4-42F0-9704-93C695A0C7A4}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{0DAE883B-52B0-4507-9E60-7E6B0B1B31C3}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{0FD6E3E2-C617-4AA9-999D-EF2DA8E12DF9}C:\program files (x86)\twonky\twonkymanager\twonkyrenderer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkymanager\twonkyrenderer.exe |
"TCP Query User{3019FBB9-DE2B-4335-9860-F0C01266E227}C:\program files (x86)\twonky\twonkymanager\twonkymanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkymanager\twonkymanager.exe |
"TCP Query User{304FC0F1-D61F-4E9F-88B4-02FBFBAEDE58}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe |
"TCP Query User{3439DE0D-71F8-44DC-892F-C9772E63B973}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{3B3C0A6F-08A5-4C53-80CD-6C7E538B9E10}C:\program files (x86)\netbeans 6.9.1\bin\netbeans.exe" = protocol=6 | dir=in | app=c:\program files (x86)\netbeans 6.9.1\bin\netbeans.exe |
"TCP Query User{3BA549E6-DD8B-4180-9FA5-3B28579C6410}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{3CF9F3E0-261F-4C26-B042-D6AD5535437E}C:\program files (x86)\steam\steamapps\common\blur\blur.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe |
"TCP Query User{3F66CD30-CEDB-421F-AC15-0817CE767024}C:\program files (x86)\steam\steamapps\common\quantum of solace\jb_liveengine_s.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum of solace\jb_liveengine_s.exe |
"TCP Query User{40032EBF-2649-4F28-B812-EAFE7D1F47C7}C:\program files (x86)\steam\steamapps\common\test drive unlimited 2\testdrive2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\test drive unlimited 2\testdrive2.exe |
"TCP Query User{4F8C9926-A06C-40F8-8A1C-F2A0CF8C8983}D:\spiele\electronic arts\need for speed(tm) shift\shift.exe" = protocol=6 | dir=in | app=d:\spiele\electronic arts\need for speed(tm) shift\shift.exe |
"TCP Query User{5B19A9C7-D3C6-4172-AC15-D1B3DA4D14D9}D:\spiele\rockstar games\eflc\eflc.exe" = protocol=6 | dir=in | app=d:\spiele\rockstar games\eflc\eflc.exe |
"TCP Query User{5B59C28C-2072-45F3-8268-B7B0A44718E6}C:\program files (x86)\twonky\twonkybeam\tmslite\tms-beam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkybeam\tmslite\tms-beam.exe |
"TCP Query User{63D95FBB-4170-43D0-8C02-43E5FFC410F1}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{69223C06-CB8F-4099-A8ED-4200584D1EDE}C:\ruby\bin\ruby.exe" = protocol=6 | dir=in | app=c:\ruby\bin\ruby.exe |
"TCP Query User{7E1EA468-146A-492F-89A1-352E35DD3606}D:\spiele\the witcher 2 enhanced edition\bin\witcher2.exe" = protocol=6 | dir=in | app=d:\spiele\the witcher 2 enhanced edition\bin\witcher2.exe |
"TCP Query User{832921BC-E7EB-494D-93D3-12CE1E92C345}D:\spiele\renegade x black dawn\binaries\win32\udk.exe" = protocol=6 | dir=in | app=d:\spiele\renegade x black dawn\binaries\win32\udk.exe |
"TCP Query User{882CF7C5-4BC5-4FDA-8295-AF5E9FF6C549}D:\spiele\electronic arts\shift 2 unleashed\shift2u.exe" = protocol=6 | dir=in | app=d:\spiele\electronic arts\shift 2 unleashed\shift2u.exe |
"TCP Query User{8979AB65-0EC5-46A8-999D-6A181E84B99B}C:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd.exe |
"TCP Query User{8DA3B70A-5F35-4296-9F07-E1075C43AA03}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"TCP Query User{8F10B101-6831-4B5C-B401-1D066099D02E}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{942FFE9E-1944-4805-8A76-0900DA76B229}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{9D3ED476-2725-4F85-9694-122CE5EF0CF7}C:\program files (x86)\twonkymedia\mediamanager\twonkymediamanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\twonkymedia\mediamanager\twonkymediamanager.exe |
"TCP Query User{A15DF8CC-6D25-425C-90AA-45A335C5828C}D:\spiele\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=6 | dir=in | app=d:\spiele\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game |
"TCP Query User{A49CC675-0EB8-4E5B-A2F4-442E4821377A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{A58ECADF-2AA8-44C4-976E-505CA3B71963}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{B14A4824-A0E2-4DBD-8436-16B1FFD6E08F}D:\spiele\flatout2\flatout2.exe" = protocol=6 | dir=in | app=d:\spiele\flatout2\flatout2.exe |
"TCP Query User{B1E898D1-D4D3-4A91-BB50-20B8F70DAFC9}D:\spiele\rockstar games\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=d:\spiele\rockstar games\max payne 3\maxpayne3.exe |
"TCP Query User{B1FC11DD-1993-466B-A2EA-BB50665F0F0E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{B540861D-ED74-4C89-9B7F-8CCA5D8E3FAB}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{BFA87DB6-AF59-4442-83BA-7CB596088DA9}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |
"TCP Query User{C1F042D0-649C-41B1-873E-FF02A5C11C17}C:\program files (x86)\songbird\songbird.exe" = protocol=6 | dir=in | app=c:\program files (x86)\songbird\songbird.exe |
"TCP Query User{C87621CC-31D4-49A0-A7F5-CD4EF2FEB475}C:\program files (x86)\msi\live update 5\lu5.exe" = protocol=6 | dir=in | app=c:\program files (x86)\msi\live update 5\lu5.exe |
"TCP Query User{D402CD40-CA2E-4453-926C-A38DF1021C5D}C:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbmp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbmp.exe |
"TCP Query User{E99C5246-4F3D-4F50-82AC-1C59DA35F0F9}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"TCP Query User{ED93032C-4AEF-4850-81C1-37F0EEBCB775}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{EE5C55F2-32F8-4D8D-B551-AFBB8E6C01AD}D:\spiele\ubisoft\assassin's creed revelations\acrpr.exe" = protocol=6 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\acrpr.exe |
"TCP Query User{F40CD599-028C-4824-82E7-11B6372C2348}D:\spiele\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=d:\spiele\electronic arts\need for speed(tm) hot pursuit\nfs11.exe |
"UDP Query User{085C8C6F-D791-4E8D-AA75-31E97920F53E}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{0A960B60-B5D5-40FC-A04D-C6A2C7CD762F}D:\spiele\electronic arts\shift 2 unleashed\shift2u.exe" = protocol=17 | dir=in | app=d:\spiele\electronic arts\shift 2 unleashed\shift2u.exe |
"UDP Query User{18D8AB71-8AD4-4BE3-B602-BD5B0CBEC596}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{1C868784-E21D-4D8C-A0DA-9C1370D5AC81}C:\program files (x86)\twonkymedia\mediamanager\twonkymediamanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\twonkymedia\mediamanager\twonkymediamanager.exe |
"UDP Query User{2B2C17A5-0435-4740-A8A6-56239A70E979}D:\spiele\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=17 | dir=in | app=d:\spiele\electronic arts\command & conquer 4 tiberian twilight\data\cnc4.game |
"UDP Query User{3264D148-00FB-467C-98D9-55766283EAB1}C:\program files (x86)\steam\steamapps\common\test drive unlimited 2\testdrive2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\test drive unlimited 2\testdrive2.exe |
"UDP Query User{384E24B0-3C74-42FC-892F-69FA07E015C6}C:\program files (x86)\netbeans 6.9.1\bin\netbeans.exe" = protocol=17 | dir=in | app=c:\program files (x86)\netbeans 6.9.1\bin\netbeans.exe |
"UDP Query User{3DD9DBA4-2B74-4E75-AE2D-34531712D980}C:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbmp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbmp.exe |
"UDP Query User{4043920A-600C-4468-9DA6-E79FA320B2B8}D:\spiele\the witcher 2 enhanced edition\bin\witcher2.exe" = protocol=17 | dir=in | app=d:\spiele\the witcher 2 enhanced edition\bin\witcher2.exe |
"UDP Query User{40DA1DD9-E312-4741-8CD4-47BACFB053AE}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{4307064A-6D85-46A1-8CA5-6403B0B69D8A}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{4C78812C-7D18-4BD4-B277-85F8C0A4DEC6}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{5B25499A-25CE-45A4-BE22-EF17046EBE15}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{5BC1F0C0-EF59-4361-937C-29F8A32281D2}D:\spiele\ubisoft\assassin's creed revelations\acrpr.exe" = protocol=17 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\acrpr.exe |
"UDP Query User{62028CCA-6228-450C-856A-F89371CBA1C7}C:\program files (x86)\songbird\songbird.exe" = protocol=17 | dir=in | app=c:\program files (x86)\songbird\songbird.exe |
"UDP Query User{67FAA403-A522-4E69-A49E-6226BB5B4874}D:\spiele\rockstar games\eflc\eflc.exe" = protocol=17 | dir=in | app=d:\spiele\rockstar games\eflc\eflc.exe |
"UDP Query User{7079FFCB-BC7E-43DC-A12C-23DB8F7204C4}C:\ruby\bin\ruby.exe" = protocol=17 | dir=in | app=c:\ruby\bin\ruby.exe |
"UDP Query User{86A83B15-46FD-4799-BB39-8AAE15F4391A}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{898ED02E-E04B-43ED-AB34-795FC80A86A5}C:\program files (x86)\twonky\twonkybeam\tmslite\tms-beam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkybeam\tmslite\tms-beam.exe |
"UDP Query User{8FB4F0F5-6B8E-4619-A511-74236F02ED55}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{9F49B3B8-894C-47A1-A00C-ABD45251A32A}D:\spiele\electronic arts\need for speed(tm) shift\shift.exe" = protocol=17 | dir=in | app=d:\spiele\electronic arts\need for speed(tm) shift\shift.exe |
"UDP Query User{A149E5DB-B4DF-4FEE-B7C2-C63D4A2C32DD}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{A7D193C6-08D5-4F91-9473-55A455ADA7CD}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{AA23AE06-0396-406E-9F69-D79AD5BE2B1F}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{AB0DC069-042D-41DB-B60D-B6985F34A4D3}C:\program files (x86)\msi\live update 5\lu5.exe" = protocol=17 | dir=in | app=c:\program files (x86)\msi\live update 5\lu5.exe |
"UDP Query User{B8E9AAC8-21B1-4B7C-AC0B-97CE4B807C52}D:\spiele\renegade x black dawn\binaries\win32\udk.exe" = protocol=17 | dir=in | app=d:\spiele\renegade x black dawn\binaries\win32\udk.exe |
"UDP Query User{BA48FA34-1182-42C0-956F-2DBA6E50D5A6}C:\program files (x86)\steam\steamapps\common\blur\blur.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe |
"UDP Query User{BA66B97C-A93A-4B7C-857A-34AF9D748F6A}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |
"UDP Query User{C0178890-7F72-4FD5-B64C-40F97760ABCA}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"UDP Query User{C9B6733F-F770-495C-B0A8-48E7FA6B61BC}C:\program files (x86)\twonky\twonkymanager\twonkyrenderer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkymanager\twonkyrenderer.exe |
"UDP Query User{CABB1D7F-1287-4828-9F42-87EE438FDE89}C:\program files (x86)\twonky\twonkymanager\twonkymanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkymanager\twonkymanager.exe |
"UDP Query User{CC31FB8D-670E-4F5C-AEDF-D20523994351}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"UDP Query User{D84BEDCC-AA3D-400D-8062-C9D5469191D2}D:\spiele\rockstar games\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=d:\spiele\rockstar games\max payne 3\maxpayne3.exe |
"UDP Query User{D86DDAE0-08A5-414C-9F08-954D9EBDB152}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe |
"UDP Query User{E65B0E4D-8946-4585-AB39-9910C70FCD1C}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{E927AC7D-4EA0-4015-9889-AFFEC858C7CD}C:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd.exe |
"UDP Query User{EA185ACA-CC31-48B0-8920-E9C70E1B6E02}D:\spiele\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=d:\spiele\electronic arts\need for speed(tm) hot pursuit\nfs11.exe |
"UDP Query User{F0518E07-8581-4B23-99EF-7277A50B4C40}D:\spiele\flatout2\flatout2.exe" = protocol=17 | dir=in | app=d:\spiele\flatout2\flatout2.exe |
"UDP Query User{F09D5FA8-88D3-4AE4-9F10-78D637D0D425}C:\program files (x86)\steam\steamapps\common\quantum of solace\jb_liveengine_s.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\quantum of solace\jb_liveengine_s.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0921-000001000000}" = 7-Zip 9.21 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit)
"{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}" = Logitech G35
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8A61B820-598D-05B2-5F8D-7388E15AE2DB}" = AMD Drag and Drop Transcoding
"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BC39713D-B14D-4BB0-9663-BC9F7B8AB1F2}" = O&O Defrag Professional
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.17
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"R for Windows 2.13.0_is1" = R for Windows 2.13.0
"sp6" = Logitech SetPoint 6.30
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UDK-1a471f6e-c50d-494a-a882-bedeb3d55b0d" = Renegade X Black Dawn
"Unlocker" = Unlocker 1.9.1-x64

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}" = Need for Speed™ The Run
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1B0FBB9A-995D-47CD-87CD-13E68B676E4F}" = Mass Effect
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{281EBDB4-E1DC-48AD-AA21-1F18BC22C49E}" = Brother HL-2140
"{28526951-55EF-4901-A0CA-B9AC966D1DD1}" = Split/Second
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2C87389F-F0B3-4F7B-BCDD-96E3571AECD4}" = Zinio Tablet Reader
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2FC7CE3A-23E5-41E8-975B-AA0236D649FD}" = Quicken DELUXE 2012
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.03
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3BB70E64-28C9-4FA9-B702-C30D29CC7B74}_is1" = Broken Sword 2 Remastered version 1.0
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{434D0FA0-AB8C-497F-B30A-7A1000018201}" = DiRT 3
"{450008C6-3722-4214-AB4F-9E45B57CB422}" = DDBAC
"{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.0.25
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{68DED384-1F74-4AEE-8B8E-95AF15572FE3}" = Port Royale 3
"{698B7D8B-0F43-4A19-8B9B-47F1EFEB858F}_is1" = ControlCenter
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75EA97E2-BAD7-45DF-8196-82A828BF47DC}" = Royal Doppelkopf
"{761E061F-FB8E-BBB4-69A4-B1DEF3640DB7}" = Zinio Reader 4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CC673E7-5271-409D-B196-BB76DA60300B}" = Twonky Windows Components
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D746EA3-4D2C-4A2F-BB99-BF235EB46370}" = GO Contact Sync Mod
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1644527-B0FF-485B-8412-3C7504A2F188}" = Quantum of Solace(TM) 1.1 Patch
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B02A7816-AA3D-4BCB-9FEC-3ED4D5CC6E5C}" = Royal Skat
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{C3A3F865-CB15-4218-89CF-B23DA3FD1E42}_is1" = A Stroke Of Fate. Operation Valkyrie
"{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}" = Application Profiles
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C908A5AC-4F61-4B9A-8A51-48B5696C53B1}" = Lexware online banking
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{DB451A33-A351-4936-83E2-08B424445766}" = Qw Update
"{DDE59617-F59A-473B-BC4E-C2B81F6CD38D}" = Command & Conquer™ Red Alert™ 3 Uprising
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3BF6182-0310-49C2-A926-8A75516337F3}_is1" = Pole Position 2012 Version 1.0
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{E8828ACA-EB7B-4412-856D-E79318840919}" = MusicBee
"{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F66CEEED-256F-4DD6-9AD9-50ECF89CB286}" = ncid.Net 2.7.21
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"33B31D6D-7EFB-45A3-AC50-4DAF98042443_is1" = The Book Of Unwritten Tales: Die Vieh Chroniken Version 1.2
"Adobe AIR" = Adobe AIR
"Alan Wake_is1" = Alan Wake
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"ArtMoney PRO_is1" = ArtMoney PRO v7.38
"Captain Morgane1.0" = Captain Morgane
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"Downloader" = Downloader
"eMule" = eMule
"ESN Sonar-0.70.4" = ESN Sonar
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Gabriel Knight - Sins of the Fathers_is1" = Gabriel Knight - Sins of the Fathers
"Gabriel Knight 2 - The Beast Within_is1" = Gabriel Knight 2 - The Beast Within
"Gabriel Knight 3 - Blood of the Sacred, Blood of~B6A61117_is1" = Gabriel Knight 3 - Blood of the Sacred, Blood of the Damned
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"Google Calendar Sync" = Google Calendar Sync
"HackerEvolutionDuality" = Hacker Evolution Duality(remove only)
"Haunted_is1" = Haunted
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{A1644527-B0FF-485B-8412-3C7504A2F188}" = Quantum of Solace(TM) 1.1 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"JDownloader" = JDownloader
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.16
"Law and Order - Legacies" = Law and Order - Legacies
"Lost Chronicles of Zerzura_is1" = Lost Chronicles of Zerzura
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Miranda IM" = Miranda IM 0.9.48
"MKVToolNix" = MKVToolNix 5.3.0
"Mozart, Das letzte Geheimnis…_is1" = MOZART de 1.0
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49b
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"nbi-glassfish-mod-3.0.1.22.0" = GlassFish Server Open Source Edition 3.0.1
"nbi-nb-base-6.9.1.0.0" = NetBeans IDE 6.9.1
"Notepad++" = Notepad++
"Office14.SingleImage" = Microsoft Office Professional 2010
"OpenAL" = OpenAL
"Origin" = Origin
"pcsx2-r3878" = PCSX2 - Playstation 2 Emulator
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Puzzle Agent 2" = Puzzle Agent 2
"Rockstar Games Social Club" = Rockstar Games Social Club
"Sniper Elite V2_is1" = Sniper Elite V2
"Songbird-release-2160" = Songbird 1.10.1 (Build 2160)
"Steam App 10080" = Quantum of Solace
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 107100" = Bastion
"Steam App 11440" = DiRT
"Steam App 12750" = GRID
"Steam App 17470" = Dead Space
"Steam App 201280" = Deus Ex: Human Revolution - The Missing Link
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 207270" = DiRT Showdown Demo
"Steam App 20930" = The Witcher 2: Bonus Content
"Steam App 21780" = Driver: Parallel Lines
"Steam App 22330" = The Elder Scrolls IV: Oblivion
"Steam App 22885" = Dragon Age: Origins - Ultimate - Prima Official Strategy Guide
"Steam App 22896" = Tropico 4: Prima Official Strategy Guide
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 33440" = Driver San Francisco
"Steam App 33460" = From Dust
"Steam App 35140" = Batman: Arkham Asylum GOTY Edition
"Steam App 39160" = Dungeon Siege III
"Steam App 42640" = Blur
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 4560" = Company of Heroes
"Steam App 46500" = Syberia
"Steam App 46510" = Syberia 2
"Steam App 47810" = Dragon Age: Origins - Ultimate Edition
"Steam App 48000" = LIMBO
"Steam App 48240" = Anno 2070
"Steam App 55110" = Red Faction: Armageddon
"Steam App 57400" = Batman: Arkham City™
"Steam App 57690" = Tropico 4
"Steam App 6860" = Hitman: Blood Money
"Steam App 71390" = Virtua Tennis 4
"Steam App 7210" = Runaway: A Road Adventure
"Steam App 7220" = Runaway: The Dream of the Turtle
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 7940" = Call of Duty 4: Modern Warfare
"Steam App 8930" = Sid Meier's Civilization V
"Tatort London 2" = Tatort London 2
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"The Rockin' Dead" = The Rockin' Dead
"The Witcher 2 - Assassins of Kings Enhanced Edition_is1" = The Witcher 2 - Assassins of Kings Enhanced Edition
"TVgenial" = TVgenial 4.10
"TwonkyManager" = TwonkyManager
"uTorrent" = µTorrent
"Video Strip Poker Supreme" = Video Strip Poker Supreme
"VLC media player" = VLC media player 2.0.1
"webmmf" = WebM Media Foundation Components
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.11
"xp-AntiSpy" = xp-AntiSpy 3.97-11
"Yesterday (de)" = Der Fall John Yesterday (Deutsch)
"Zinio Reader" = Zinio Reader
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{17E73B15-62D2-43FD-B851-ACF86A8C9D25}_is1" = Ruby 1.9.3-p194
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.5.3
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Alt 08.06.2012, 15:39   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infizierung mit locked-Trojaner - Standard

Infizierung mit locked-Trojaner



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 08.06.2012, 21:16   #3
Hypocrite666
 
Infizierung mit locked-Trojaner - Standard

Infizierung mit locked-Trojaner



Hier die beiden Logs. wobei die von eset wohl nicht so ganz den Erwartungen entsprechen dürfte...

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.08.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: COMPUTER677 [Administrator]

Schutz: Aktiviert

08.06.2012 15:55:35
mbam-log-2012-06-08 (15-55-35).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 871320
Laufzeit: 1 Stunde(n), 3 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
         
Und noch ein Log von meinem ersten Scan:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.06.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: COMPUTER677 [Administrator]

Schutz: Aktiviert

06.06.2012 14:36:37
mbam-log-2012-06-06 (14-36-37).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 877732
Laufzeit: 1 Stunde(n), 52 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|363CE251 (Trojan.Ransom) -> Daten: C:\Users\***\AppData\Roaming\Rprmdwdo\4AECC10A363CE25178AE.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\***\AppData\Roaming\Rprmdwdo\4AECC10A363CE25178AE.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Steam\SteamApps\common\mafia\nmss.mafia1.3trnr.exe (HackTool.GamesCheat.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\3a622bd4-4557fc13 (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\Downloads\DecryptHelper-0.5.3.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
__________________

Alt 08.06.2012, 21:36   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infizierung mit locked-Trojaner - Standard

Infizierung mit locked-Trojaner



Zitat:
C:\Program Files (x86)\Steam\SteamApps\common\mafia\nmss.mafia1.3trnr.exe
Lass die Finger von so einem Shice!

ESET hast du wahrscheinlich falsch gemacht, da gab es extra einen dicken Hinweis zu

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.06.2012, 01:24   #5
Hypocrite666
 
Infizierung mit locked-Trojaner - Standard

Infizierung mit locked-Trojaner



Verdammt, hatte Chrome noch als Admin gestartet, da es aber da nicht ging hab ich den IE benutzt und dann vergessen, den als Admin zu starten. Naja, beim zweiten Mal hats jetzt geklappt.
Ist der Trainer wirklich gefährlich? Ich ging davon aus, dass das ein Gamehack wie tausend andere ist.

Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-08 11:18:25
# local_time=2012-06-09 01:18:25 (+0100, Mitteleuropäische Sommerzeit)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 37057990 90813306 0 0
# compatibility_mode=8192 67108863 100 0 15479 15479 0 0
# scanned=655288
# found=6
# cleaned=0
# scan_time=14049

C:\Program Files (x86)\Steam\SteamApps\hypocrite666\bloody good time\bin\unitlib.dll	probably a variant of Win32/TrojanDownloader.Agent.ISBBRGK trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Stefan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D8WUYDWE\advlive_biz[1].htm	HTML/Iframe.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
C:\Users\Stefan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D8WUYDWE\legitonlinejobs_com[1].htm	HTML/ScrInject.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
C:\Users\Stefan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\67200140-56d36bb7	Java/Exploit.Agent.NBW trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Stefan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\5062998-1539eb6a	a variant of Java/Agent.DM trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Stefan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\3bea1ec7-566f8acc	multiple threats (unable to clean)	00000000000000000000000000000000	I
         


Alt 09.06.2012, 23:46   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infizierung mit locked-Trojaner - Standard

Infizierung mit locked-Trojaner



Trainer sind idR ein unnötiges Risiko, hab schon oft infizierte Dinger gesehen.

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
--> Infizierung mit locked-Trojaner

Alt 10.06.2012, 00:03   #7
Hypocrite666
 
Infizierung mit locked-Trojaner - Standard

Infizierung mit locked-Trojaner



Scheint alles zu laufen, habe nach dem Wiederherstellen keine Probleme mehr gehabt, Icons sind auch alle da.

Alt 10.06.2012, 01:33   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infizierung mit locked-Trojaner - Standard

Infizierung mit locked-Trojaner



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.06.2012, 10:05   #9
Hypocrite666
 
Infizierung mit locked-Trojaner - Standard

Infizierung mit locked-Trojaner



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.06.2012 09:50:48 - Run 2
OTL by OldTimer - Version 3.2.46.1     Folder = C:\Users\***\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,97 Gb Total Physical Memory | 5,92 Gb Available Physical Memory | 74,23% Memory free
15,94 Gb Paging File | 13,68 Gb Available in Paging File | 85,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 240,53 Gb Free Space | 25,82% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 93,20 Gb Free Space | 10,01% Space Free | Partition Type: NTFS
Drive Z: | 2,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: COMPUTER677 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.06 14:51:41 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2012.05.07 21:49:40 | 002,240,512 | ---- | M] (Gerhard Junker) -- C:\Program Files (x86)\ncid.Net\ncid.Net.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.03.29 13:45:40 | 001,626,952 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
PRC - [2012.03.29 13:43:16 | 000,545,608 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
PRC - [2012.03.29 13:43:16 | 000,267,080 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe
PRC - [2012.03.29 13:43:14 | 000,537,416 | ---- | M] (PacketVideo) -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
PRC - [2012.03.23 18:49:19 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\***\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012.03.20 00:58:52 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012.02.14 21:25:37 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012.02.14 21:25:28 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.09.14 15:48:20 | 000,230,696 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.03.31 16:08:14 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010.11.17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.10.05 09:32:58 | 001,811,800 | ---- | M] (Logitech(c)) -- C:\Program Files (x86)\Logitech\G35\G35.exe
PRC - [2008.10.17 16:52:16 | 000,099,632 | ---- | M] (brother) -- C:\Program Files (x86)\Brownie\brpjp04a.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.20 02:02:30 | 001,604,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ncid.Net.resources\dc1c80a5364aa7b7ea356603d508b309\ncid.Net.resources.ni.dll
MOD - [2012.05.20 02:02:29 | 000,021,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ncid.Net.PhoneNumber\39224a61e5ce3f5a01892361d7bea07f\ncid.Net.PhoneNumber.ni.dll
MOD - [2012.05.20 02:02:28 | 002,476,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ncid.Net\423441128e84a7f3673ac1b5f66e518d\ncid.Net.ni.exe
MOD - [2012.05.10 00:05:16 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.ni.dll
MOD - [2012.05.10 00:05:16 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.Wrapper.dll
MOD - [2012.05.10 00:05:15 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\67a386434938003bceb0752e979dabb3\System.Transactions.ni.dll
MOD - [2012.05.10 00:04:57 | 001,880,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\75b4d98f7c7a434aff4e18cb724deae4\System.Deployment.ni.dll
MOD - [2012.05.09 15:17:22 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll
MOD - [2012.05.09 15:17:22 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll
MOD - [2012.05.09 15:17:19 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012.05.09 15:17:18 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012.05.09 15:17:16 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012.05.09 15:17:15 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012.05.09 15:17:15 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll
MOD - [2012.05.09 15:17:11 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012.02.13 17:32:24 | 000,501,760 | R--- | M] () -- C:\Program Files (x86)\ncid.Net\irrKlang.NET4.dll
MOD - [2012.02.13 17:32:24 | 000,159,744 | R--- | M] () -- C:\Program Files (x86)\ncid.Net\ikpflac.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.05.19 16:42:43 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.06 02:47:33 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.29 13:43:16 | 000,545,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe -- (TwonkyProxy)
SRV - [2012.03.29 13:43:16 | 000,267,080 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe -- (TwonkyWebDav)
SRV - [2012.03.29 13:43:14 | 000,537,416 | ---- | M] (PacketVideo) [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe -- (TwonkyServer)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.02.28 00:06:48 | 003,280,208 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2012.02.14 21:25:37 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012.02.14 21:25:28 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.22 15:59:00 | 000,024,576 | ---- | M] (Realtek Semiconductor.) [Auto | Stopped] -- C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe -- (SetupARService)
SRV - [2011.09.02 06:13:49 | 000,292,136 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011.09.02 06:13:47 | 000,075,048 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2011.08.24 03:13:43 | 000,083,240 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011.06.17 09:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.05.03 19:57:33 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2011.03.31 16:08:14 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.01 15:02:56 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.08.23 22:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.04.30 13:59:32 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011.04.30 13:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.04.30 13:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.12.10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.22 09:09:06 | 000,303,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010.11.22 09:09:06 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2010.11.20 15:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 15:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 13:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010.11.20 13:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.09 14:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010.10.19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.09.29 11:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:64bit: - [2010.09.29 11:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:64bit: - [2010.09.07 04:37:26 | 000,121,432 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010.08.24 19:28:24 | 000,030,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010.06.09 18:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nm3.sys -- (nm3)
DRV:64bit: - [2010.04.27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010.04.27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010.04.27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010.04.27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.11.01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2011.10.25 12:14:06 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011.09.02 12:08:46 | 000,148,976 | ---- | M] (CyberLink Corp.) [2011/10/20 10:54:49] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011.08.24 03:13:44 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2011.01.06 12:06:56 | 000,011,888 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Setup Files\Ms7681v1G0\NTIOLib_X64.sys -- (NTIOLib_1_0_6)
DRV - [2010.10.22 10:37:36 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys -- (NTIOLib_1_0_4)
DRV - [2010.07.01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010.05.10 10:44:40 | 000,033,592 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C5 AF DA FE E7 F4 CB 01  [binary data]
IE - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\..\SearchScopes,DefaultScope = {5E0392FD-BFF4-4931-AFF0-2B13B19635EC}
IE - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\..\SearchScopes\{5E0392FD-BFF4-4931-AFF0-2B13B19635EC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.18 19:47:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.20 01:58:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.19 16:20:44 | 000,000,000 | ---D | M]
 
[2011.11.08 18:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.11.08 18:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2012.05.20 01:58:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\y418s5aa.default\extensions
[2011.04.07 11:20:20 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\y418s5aa.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2011.05.26 11:02:50 | 000,000,000 | ---D | M] ("DHL Packstation Bestellhelfer") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\y418s5aa.default\extensions\{ff0981f1-9827-44a3-88cd-e760430793c9}
[2011.08.09 12:16:31 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\y418s5aa.default\extensions\DeviceDetection@logitech.com
[2011.08.05 22:26:12 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\y418s5aa.default\extensions\https-everywhere@eff.org
[2012.05.20 01:58:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.05 10:13:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {D6E0063B-7B09-45C9-A51D-1FB51840EBE0} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [OODefragTray] C:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000..\Run: [KeePass Password Safe 2] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000..\Run: [ncid.Net] "C:\Program Files (x86)\ncid.Net\ncid.Net.exe" wait File not found
O4 - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000..\Run: [TVgenial] C:\Program Files (x86)\TVgenial\TVgenial.exe (ARAKON TVgenial Systems GbR)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Add to Playlist - res://C:\Program Files (x86)\Twonky\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/314 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Add to Playlist - res://C:\Program Files (x86)\Twonky\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/314 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{351D8CE3-E5D2-4ED1-8315-AA4EDD4663F1}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64B4B76D-4E68-4B4E-B387-020CD9EC3264}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.06.28 19:48:59 | 000,000,000 | R--D | M] - Z:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2005.11.01 06:09:50 | 000,729,088 | R--- | M] (Electronic Arts Inc.) - Z:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2005.11.01 06:43:36 | 000,000,160 | R--- | M] () - Z:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2005.10.14 11:02:16 | 000,585,728 | R--- | M] (Electronic Arts Inc.) - Z:\AutoRunGUI.dll -- [ UDF ]
O33 - MountPoints2\{2388cac6-ffb7-11e0-852f-6c626d39f87a}\Shell - "" = AutoRun
O33 - MountPoints2\{2388cac6-ffb7-11e0-852f-6c626d39f87a}\Shell\AutoRun\command - "" = Z:\AutoRun.exe -- [2005.11.01 06:09:50 | 000,729,088 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\{63d9be46-6082-11e0-8228-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{63d9be46-6082-11e0-8228-806e6f6e6963}\Shell\AutoRun\command - "" = E:\DVDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk - C:\PROGRA~2\Google\GOOGLE~2\GOOGLE~1.EXE - (Google)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: LexwareInfoService - hkey= - key= - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
MsConfig:64bit - StartUpReg: LGODDFU - hkey= - key= - C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)
MsConfig:64bit - StartUpReg: Live Update 5 - hkey= - key= - C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe ()
MsConfig:64bit - StartUpReg: Super-Charger - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VSPX - C:\Windows\SysWow64\vspxvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.09 11:16:26 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\NFS Most Wanted
[2012.06.08 17:06:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.07 16:48:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\GOG.com
[2012.06.06 14:33:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.06.06 14:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.06 14:33:29 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.06 14:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.06 14:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.06 11:32:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Rprmdwdo
[2012.06.05 19:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Her Interactive
[2012.06.05 18:34:36 | 000,000,000 | ---D | C] -- C:\CloneDVDTemp
[2012.06.05 18:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Elaborate Bytes
[2012.06.05 18:06:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2012.06.05 17:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2012.06.05 17:51:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlySoft
[2012.06.01 15:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012.05.26 20:08:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\FLT
[2012.05.24 17:03:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ZinioTabletReader
[2012.05.22 17:18:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
[2012.05.20 01:58:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.05.20 01:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.19 16:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.05.19 16:20:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.10 09:54:05 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2332116217-2143763194-2837301324-1000UA.job
[2012.06.10 09:52:17 | 000,000,250 | ---- | M] () -- C:\Windows\Brownie.ini
[2012.06.10 09:49:47 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.10 09:49:47 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.10 09:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.10 09:46:26 | 001,805,536 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.10 09:46:26 | 000,774,964 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.10 09:46:26 | 000,716,104 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.10 09:46:26 | 000,175,598 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.10 09:46:26 | 000,143,440 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.10 09:42:50 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.10 09:41:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.10 09:41:56 | 2122,235,903 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.10 09:41:55 | 000,125,481 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012.06.10 00:04:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.09 17:54:27 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2332116217-2143763194-2837301324-1000Core.job
[2012.06.09 15:18:13 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk
[2012.06.07 17:14:48 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\Episode 4 - Blackwell Deception.lnk
[2012.06.07 17:14:42 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\Episode 3 - Blackwell Convergence.lnk
[2012.06.06 21:49:39 | 000,000,168 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.06.06 21:06:36 | 000,002,739 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2012 Zahlungserinnerung.lnk
[2012.06.06 21:01:08 | 000,000,083 | ---- | M] () -- C:\ProgramData\.zreglib
[2012.06.06 21:01:08 | 000,000,011 | ---- | M] () -- C:\ProgramData\.tv6
[2012.06.06 19:20:52 | 000,007,604 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.06.06 19:20:49 | 000,000,847 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2012.06.06 11:44:50 | 000,007,604 | ---- | M] () -- C:\Users\***\AppData\Local\locked-Resmon.ResmonCfg.xgpf
[2012.06.06 11:43:54 | 000,000,847 | ---- | M] () -- C:\Users\***\locked-.recently-used.xbel.anxj
[2012.06.06 11:43:22 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\locked-00002C3C.LCS.tkfo
[2012.06.06 11:42:24 | 000,000,083 | ---- | M] () -- C:\ProgramData\locked-.zreglib.cyyp
[2012.06.06 11:42:24 | 000,000,011 | ---- | M] () -- C:\ProgramData\locked-.tv6.rntp
[2012.06.05 18:26:31 | 1805,090,816 | ---- | M] () -- C:\Users\***\Documents\DVD.ISO
[2012.06.05 18:26:31 | 000,004,316 | ---- | M] () -- C:\Users\***\Documents\DVD.MDS
[2012.06.05 18:21:54 | 2578,579,455 | ---- | M] () -- C:\Users\***\Documents\SAFE_FACHPUBLIKUM.ISO
[2012.06.05 18:21:54 | 000,008,430 | ---- | M] () -- C:\Users\***\Documents\SAFE_FACHPUBLIKUM.MDS
[2012.06.04 17:33:35 | 000,000,040 | ---- | M] () -- C:\Windows\RUNAWAY2.INI
[2012.06.01 15:10:31 | 000,000,856 | ---- | M] () -- C:\Users\***\Desktop\Max Payne 3.lnk
[2012.05.26 20:08:39 | 000,001,155 | ---- | M] () -- C:\Users\***\Desktop\DiRT Showdown.lnk
[2012.05.25 18:12:16 | 000,000,220 | ---- | M] () -- C:\Users\***\Desktop\Sid Meier's Civilization V.url
[2012.05.22 20:55:33 | 000,000,220 | ---- | M] () -- C:\Users\***\Desktop\Hitman Blood Money.url
[2012.05.19 16:11:11 | 000,001,061 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.09 11:07:18 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk
[2012.06.07 17:14:48 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\Episode 4 - Blackwell Deception.lnk
[2012.06.07 17:14:42 | 000,001,054 | ---- | C] () -- C:\Users\Public\Desktop\Episode 3 - Blackwell Convergence.lnk
[2012.06.06 21:49:39 | 000,000,168 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.06.06 21:01:08 | 000,000,083 | ---- | C] () -- C:\ProgramData\.zreglib
[2012.06.06 21:01:08 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv6
[2012.06.06 19:20:52 | 000,007,604 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.06.06 19:20:49 | 000,000,847 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2012.06.05 18:26:31 | 000,004,316 | ---- | C] () -- C:\Users\***\Documents\DVD.MDS
[2012.06.05 18:23:16 | 1805,090,816 | ---- | C] () -- C:\Users\***\Documents\DVD.ISO
[2012.06.05 18:21:54 | 000,008,430 | ---- | C] () -- C:\Users\***\Documents\SAFE_FACHPUBLIKUM.MDS
[2012.06.05 18:08:36 | 2578,579,455 | ---- | C] () -- C:\Users\***\Documents\SAFE_FACHPUBLIKUM.ISO
[2012.06.05 17:54:50 | 000,000,083 | ---- | C] () -- C:\ProgramData\locked-.zreglib.cyyp
[2012.06.04 17:33:35 | 000,000,040 | ---- | C] () -- C:\Windows\RUNAWAY2.INI
[2012.06.01 15:31:40 | 000,000,856 | ---- | C] () -- C:\Users\***\Desktop\Max Payne 3.lnk
[2012.05.26 20:08:39 | 000,001,155 | ---- | C] () -- C:\Users\***\Desktop\DiRT Showdown.lnk
[2012.05.25 18:12:16 | 000,000,220 | ---- | C] () -- C:\Users\***\Desktop\Sid Meier's Civilization V.url
[2012.05.22 20:55:33 | 000,000,220 | ---- | C] () -- C:\Users\***\Desktop\Hitman Blood Money.url
[2012.05.19 16:11:11 | 000,001,061 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.17 18:03:35 | 000,000,087 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.12.22 15:58:26 | 000,000,974 | ---- | C] () -- C:\Windows\SysWow64\setup.ini
[2011.12.22 15:58:26 | 000,000,473 | ---- | C] () -- C:\Windows\SysWow64\layout.bin
[2011.12.11 05:03:58 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.12.11 05:03:58 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.10.28 11:40:48 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.10.01 00:01:25 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.28 23:35:45 | 000,000,040 | ---- | C] () -- C:\Windows\RUNAWAY.INI
[2011.07.27 12:50:24 | 000,007,604 | ---- | C] () -- C:\Users\***\AppData\Local\locked-Resmon.ResmonCfg.xgpf
[2011.07.25 13:51:40 | 000,038,439 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.06.29 15:24:56 | 000,000,371 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011.06.15 21:31:58 | 000,000,011 | ---- | C] () -- C:\ProgramData\locked-.tv6.rntp
[2011.05.14 02:52:16 | 000,000,000 | ---- | C] () -- C:\Windows\Secrets.INI
[2011.05.09 02:53:32 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.04.29 10:43:46 | 000,000,087 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
[2011.04.24 00:27:28 | 000,000,062 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2011.04.17 08:21:56 | 000,000,021 | ---- | C] () -- C:\Windows\Quicken.ini
[2011.04.09 22:03:14 | 000,005,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.07 23:30:24 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2011.04.07 23:30:24 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2011.04.07 23:30:24 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011.04.07 23:30:22 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2140.INI
[2011.04.07 23:29:39 | 000,000,250 | ---- | C] () -- C:\Windows\Brownie.ini
[2011.04.07 23:27:07 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.04.07 23:27:07 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2140.DAT
[2011.04.07 13:50:15 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.04.07 13:50:13 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.04.06 22:14:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.06 21:44:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.06 21:43:32 | 001,830,866 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.21 14:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll
[2010.10.21 14:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll
[2010.10.21 14:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll
 
========== LOP Check ==========
 
[2012.05.07 00:48:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.mono
[2011.10.23 23:06:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\2K Sports
[2011.06.23 14:29:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Activision
[2012.02.08 21:34:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2012.01.18 12:06:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BigHugeEngine
[2012.04.04 15:57:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\bizarre creations
[2011.10.23 15:46:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BlackBean
[2011.07.08 12:44:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Brawsome
[2011.08.04 17:15:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command and Conquer 4
[2011.07.31 14:40:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ContentGuard
[2012.06.06 19:08:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.04.17 08:30:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DataDesign
[2012.06.10 09:44:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2011.05.26 14:55:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EAC
[2011.07.26 23:50:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ESM-Tools
[2012.06.02 15:01:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.07.28 11:57:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GoContactSyncMOD
[2012.06.07 16:48:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GOG.com
[2012.04.03 01:38:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.08.15 19:11:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ivacy
[2012.06.08 10:31:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Kalypso Media
[2012.06.10 09:49:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass
[2011.04.06 22:22:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2012.04.11 13:56:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LegacyInteractive
[2011.04.17 08:28:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexware
[2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LucasArts
[2012.04.27 17:01:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda
[2012.02.29 14:05:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mkvtoolnix
[2012.03.05 20:43:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2011.05.13 14:51:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MusicBee
[2012.04.18 21:27:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MysteryStudio
[2012.03.27 15:19:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2011.10.21 14:40:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin
[2011.07.28 11:27:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Outlook
[2012.05.07 00:51:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pole Position 2012
[2011.04.22 01:35:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PQube
[2011.12.07 16:56:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDISC
[2011.12.03 11:36:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PunkBuster
[2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Red Alert 3
[2012.04.15 22:52:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Red Alert 3 Uprising
[2012.06.06 19:01:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rprmdwdo
[2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\runic games
[2011.11.08 18:21:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Songbird2
[2012.03.30 10:54:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tropico 4
[2011.08.10 09:47:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tropico 4 Demo
[2011.12.19 21:40:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2012.06.10 09:48:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TVgenial
[2012.04.28 17:13:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TwonkyMedia
[2012.04.28 17:10:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TwonkyServer
[2012.03.16 22:00:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft
[2012.06.05 19:14:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent
[2012.05.22 17:18:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
[2011.12.08 13:10:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1.bak
[2012.04.01 01:42:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1.sic
[2012.03.15 00:50:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1.sic2
[2009.07.14 07:08:49 | 000,028,350 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.05.07 00:48:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.mono
[2011.10.23 23:06:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\2K Sports
[2011.05.26 16:17:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AccurateRip
[2011.06.23 14:29:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Activision
[2012.03.15 00:49:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2012.02.08 21:34:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2011.11.16 12:11:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2011.04.06 21:45:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ATI
[2012.01.18 12:06:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BigHugeEngine
[2012.04.04 15:57:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\bizarre creations
[2011.10.23 15:46:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BlackBean
[2011.07.08 12:44:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Brawsome
[2011.04.08 00:09:02 | 000,000,000 | R--D | M] -- C:\Users\***\AppData\Roaming\Brother
[2011.08.04 17:15:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command and Conquer 4
[2011.07.31 14:40:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ContentGuard
[2011.10.20 10:58:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CyberLink
[2012.06.06 19:08:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.04.17 08:30:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DataDesign
[2011.04.18 14:02:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX
[2012.06.10 09:44:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.06.05 18:51:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss
[2011.05.26 14:55:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EAC
[2011.07.26 23:50:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ESM-Tools
[2012.06.02 15:01:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.07.28 11:57:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GoContactSyncMOD
[2012.06.07 16:48:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GOG.com
[2012.04.03 01:38:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.04.06 21:22:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2011.04.12 22:43:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IDMComp
[2011.04.17 08:27:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2011.08.15 19:11:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ivacy
[2012.06.08 10:31:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Kalypso Media
[2012.06.10 09:49:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass
[2011.04.06 22:22:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2012.04.11 13:56:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LegacyInteractive
[2011.04.17 08:28:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexware
[2011.04.06 22:17:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logishrd
[2011.04.07 11:03:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logitech
[2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LucasArts
[2011.04.07 12:07:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.06.06 14:33:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2012.06.04 11:00:15 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2012.04.27 17:01:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda
[2012.02.29 14:05:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mkvtoolnix
[2011.04.07 11:20:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2012.03.05 20:43:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2011.05.13 14:51:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MusicBee
[2012.04.18 21:27:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MysteryStudio
[2012.03.27 15:19:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2011.10.21 14:40:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin
[2011.07.28 11:27:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Outlook
[2012.05.07 00:51:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pole Position 2012
[2011.04.22 01:35:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PQube
[2011.12.07 16:56:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDISC
[2011.12.03 11:36:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PunkBuster
[2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Red Alert 3
[2012.04.15 22:52:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Red Alert 3 Uprising
[2012.06.06 19:01:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rprmdwdo
[2011.04.07 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\runic games
[2011.04.26 00:48:28 | 000,000,000 | RH-D | M] -- C:\Users\***\AppData\Roaming\SecuROM
[2012.06.10 09:48:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2011.04.06 22:14:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2011.11.08 18:21:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Songbird2
[2011.12.22 23:28:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\teamspeak2
[2012.03.30 10:54:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tropico 4
[2011.08.10 09:47:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tropico 4 Demo
[2011.12.19 21:40:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2012.06.10 09:48:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TVgenial
[2012.04.28 17:13:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TwonkyMedia
[2012.04.28 17:10:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TwonkyServer
[2012.03.16 22:00:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft
[2012.06.05 19:14:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent
[2012.06.05 18:51:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2011.04.07 21:42:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
[2012.05.22 17:18:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
[2011.12.08 13:10:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1.bak
[2012.04.01 01:42:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1.sic
[2012.03.15 00:50:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1.sic2
 
< %APPDATA%\*.exe /s >
[2012.05.04 20:41:36 | 027,087,944 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.04.12 08:46:46 | 000,872,040 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.04 20:42:16 | 000,177,240 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.04.07 12:31:56 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.12.08 13:09:45 | 015,160,720 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe
[2011.07.17 13:10:04 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2011.07.28 11:57:32 | 000,353,118 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{9D746EA3-4D2C-4A2F-BB99-BF235EB46370}\_01B942A374BD1A39BADF98.exe
[2011.07.28 11:57:32 | 000,353,118 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{9D746EA3-4D2C-4A2F-BB99-BF235EB46370}\_853F67D554F05449430E7E.exe
[2011.07.28 11:57:32 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{9D746EA3-4D2C-4A2F-BB99-BF235EB46370}\_D55E299B89DAEF192CB6EB.exe
[2011.11.18 18:59:47 | 000,088,102 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}\ARPPRODUCTICON.exe
[2011.04.17 08:21:56 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{DB451A33-A351-4936-83E2-08B424445766}\ARPPRODUCTICON.exe
[2011.04.11 16:57:24 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2011.03.27 18:27:32 | 000,188,152 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\y418s5aa.default\FlashGot.exe
[2011.10.18 21:47:26 | 003,123,272 | R--- | M] () -- C:\Users\***\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe
 
< %SYSTEMDRIVE%\*.exe >
[2008.04.11 08:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Program Files (x86)\Realtek\Audio\Drivers\HDADrv\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Program Files (x86)\Realtek\Audio\Drivers\HDADrv\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Program Files (x86)\Realtek\Audio\Drivers\HDADrv\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Program Files (x86)\Realtek\Audio\Drivers\HDADrv\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Program Files (x86)\Realtek\Audio\Drivers\HDADrv\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Program Files (x86)\Realtek\Audio\Drivers\HDADrv\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:364682BC

< End of report >
         
--- --- ---

Alt 10.06.2012, 16:54   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infizierung mit locked-Trojaner - Standard

Infizierung mit locked-Trojaner



Zitat:
O2 - BHO: (DivX Plus Web Player HTML5 <video>)
Sagmal gehörst du auch zur der Fraktion, die sich Serien und Kinofilme über dubiose Portale anschaut?
Wenn ja: in Zukunft Finger weg, diese illegalen Portale verbreiten Malware und wenn du in Zukunft malwarefrei sein wilst, musst du auf legale Alternativen ausweichen und auf solche riskanten Streamingseiten verzichten!
Gerade solche Streamingseiten sind für die aktuelle Welle der Erpresserschädlinge verantwortlich, die Windows blockieren und 50 oder 100 EUR erpressen wollen!!


Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
O2 - BHO: (no name) - {D6E0063B-7B09-45C9-A51D-1FB51840EBE0} - No CLSID value found.O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-21-2332116217-2143763194-2837301324-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.06.28 19:48:59 | 000,000,000 | R--D | M] - Z:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2005.11.01 06:09:50 | 000,729,088 | R--- | M] (Electronic Arts Inc.) - Z:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2005.11.01 06:43:36 | 000,000,160 | R--- | M] () - Z:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2005.10.14 11:02:16 | 000,585,728 | R--- | M] (Electronic Arts Inc.) - Z:\AutoRunGUI.dll -- [ UDF ]
O33 - MountPoints2\{2388cac6-ffb7-11e0-852f-6c626d39f87a}\Shell - "" = AutoRun
O33 - MountPoints2\{2388cac6-ffb7-11e0-852f-6c626d39f87a}\Shell\AutoRun\command - "" = Z:\AutoRun.exe -- [2005.11.01 06:09:50 | 000,729,088 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\{63d9be46-6082-11e0-8228-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{63d9be46-6082-11e0-8228-806e6f6e6963}\Shell\AutoRun\command - "" = E:\DVDSetup.exe
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:364682BC
:Files
C:\Users\***\AppData\Roaming\Rprmdwdo
C:\Windows\SysWow64\kdbsdk32.dll
:Commands
[purity]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.06.2012, 17:53   #11
Hypocrite666
 
Infizierung mit locked-Trojaner - Standard

Infizierung mit locked-Trojaner



So, Datei ist hochgeladen.

Beim Neustart nach dem Fix wurde die kdbsync.exe vermisst, die von OTL verschoben wurde. Scheint mit den Grafiktreibern zusammenzuhängen, war die tatsächlich infiziert?

Streamingportale benutze ich keine, zumindest schon ein paar Jahre nicht mehr und auf meinem aktuellen System noch nie.

Ich danke schonmal herzlich für Deine Mühe, es ist gut zu wissen, dass da draußen Menschen sind, die einem helfen, wenn man in der Scheiße sitzt

Alt 10.06.2012, 18:14   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infizierung mit locked-Trojaner - Standard

Infizierung mit locked-Trojaner



Sry ich hatte micht mit meinem Baustein verklickt, der Fix sollte ganz normal über OTL und nicht über OTLPE laufen

Zitat:
Beim Neustart nach dem Fix wurde die kdbsync.exe vermisst, die von OTL verschoben wurde.
In meinem Fixscript taucht die nicht auf
Zudem seh ich hier weder die kompette Fehlermeldung noch das komplette Log vom Fix
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.06.2012, 20:38   #13
Hypocrite666
 
Infizierung mit locked-Trojaner - Standard

Infizierung mit locked-Trojaner



OTL hab ich benutzt, Schwein gehabt...
Ich dachte, die Logdatei wäre in der hochgeladenen ZIP mit dabei gewesen.


Code:
ATTFilter
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D6E0063B-7B09-45C9-A51D-1FB51840EBE0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6E0063B-7B09-45C9-A51D-1FB51840EBE0}\ not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-21-2332116217-2143763194-2837301324-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2332116217-2143763194-2837301324-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableLockWorkstation deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File  not found.
File move failed. Z:\AutoRun.exe scheduled to be moved on reboot.
File move failed. Z:\autorun.inf scheduled to be moved on reboot.
File move failed. Z:\AutoRunGUI.dll scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2388cac6-ffb7-11e0-852f-6c626d39f87a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2388cac6-ffb7-11e0-852f-6c626d39f87a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2388cac6-ffb7-11e0-852f-6c626d39f87a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2388cac6-ffb7-11e0-852f-6c626d39f87a}\ not found.
File move failed. Z:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63d9be46-6082-11e0-8228-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63d9be46-6082-11e0-8228-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63d9be46-6082-11e0-8228-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63d9be46-6082-11e0-8228-806e6f6e6963}\ not found.
File E:\DVDSetup.exe not found.
ADS C:\ProgramData\TEMP:364682BC deleted successfully.
========== FILES ==========
C:\Users\Stefan\AppData\Roaming\Rprmdwdo folder moved successfully.
C:\Windows\SysWow64\kdbsdk32.dll moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.46.1 log created on 06102012_173853

Files\Folders moved on Reboot...
File move failed. Z:\AutoRun.exe scheduled to be moved on reboot.
File move failed. Z:\autorun.inf scheduled to be moved on reboot.
File move failed. Z:\AutoRunGUI.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         
Z: ist übrigens mein CD-Laufwerk, es ist also nicht weiter verwunderlich, dass er da nix verschieben kann.

Alt 10.06.2012, 21:38   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infizierung mit locked-Trojaner - Standard

Infizierung mit locked-Trojaner



Das mag sein, dass das Log dabei ist, ich habs aber lieber ewnn man das Log direkt im Beitrag sieht!

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.06.2012, 21:46   #15
Hypocrite666
 
Infizierung mit locked-Trojaner - Standard

Infizierung mit locked-Trojaner



Code:
ATTFilter
21:43:26.0142 2264	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
21:43:26.0205 2264	============================================================
21:43:26.0205 2264	Current date / time: 2012/06/10 21:43:26.0205
21:43:26.0205 2264	SystemInfo:
21:43:26.0205 2264	
21:43:26.0205 2264	OS Version: 6.1.7601 ServicePack: 1.0
21:43:26.0205 2264	Product type: Workstation
21:43:26.0205 2264	ComputerName: COMPUTER677
21:43:26.0205 2264	UserName: ***
21:43:26.0205 2264	Windows directory: C:\Windows
21:43:26.0205 2264	System windows directory: C:\Windows
21:43:26.0205 2264	Running under WOW64
21:43:26.0205 2264	Processor architecture: Intel x64
21:43:26.0205 2264	Number of processors: 4
21:43:26.0205 2264	Page size: 0x1000
21:43:26.0205 2264	Boot type: Normal boot
21:43:26.0205 2264	============================================================
21:43:27.0422 2264	Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:43:27.0422 2264	Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:43:27.0422 2264	============================================================
21:43:27.0422 2264	\Device\Harddisk0\DR0:
21:43:27.0422 2264	MBR partitions:
21:43:27.0422 2264	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:43:27.0422 2264	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
21:43:27.0422 2264	\Device\Harddisk1\DR1:
21:43:27.0422 2264	MBR partitions:
21:43:27.0422 2264	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
21:43:27.0422 2264	============================================================
21:43:27.0422 2264	C: <-> \Device\Harddisk0\DR0\Partition1
21:43:27.0422 2264	D: <-> \Device\Harddisk1\DR1\Partition0
21:43:27.0422 2264	============================================================
21:43:27.0422 2264	Initialize success
21:43:27.0422 2264	============================================================
21:44:25.0795 3204	============================================================
21:44:25.0795 3204	Scan started
21:44:25.0795 3204	Mode: Manual; SigCheck; TDLFS; 
21:44:25.0795 3204	============================================================
21:44:26.0172 3204	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
21:44:26.0221 3204	1394ohci - ok
21:44:26.0275 3204	acedrv11        (a3769020f7e8a70fd3e824c050f33306) C:\Windows\system32\drivers\acedrv11.sys
21:44:26.0305 3204	acedrv11 - ok
21:44:26.0327 3204	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:44:26.0344 3204	ACPI - ok
21:44:26.0369 3204	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:44:26.0378 3204	AcpiPmi - ok
21:44:26.0440 3204	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:44:26.0451 3204	AdobeARMservice - ok
21:44:26.0566 3204	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:44:26.0579 3204	AdobeFlashPlayerUpdateSvc - ok
21:44:26.0649 3204	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:44:26.0668 3204	adp94xx - ok
21:44:26.0687 3204	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:44:26.0698 3204	adpahci - ok
21:44:26.0708 3204	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:44:26.0716 3204	adpu320 - ok
21:44:26.0734 3204	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:44:26.0757 3204	AeLookupSvc - ok
21:44:26.0805 3204	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:44:26.0826 3204	AFD - ok
21:44:26.0832 3204	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:44:26.0838 3204	agp440 - ok
21:44:26.0846 3204	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:44:26.0859 3204	ALG - ok
21:44:26.0862 3204	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:44:26.0868 3204	aliide - ok
21:44:26.0905 3204	AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
21:44:26.0916 3204	AMD External Events Utility - ok
21:44:26.0919 3204	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:44:26.0925 3204	amdide - ok
21:44:26.0930 3204	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:44:26.0937 3204	AmdK8 - ok
21:44:27.0242 3204	amdkmdag        (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
21:44:27.0430 3204	amdkmdag - ok
21:44:27.0676 3204	amdkmdap        (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
21:44:27.0697 3204	amdkmdap - ok
21:44:27.0704 3204	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:44:27.0711 3204	AmdPPM - ok
21:44:27.0734 3204	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:44:27.0747 3204	amdsata - ok
21:44:27.0776 3204	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:44:27.0793 3204	amdsbs - ok
21:44:27.0819 3204	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:44:27.0831 3204	amdxata - ok
21:44:27.0892 3204	AppHostSvc      (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
21:44:27.0914 3204	AppHostSvc - ok
21:44:27.0959 3204	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:44:28.0001 3204	AppID - ok
21:44:28.0031 3204	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:44:28.0069 3204	AppIDSvc - ok
21:44:28.0073 3204	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:44:28.0093 3204	Appinfo - ok
21:44:28.0138 3204	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:44:28.0148 3204	Apple Mobile Device - ok
21:44:28.0186 3204	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
21:44:28.0212 3204	AppMgmt - ok
21:44:28.0219 3204	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:44:28.0226 3204	arc - ok
21:44:28.0232 3204	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:44:28.0240 3204	arcsas - ok
21:44:28.0341 3204	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:44:28.0352 3204	aspnet_state - ok
21:44:28.0364 3204	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:44:28.0398 3204	AsyncMac - ok
21:44:28.0427 3204	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:44:28.0432 3204	atapi - ok
21:44:28.0479 3204	AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
21:44:28.0487 3204	AtiHDAudioService - ok
21:44:28.0548 3204	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:44:28.0600 3204	AudioEndpointBuilder - ok
21:44:28.0605 3204	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:44:28.0629 3204	AudioSrv - ok
21:44:28.0645 3204	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:44:28.0693 3204	AxInstSV - ok
21:44:28.0731 3204	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:44:28.0752 3204	b06bdrv - ok
21:44:28.0825 3204	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:44:28.0843 3204	b57nd60a - ok
21:44:28.0889 3204	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:44:28.0910 3204	BDESVC - ok
21:44:28.0921 3204	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:44:28.0963 3204	Beep - ok
21:44:29.0015 3204	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:44:29.0057 3204	BFE - ok
21:44:29.0090 3204	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:44:29.0117 3204	BITS - ok
21:44:29.0141 3204	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:44:29.0154 3204	blbdrive - ok
21:44:29.0321 3204	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:44:29.0338 3204	Bonjour Service - ok
21:44:29.0362 3204	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:44:29.0370 3204	bowser - ok
21:44:29.0377 3204	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:44:29.0386 3204	BrFiltLo - ok
21:44:29.0388 3204	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:44:29.0398 3204	BrFiltUp - ok
21:44:29.0419 3204	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:44:29.0443 3204	Browser - ok
21:44:29.0460 3204	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:44:29.0481 3204	Brserid - ok
21:44:29.0485 3204	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:44:29.0493 3204	BrSerWdm - ok
21:44:29.0495 3204	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:44:29.0503 3204	BrUsbMdm - ok
21:44:29.0505 3204	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:44:29.0511 3204	BrUsbSer - ok
21:44:29.0516 3204	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:44:29.0524 3204	BTHMODEM - ok
21:44:29.0580 3204	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:44:29.0611 3204	bthserv - ok
21:44:29.0638 3204	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:44:29.0659 3204	cdfs - ok
21:44:29.0709 3204	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:44:29.0722 3204	cdrom - ok
21:44:29.0730 3204	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:44:29.0756 3204	CertPropSvc - ok
21:44:29.0760 3204	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:44:29.0769 3204	circlass - ok
21:44:29.0784 3204	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:44:29.0794 3204	CLFS - ok
21:44:29.0824 3204	CLHNServiceForPowerDVD (db26c2ba2ac0ab6be1cfa59f61ce22da) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
21:44:29.0829 3204	CLHNServiceForPowerDVD - ok
21:44:29.0915 3204	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:44:29.0925 3204	clr_optimization_v2.0.50727_32 - ok
21:44:29.0967 3204	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:44:29.0979 3204	clr_optimization_v2.0.50727_64 - ok
21:44:30.0048 3204	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:44:30.0061 3204	clr_optimization_v4.0.30319_32 - ok
21:44:30.0097 3204	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:44:30.0109 3204	clr_optimization_v4.0.30319_64 - ok
21:44:30.0130 3204	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:44:30.0143 3204	CmBatt - ok
21:44:30.0166 3204	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:44:30.0178 3204	cmdide - ok
21:44:30.0229 3204	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:44:30.0255 3204	CNG - ok
21:44:30.0258 3204	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:44:30.0264 3204	Compbatt - ok
21:44:30.0277 3204	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:44:30.0285 3204	CompositeBus - ok
21:44:30.0287 3204	COMSysApp - ok
21:44:30.0317 3204	cpuz135         (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
21:44:30.0326 3204	cpuz135 - ok
21:44:30.0330 3204	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:44:30.0342 3204	crcdisk - ok
21:44:30.0373 3204	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:44:30.0409 3204	CryptSvc - ok
21:44:30.0428 3204	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:44:30.0439 3204	CSC - ok
21:44:30.0481 3204	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
21:44:30.0494 3204	CscService - ok
21:44:30.0552 3204	CVirtA          (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
21:44:30.0561 3204	CVirtA - ok
21:44:30.0603 3204	CyberLink PowerDVD 11.0 Monitor Service (e27d60e5a51eedf9a57f5b69a9a6457d) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
21:44:30.0612 3204	CyberLink PowerDVD 11.0 Monitor Service - ok
21:44:30.0632 3204	CyberLink PowerDVD 11.0 Service (857943a77b06ac056771a3b12cd318dd) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
21:44:30.0644 3204	CyberLink PowerDVD 11.0 Service - ok
21:44:30.0742 3204	DAUpdaterSvc    (914a7156b0c0f10be645a02e13f576b2) c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe
21:44:30.0751 3204	DAUpdaterSvc - ok
21:44:30.0791 3204	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:44:30.0831 3204	DcomLaunch - ok
21:44:30.0850 3204	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:44:30.0873 3204	defragsvc - ok
21:44:30.0914 3204	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:44:30.0948 3204	DfsC - ok
21:44:30.0976 3204	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:44:30.0999 3204	Dhcp - ok
21:44:31.0020 3204	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:44:31.0040 3204	discache - ok
21:44:31.0051 3204	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:44:31.0058 3204	Disk - ok
21:44:31.0098 3204	DNE             (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
21:44:31.0111 3204	DNE - ok
21:44:31.0162 3204	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:44:31.0185 3204	Dnscache - ok
21:44:31.0203 3204	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:44:31.0236 3204	dot3svc - ok
21:44:31.0246 3204	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:44:31.0267 3204	DPS - ok
21:44:31.0306 3204	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:44:31.0321 3204	drmkaud - ok
21:44:31.0386 3204	dtsoftbus01     (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:44:31.0399 3204	dtsoftbus01 - ok
21:44:31.0445 3204	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:44:31.0467 3204	DXGKrnl - ok
21:44:31.0476 3204	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:44:31.0507 3204	EapHost - ok
21:44:31.0617 3204	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:44:31.0703 3204	ebdrv - ok
21:44:31.0782 3204	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:44:31.0799 3204	EFS - ok
21:44:31.0855 3204	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:44:31.0895 3204	ehRecvr - ok
21:44:31.0909 3204	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:44:31.0925 3204	ehSched - ok
21:44:31.0977 3204	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:44:31.0997 3204	elxstor - ok
21:44:32.0021 3204	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:44:32.0030 3204	ErrDev - ok
21:44:32.0084 3204	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:44:32.0122 3204	EventSystem - ok
21:44:32.0145 3204	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:44:32.0167 3204	exfat - ok
21:44:32.0205 3204	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:44:32.0241 3204	fastfat - ok
21:44:32.0284 3204	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:44:32.0315 3204	Fax - ok
21:44:32.0318 3204	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:44:32.0325 3204	fdc - ok
21:44:32.0342 3204	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:44:32.0364 3204	fdPHost - ok
21:44:32.0367 3204	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:44:32.0390 3204	FDResPub - ok
21:44:32.0406 3204	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:44:32.0412 3204	FileInfo - ok
21:44:32.0415 3204	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:44:32.0435 3204	Filetrace - ok
21:44:32.0438 3204	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:44:32.0444 3204	flpydisk - ok
21:44:32.0457 3204	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:44:32.0465 3204	FltMgr - ok
21:44:32.0550 3204	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:44:32.0601 3204	FontCache - ok
21:44:32.0730 3204	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:44:32.0740 3204	FontCache3.0.0.0 - ok
21:44:32.0770 3204	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:44:32.0782 3204	FsDepends - ok
21:44:32.0818 3204	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:44:32.0830 3204	Fs_Rec - ok
21:44:32.0844 3204	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:44:32.0865 3204	fvevol - ok
21:44:32.0871 3204	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:44:32.0884 3204	gagp30kx - ok
21:44:32.0917 3204	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:44:32.0926 3204	GEARAspiWDM - ok
21:44:32.0956 3204	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:44:32.0995 3204	gpsvc - ok
21:44:33.0041 3204	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:44:33.0051 3204	gupdate - ok
21:44:33.0064 3204	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:44:33.0074 3204	gupdatem - ok
21:44:33.0115 3204	gusvc           (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:44:33.0129 3204	gusvc - ok
21:44:33.0147 3204	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:44:33.0176 3204	hcw85cir - ok
21:44:33.0227 3204	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:44:33.0249 3204	HdAudAddService - ok
21:44:33.0265 3204	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:44:33.0274 3204	HDAudBus - ok
21:44:33.0277 3204	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:44:33.0284 3204	HidBatt - ok
21:44:33.0291 3204	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:44:33.0300 3204	HidBth - ok
21:44:33.0305 3204	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:44:33.0314 3204	HidIr - ok
21:44:33.0371 3204	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:44:33.0407 3204	hidserv - ok
21:44:33.0427 3204	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:44:33.0434 3204	HidUsb - ok
21:44:33.0449 3204	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:44:33.0480 3204	hkmsvc - ok
21:44:33.0497 3204	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:44:33.0518 3204	HomeGroupListener - ok
21:44:33.0542 3204	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:44:33.0552 3204	HomeGroupProvider - ok
21:44:33.0559 3204	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:44:33.0567 3204	HpSAMD - ok
21:44:33.0603 3204	HTCAND64        (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
21:44:33.0636 3204	HTCAND64 - ok
21:44:33.0661 3204	htcnprot        (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
21:44:33.0671 3204	htcnprot - ok
21:44:33.0711 3204	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:44:33.0744 3204	HTTP - ok
21:44:33.0763 3204	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:44:33.0768 3204	hwpolicy - ok
21:44:33.0774 3204	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:44:33.0781 3204	i8042prt - ok
21:44:33.0813 3204	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:44:33.0824 3204	iaStorV - ok
21:44:33.0923 3204	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:44:33.0947 3204	idsvc - ok
21:44:33.0951 3204	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:44:33.0957 3204	iirsp - ok
21:44:33.0994 3204	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:44:34.0022 3204	IKEEXT - ok
21:44:34.0040 3204	IntcAzAudAddService - ok
21:44:34.0044 3204	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:44:34.0049 3204	intelide - ok
21:44:34.0074 3204	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:44:34.0080 3204	intelppm - ok
21:44:34.0093 3204	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:44:34.0114 3204	IPBusEnum - ok
21:44:34.0133 3204	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:44:34.0153 3204	IpFilterDriver - ok
21:44:34.0185 3204	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:44:34.0211 3204	iphlpsvc - ok
21:44:34.0218 3204	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:44:34.0225 3204	IPMIDRV - ok
21:44:34.0240 3204	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:44:34.0260 3204	IPNAT - ok
21:44:34.0345 3204	iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
21:44:34.0367 3204	iPod Service - ok
21:44:34.0370 3204	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:44:34.0381 3204	IRENUM - ok
21:44:34.0384 3204	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:44:34.0391 3204	isapnp - ok
21:44:34.0410 3204	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:44:34.0419 3204	iScsiPrt - ok
21:44:34.0471 3204	JRAID           (50de7dd7edb1b512b13666588aefbf6f) C:\Windows\system32\DRIVERS\jraid.sys
21:44:34.0482 3204	JRAID - ok
21:44:34.0487 3204	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:44:34.0495 3204	kbdclass - ok
21:44:34.0514 3204	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:44:34.0523 3204	kbdhid - ok
21:44:34.0545 3204	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:44:34.0554 3204	KeyIso - ok
21:44:34.0562 3204	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:44:34.0571 3204	KSecDD - ok
21:44:34.0581 3204	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:44:34.0593 3204	KSecPkg - ok
21:44:34.0608 3204	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:44:34.0635 3204	ksthunk - ok
21:44:34.0681 3204	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:44:34.0719 3204	KtmRm - ok
21:44:34.0749 3204	L8042Kbd        (df6b07438c9709336b32481feb57dd21) C:\Windows\system32\DRIVERS\L8042Kbd.sys
21:44:34.0758 3204	L8042Kbd - ok
21:44:34.0782 3204	LADF_DHP2       (86dcbf8a41c78561a1da07ab5e7b1ccc) C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys
21:44:34.0792 3204	LADF_DHP2 - ok
21:44:34.0812 3204	LADF_SBVM       (175c04c7813ce64616b5cb046e5e1383) C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys
21:44:34.0829 3204	LADF_SBVM - ok
21:44:34.0853 3204	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:44:34.0878 3204	LanmanServer - ok
21:44:34.0897 3204	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:44:34.0919 3204	LanmanWorkstation - ok
21:44:35.0019 3204	LBTServ         (19eff704cd16dd0429e128431f1dd631) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
21:44:35.0037 3204	LBTServ - ok
21:44:35.0061 3204	LHidFilt        (1074c77a47835e03c15bf92452f9a750) C:\Windows\system32\DRIVERS\LHidFilt.Sys
21:44:35.0068 3204	LHidFilt - ok
21:44:35.0084 3204	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:44:35.0111 3204	lltdio - ok
21:44:35.0142 3204	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:44:35.0180 3204	lltdsvc - ok
21:44:35.0183 3204	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:44:35.0204 3204	lmhosts - ok
21:44:35.0209 3204	LMouFilt        (96999c364c649e2866a268f7420a304a) C:\Windows\system32\DRIVERS\LMouFilt.Sys
21:44:35.0214 3204	LMouFilt - ok
21:44:35.0239 3204	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:44:35.0246 3204	LSI_FC - ok
21:44:35.0272 3204	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:44:35.0279 3204	LSI_SAS - ok
21:44:35.0283 3204	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:44:35.0290 3204	LSI_SAS2 - ok
21:44:35.0294 3204	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:44:35.0301 3204	LSI_SCSI - ok
21:44:35.0324 3204	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:44:35.0345 3204	luafv - ok
21:44:35.0353 3204	LUsbFilt        (11ddb1d900078fbe3691df7b878aec28) C:\Windows\system32\Drivers\LUsbFilt.Sys
21:44:35.0358 3204	LUsbFilt - ok
21:44:35.0423 3204	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
21:44:35.0435 3204	MBAMProtector - ok
21:44:35.0497 3204	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:44:35.0514 3204	MBAMService - ok
21:44:35.0517 3204	MBfilt - ok
21:44:35.0547 3204	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:44:35.0560 3204	Mcx2Svc - ok
21:44:35.0564 3204	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:44:35.0573 3204	megasas - ok
21:44:35.0589 3204	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:44:35.0603 3204	MegaSR - ok
21:44:35.0654 3204	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
21:44:35.0663 3204	MEIx64 - ok
21:44:35.0674 3204	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:44:35.0700 3204	MMCSS - ok
21:44:35.0719 3204	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:44:35.0739 3204	Modem - ok
21:44:35.0766 3204	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:44:35.0776 3204	monitor - ok
21:44:35.0810 3204	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:44:35.0822 3204	mouclass - ok
21:44:35.0835 3204	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:44:35.0847 3204	mouhid - ok
21:44:35.0874 3204	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:44:35.0887 3204	mountmgr - ok
21:44:35.0939 3204	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:44:35.0952 3204	MozillaMaintenance - ok
21:44:36.0011 3204	MpFilter        (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
21:44:36.0028 3204	MpFilter - ok
21:44:36.0056 3204	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:44:36.0072 3204	mpio - ok
21:44:36.0113 3204	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:44:36.0156 3204	mpsdrv - ok
21:44:36.0208 3204	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:44:36.0257 3204	MpsSvc - ok
21:44:36.0277 3204	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:44:36.0287 3204	MRxDAV - ok
21:44:36.0312 3204	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:44:36.0320 3204	mrxsmb - ok
21:44:36.0342 3204	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:44:36.0351 3204	mrxsmb10 - ok
21:44:36.0356 3204	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:44:36.0363 3204	mrxsmb20 - ok
21:44:36.0366 3204	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\DRIVERS\msahci.sys
21:44:36.0372 3204	msahci - ok
21:44:36.0381 3204	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:44:36.0389 3204	msdsm - ok
21:44:36.0416 3204	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:44:36.0424 3204	MSDTC - ok
21:44:36.0429 3204	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:44:36.0449 3204	Msfs - ok
21:44:36.0470 3204	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:44:36.0490 3204	mshidkmdf - ok
21:44:36.0497 3204	MSICDSetup - ok
21:44:36.0501 3204	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:44:36.0507 3204	msisadrv - ok
21:44:36.0547 3204	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:44:36.0585 3204	MSiSCSI - ok
21:44:36.0587 3204	msiserver - ok
21:44:36.0665 3204	MSI_MSIBIOS_010507 (192476c10371dc83243d67432b2cdcbf) C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys
21:44:36.0674 3204	MSI_MSIBIOS_010507 - ok
21:44:36.0716 3204	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:44:36.0750 3204	MSKSSRV - ok
21:44:36.0828 3204	MsMpSvc         (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:44:36.0840 3204	MsMpSvc - ok
21:44:36.0844 3204	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:44:36.0882 3204	MSPCLOCK - ok
21:44:36.0885 3204	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:44:36.0904 3204	MSPQM - ok
21:44:36.0922 3204	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:44:36.0932 3204	MsRPC - ok
21:44:36.0945 3204	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:44:36.0951 3204	mssmbios - ok
21:44:36.0953 3204	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:44:36.0973 3204	MSTEE - ok
21:44:36.0975 3204	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:44:36.0981 3204	MTConfig - ok
21:44:36.0991 3204	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:44:36.0997 3204	Mup - ok
21:44:37.0007 3204	mv91cons        (e53d9ab63917338d7ffe12e85310a636) C:\Windows\system32\DRIVERS\mv91cons.sys
21:44:37.0012 3204	mv91cons - ok
21:44:37.0032 3204	mv91xx          (38b4c95e821528fb91df16a78e04450f) C:\Windows\system32\DRIVERS\mv91xx.sys
21:44:37.0040 3204	mv91xx - ok
21:44:37.0072 3204	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:44:37.0097 3204	napagent - ok
21:44:37.0134 3204	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:44:37.0147 3204	NativeWifiP - ok
21:44:37.0201 3204	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:44:37.0225 3204	NDIS - ok
21:44:37.0230 3204	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:44:37.0253 3204	NdisCap - ok
21:44:37.0270 3204	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:44:37.0291 3204	NdisTapi - ok
21:44:37.0368 3204	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:44:37.0400 3204	Ndisuio - ok
21:44:37.0433 3204	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:44:37.0455 3204	NdisWan - ok
21:44:37.0475 3204	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:44:37.0497 3204	NDProxy - ok
21:44:37.0501 3204	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:44:37.0521 3204	NetBIOS - ok
21:44:37.0531 3204	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:44:37.0553 3204	NetBT - ok
21:44:37.0575 3204	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:44:37.0581 3204	Netlogon - ok
21:44:37.0610 3204	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:44:37.0634 3204	Netman - ok
21:44:37.0947 3204	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:44:37.0958 3204	NetMsmqActivator - ok
21:44:37.0962 3204	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:44:37.0972 3204	NetPipeActivator - ok
21:44:37.0995 3204	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:44:38.0031 3204	netprofm - ok
21:44:38.0033 3204	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:44:38.0038 3204	NetTcpActivator - ok
21:44:38.0040 3204	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:44:38.0045 3204	NetTcpPortSharing - ok
21:44:38.0062 3204	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:44:38.0068 3204	nfrd960 - ok
21:44:38.0111 3204	NisDrv          (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:44:38.0123 3204	NisDrv - ok
21:44:38.0187 3204	NisSrv          (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
21:44:38.0205 3204	NisSrv - ok
21:44:38.0223 3204	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:44:38.0265 3204	NlaSvc - ok
21:44:38.0290 3204	nm3             (f554c5fd7bd1efa4da5cfe2eed86391f) C:\Windows\system32\DRIVERS\nm3.sys
21:44:38.0296 3204	nm3 - ok
21:44:38.0325 3204	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:44:38.0346 3204	Npfs - ok
21:44:38.0349 3204	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:44:38.0370 3204	nsi - ok
21:44:38.0373 3204	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:44:38.0393 3204	nsiproxy - ok
21:44:38.0476 3204	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:44:38.0524 3204	Ntfs - ok
21:44:38.0544 3204	NTIOLib_1_0_3 - ok
21:44:38.0603 3204	NTIOLib_1_0_4   (1b32c54b95121ab1683c7b83b2db4b96) C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys
21:44:38.0613 3204	NTIOLib_1_0_4 - ok
21:44:38.0665 3204	NTIOLib_1_0_6   (c02f70960fa934b8defa16a03d7f6556) C:\Program Files (x86)\Setup Files\Ms7681v1G0\NTIOLib_X64.sys
21:44:38.0672 3204	NTIOLib_1_0_6 ( UnsignedFile.Multi.Generic ) - warning
21:44:38.0672 3204	NTIOLib_1_0_6 - detected UnsignedFile.Multi.Generic (1)
21:44:38.0723 3204	ntk_PowerDVD    (7420b2e1f65642129b6e23bd42f752aa) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys
21:44:38.0733 3204	ntk_PowerDVD - ok
21:44:38.0807 3204	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:44:38.0841 3204	Null - ok
21:44:38.0866 3204	nusb3hub        (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
21:44:38.0873 3204	nusb3hub - ok
21:44:38.0897 3204	nusb3xhc        (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:44:38.0905 3204	nusb3xhc - ok
21:44:38.0940 3204	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:44:38.0948 3204	nvraid - ok
21:44:38.0980 3204	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:44:38.0995 3204	nvstor - ok
21:44:39.0053 3204	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:44:39.0067 3204	nv_agp - ok
21:44:39.0082 3204	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:44:39.0096 3204	ohci1394 - ok
21:44:39.0270 3204	OODefragAgent   (edd196bf2ee1f18af1bedcf68d12025f) C:\Program Files\OO Software\Defrag\oodag.exe
21:44:39.0310 3204	OODefragAgent - ok
21:44:39.0414 3204	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:44:39.0425 3204	ose - ok
21:44:39.0555 3204	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:44:39.0607 3204	osppsvc - ok
21:44:39.0679 3204	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:44:39.0708 3204	p2pimsvc - ok
21:44:39.0732 3204	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:44:39.0752 3204	p2psvc - ok
21:44:39.0766 3204	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:44:39.0774 3204	Parport - ok
21:44:39.0809 3204	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:44:39.0816 3204	partmgr - ok
21:44:39.0871 3204	PassThru Service (a1e779a0cf7a21b42e8fd3e8856d8481) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
21:44:39.0875 3204	PassThru Service ( UnsignedFile.Multi.Generic ) - warning
21:44:39.0875 3204	PassThru Service - detected UnsignedFile.Multi.Generic (1)
21:44:39.0888 3204	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:44:39.0910 3204	PcaSvc - ok
21:44:39.0942 3204	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:44:39.0957 3204	pci - ok
21:44:39.0961 3204	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:44:39.0972 3204	pciide - ok
21:44:39.0986 3204	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:44:39.0995 3204	pcmcia - ok
21:44:39.0998 3204	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:44:40.0004 3204	pcw - ok
21:44:40.0021 3204	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:44:40.0046 3204	PEAUTH - ok
21:44:40.0132 3204	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
21:44:40.0187 3204	PeerDistSvc - ok
21:44:40.0238 3204	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:44:40.0252 3204	PerfHost - ok
21:44:40.0350 3204	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:44:40.0433 3204	pla - ok
21:44:40.0462 3204	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:44:40.0484 3204	PlugPlay - ok
21:44:40.0496 3204	PnkBstrA - ok
21:44:40.0503 3204	PnkBstrB - ok
21:44:40.0507 3204	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:44:40.0514 3204	PNRPAutoReg - ok
21:44:40.0535 3204	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:44:40.0544 3204	PNRPsvc - ok
21:44:40.0568 3204	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:44:40.0596 3204	PolicyAgent - ok
21:44:40.0609 3204	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:44:40.0632 3204	Power - ok
21:44:40.0663 3204	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:44:40.0698 3204	PptpMiniport - ok
21:44:40.0722 3204	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:44:40.0728 3204	Processor - ok
21:44:40.0740 3204	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:44:40.0761 3204	ProfSvc - ok
21:44:40.0796 3204	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:44:40.0802 3204	ProtectedStorage - ok
21:44:40.0845 3204	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:44:40.0879 3204	Psched - ok
21:44:40.0969 3204	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:44:41.0027 3204	ql2300 - ok
21:44:41.0077 3204	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:44:41.0084 3204	ql40xx - ok
21:44:41.0109 3204	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:44:41.0121 3204	QWAVE - ok
21:44:41.0125 3204	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:44:41.0135 3204	QWAVEdrv - ok
21:44:41.0176 3204	RapiMgr         (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
21:44:41.0191 3204	RapiMgr - ok
21:44:41.0209 3204	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:44:41.0242 3204	RasAcd - ok
21:44:41.0265 3204	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:44:41.0287 3204	RasAgileVpn - ok
21:44:41.0295 3204	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:44:41.0319 3204	RasAuto - ok
21:44:41.0327 3204	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:44:41.0347 3204	Rasl2tp - ok
21:44:41.0368 3204	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:44:41.0391 3204	RasMan - ok
21:44:41.0397 3204	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:44:41.0418 3204	RasPppoe - ok
21:44:41.0428 3204	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:44:41.0449 3204	RasSstp - ok
21:44:41.0473 3204	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:44:41.0494 3204	rdbss - ok
21:44:41.0497 3204	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:44:41.0505 3204	rdpbus - ok
21:44:41.0517 3204	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:44:41.0536 3204	RDPCDD - ok
21:44:41.0567 3204	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
21:44:41.0596 3204	RDPDR - ok
21:44:41.0599 3204	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:44:41.0631 3204	RDPENCDD - ok
21:44:41.0634 3204	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:44:41.0654 3204	RDPREFMP - ok
21:44:41.0688 3204	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
21:44:41.0710 3204	RdpVideoMiniport - ok
21:44:41.0750 3204	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
21:44:41.0766 3204	RDPWD - ok
21:44:41.0790 3204	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:44:41.0801 3204	rdyboost - ok
21:44:41.0819 3204	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:44:41.0847 3204	RemoteAccess - ok
21:44:41.0857 3204	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:44:41.0886 3204	RemoteRegistry - ok
21:44:41.0892 3204	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:44:41.0913 3204	RpcEptMapper - ok
21:44:41.0921 3204	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:44:41.0928 3204	RpcLocator - ok
21:44:41.0950 3204	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:44:41.0973 3204	RpcSs - ok
21:44:41.0979 3204	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:44:41.0999 3204	rspndr - ok
21:44:42.0025 3204	RTL8167         (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:44:42.0035 3204	RTL8167 - ok
21:44:42.0061 3204	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
21:44:42.0091 3204	s3cap - ok
21:44:42.0120 3204	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:44:42.0133 3204	SamSs - ok
21:44:42.0158 3204	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:44:42.0169 3204	sbp2port - ok
21:44:42.0181 3204	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:44:42.0209 3204	SCardSvr - ok
21:44:42.0230 3204	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:44:42.0252 3204	scfilter - ok
21:44:42.0296 3204	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:44:42.0354 3204	Schedule - ok
21:44:42.0372 3204	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:44:42.0392 3204	SCPolicySvc - ok
21:44:42.0408 3204	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:44:42.0416 3204	SDRSVC - ok
21:44:42.0455 3204	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:44:42.0475 3204	secdrv - ok
21:44:42.0479 3204	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:44:42.0499 3204	seclogon - ok
21:44:42.0514 3204	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:44:42.0535 3204	SENS - ok
21:44:42.0538 3204	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:44:42.0556 3204	SensrSvc - ok
21:44:42.0566 3204	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:44:42.0573 3204	Serenum - ok
21:44:42.0603 3204	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:44:42.0610 3204	Serial - ok
21:44:42.0613 3204	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:44:42.0620 3204	sermouse - ok
21:44:42.0687 3204	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:44:42.0731 3204	SessionEnv - ok
21:44:42.0780 3204	SetupARService  (18a4eb256e35a6dd233c4d005835879a) C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe
21:44:42.0784 3204	SetupARService ( UnsignedFile.Multi.Generic ) - warning
21:44:42.0784 3204	SetupARService - detected UnsignedFile.Multi.Generic (1)
21:44:42.0788 3204	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:44:42.0802 3204	sffdisk - ok
21:44:42.0806 3204	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:44:42.0816 3204	sffp_mmc - ok
21:44:42.0819 3204	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:44:42.0828 3204	sffp_sd - ok
21:44:42.0831 3204	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:44:42.0837 3204	sfloppy - ok
21:44:42.0854 3204	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:44:42.0879 3204	SharedAccess - ok
21:44:42.0902 3204	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:44:42.0949 3204	ShellHWDetection - ok
21:44:42.0953 3204	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:44:42.0959 3204	SiSRaid2 - ok
21:44:42.0963 3204	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:44:42.0970 3204	SiSRaid4 - ok
21:44:43.0027 3204	SkypeUpdate     (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:44:43.0038 3204	SkypeUpdate - ok
21:44:43.0058 3204	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:44:43.0094 3204	Smb - ok
21:44:43.0117 3204	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:44:43.0125 3204	SNMPTRAP - ok
21:44:43.0137 3204	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:44:43.0144 3204	spldr - ok
21:44:43.0172 3204	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:44:43.0202 3204	Spooler - ok
21:44:43.0337 3204	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:44:43.0415 3204	sppsvc - ok
21:44:43.0480 3204	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:44:43.0515 3204	sppuinotify - ok
21:44:43.0548 3204	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:44:43.0558 3204	srv - ok
21:44:43.0588 3204	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:44:43.0603 3204	srv2 - ok
21:44:43.0636 3204	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:44:43.0650 3204	srvnet - ok
21:44:43.0680 3204	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:44:43.0724 3204	SSDPSRV - ok
21:44:43.0736 3204	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:44:43.0757 3204	SstpSvc - ok
21:44:43.0781 3204	Steam Client Service - ok
21:44:43.0785 3204	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:44:43.0790 3204	stexstor - ok
21:44:43.0816 3204	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:44:43.0832 3204	stisvc - ok
21:44:43.0852 3204	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
21:44:43.0858 3204	storflt - ok
21:44:43.0862 3204	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
21:44:43.0868 3204	storvsc - ok
21:44:43.0876 3204	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:44:43.0881 3204	swenum - ok
21:44:43.0923 3204	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:44:43.0949 3204	swprv - ok
21:44:43.0958 3204	Synth3dVsc - ok
21:44:44.0068 3204	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:44:44.0124 3204	SysMain - ok
21:44:44.0149 3204	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:44:44.0163 3204	TabletInputService - ok
21:44:44.0180 3204	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:44:44.0210 3204	TapiSrv - ok
21:44:44.0216 3204	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:44:44.0240 3204	TBS - ok
21:44:44.0309 3204	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:44:44.0383 3204	Tcpip - ok
21:44:44.0497 3204	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:44:44.0523 3204	TCPIP6 - ok
21:44:44.0582 3204	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:44:44.0616 3204	tcpipreg - ok
21:44:44.0640 3204	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:44:44.0646 3204	TDPIPE - ok
21:44:44.0685 3204	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:44:44.0698 3204	TDTCP - ok
21:44:44.0727 3204	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:44:44.0763 3204	tdx - ok
21:44:44.0772 3204	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:44:44.0778 3204	TermDD - ok
21:44:44.0808 3204	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:44:44.0835 3204	TermService - ok
21:44:44.0839 3204	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:44:44.0848 3204	Themes - ok
21:44:44.0880 3204	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:44:44.0901 3204	THREADORDER - ok
21:44:44.0908 3204	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:44:44.0929 3204	TrkWks - ok
21:44:44.0960 3204	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:44:44.0980 3204	TrustedInstaller - ok
21:44:44.0986 3204	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:44:45.0005 3204	tssecsrv - ok
21:44:45.0030 3204	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:44:45.0057 3204	TsUsbFlt - ok
21:44:45.0060 3204	tsusbhub - ok
21:44:45.0089 3204	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:44:45.0127 3204	tunnel - ok
21:44:45.0203 3204	TwonkyProxy - ok
21:44:45.0239 3204	TwonkyServer - ok
21:44:45.0244 3204	TwonkyWebDav - ok
21:44:45.0288 3204	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:44:45.0301 3204	uagp35 - ok
21:44:45.0323 3204	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:44:45.0357 3204	udfs - ok
21:44:45.0442 3204	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:44:45.0459 3204	UI0Detect - ok
21:44:45.0485 3204	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:44:45.0498 3204	uliagpkx - ok
21:44:45.0529 3204	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:44:45.0543 3204	umbus - ok
21:44:45.0569 3204	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:44:45.0581 3204	UmPass - ok
21:44:45.0633 3204	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
21:44:45.0649 3204	UmRdpService - ok
21:44:45.0718 3204	UnlockerDriver5 (9dc07e73a4abb9acf692113b36a5009f) C:\Program Files\Unlocker\UnlockerDriver5.sys
21:44:45.0727 3204	UnlockerDriver5 - ok
21:44:45.0747 3204	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:44:45.0796 3204	upnphost - ok
21:44:45.0827 3204	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:44:45.0832 3204	USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
21:44:45.0832 3204	USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
21:44:45.0844 3204	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:44:45.0861 3204	usbaudio - ok
21:44:45.0899 3204	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:44:45.0921 3204	usbccgp - ok
21:44:45.0930 3204	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:44:45.0945 3204	usbcir - ok
21:44:45.0976 3204	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:44:45.0989 3204	usbehci - ok
21:44:46.0009 3204	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:44:46.0024 3204	usbhub - ok
21:44:46.0069 3204	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:44:46.0082 3204	usbohci - ok
21:44:46.0129 3204	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:44:46.0146 3204	usbprint - ok
21:44:46.0159 3204	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:44:46.0178 3204	USBSTOR - ok
21:44:46.0183 3204	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:44:46.0195 3204	usbuhci - ok
21:44:46.0227 3204	usb_rndisx      (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
21:44:46.0244 3204	usb_rndisx - ok
21:44:46.0268 3204	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:44:46.0306 3204	UxSms - ok
21:44:46.0324 3204	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:44:46.0330 3204	VaultSvc - ok
21:44:46.0341 3204	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:44:46.0347 3204	vdrvroot - ok
21:44:46.0377 3204	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:44:46.0403 3204	vds - ok
21:44:46.0407 3204	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:44:46.0416 3204	vga - ok
21:44:46.0462 3204	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:44:46.0497 3204	VgaSave - ok
21:44:46.0499 3204	VGPU - ok
21:44:46.0512 3204	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:44:46.0520 3204	vhdmp - ok
21:44:46.0524 3204	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:44:46.0530 3204	viaide - ok
21:44:46.0541 3204	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
21:44:46.0549 3204	vmbus - ok
21:44:46.0553 3204	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
21:44:46.0560 3204	VMBusHID - ok
21:44:46.0566 3204	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:44:46.0572 3204	volmgr - ok
21:44:46.0606 3204	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:44:46.0626 3204	volmgrx - ok
21:44:46.0642 3204	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:44:46.0653 3204	volsnap - ok
21:44:46.0690 3204	vpcbus          (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
21:44:46.0704 3204	vpcbus - ok
21:44:46.0740 3204	vpcnfltr        (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
21:44:46.0752 3204	vpcnfltr - ok
21:44:46.0762 3204	vpcusb          (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
21:44:46.0775 3204	vpcusb - ok
21:44:46.0779 3204	vpcuxd          (63f4e10873beb4124028c6d1a66b0968) C:\Windows\system32\DRIVERS\vpcuxd.sys
21:44:46.0787 3204	vpcuxd - ok
21:44:46.0824 3204	vpcvmm          (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
21:44:46.0834 3204	vpcvmm - ok
21:44:46.0863 3204	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:44:46.0872 3204	vsmraid - ok
21:44:46.0948 3204	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:44:47.0017 3204	VSS - ok
21:44:47.0082 3204	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:44:47.0099 3204	vwifibus - ok
21:44:47.0136 3204	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:44:47.0178 3204	W32Time - ok
21:44:47.0220 3204	W3SVC           (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
21:44:47.0231 3204	W3SVC - ok
21:44:47.0234 3204	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:44:47.0241 3204	WacomPen - ok
21:44:47.0257 3204	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:44:47.0277 3204	WANARP - ok
21:44:47.0279 3204	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:44:47.0299 3204	Wanarpv6 - ok
21:44:47.0303 3204	WAS             (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
21:44:47.0311 3204	WAS - ok
21:44:47.0383 3204	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:44:47.0430 3204	WatAdminSvc - ok
21:44:47.0531 3204	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:44:47.0587 3204	wbengine - ok
21:44:47.0686 3204	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:44:47.0709 3204	WbioSrvc - ok
21:44:47.0746 3204	WcesComm        (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
21:44:47.0765 3204	WcesComm - ok
21:44:47.0785 3204	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:44:47.0799 3204	wcncsvc - ok
21:44:47.0802 3204	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:44:47.0817 3204	WcsPlugInService - ok
21:44:47.0844 3204	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:44:47.0850 3204	Wd - ok
21:44:47.0885 3204	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:44:47.0900 3204	Wdf01000 - ok
21:44:47.0908 3204	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:44:47.0981 3204	WdiServiceHost - ok
21:44:47.0984 3204	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:44:48.0003 3204	WdiSystemHost - ok
21:44:48.0020 3204	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:44:48.0034 3204	WebClient - ok
21:44:48.0048 3204	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:44:48.0072 3204	Wecsvc - ok
21:44:48.0079 3204	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:44:48.0101 3204	wercplsupport - ok
21:44:48.0117 3204	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:44:48.0138 3204	WerSvc - ok
21:44:48.0151 3204	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:44:48.0171 3204	WfpLwf - ok
21:44:48.0194 3204	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:44:48.0200 3204	WIMMount - ok
21:44:48.0203 3204	WinDefend - ok
21:44:48.0206 3204	WinHttpAutoProxySvc - ok
21:44:48.0251 3204	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:44:48.0289 3204	Winmgmt - ok
21:44:48.0349 3204	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:44:48.0406 3204	WinRM - ok
21:44:48.0476 3204	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:44:48.0492 3204	WinUsb - ok
21:44:48.0534 3204	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:44:48.0557 3204	Wlansvc - ok
21:44:48.0648 3204	wlidsvc         (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:44:48.0681 3204	wlidsvc - ok
21:44:48.0733 3204	WmBEnum         (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
21:44:48.0742 3204	WmBEnum - ok
21:44:48.0787 3204	WmFilter        (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
21:44:48.0795 3204	WmFilter - ok
21:44:48.0823 3204	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:44:48.0829 3204	WmiAcpi - ok
21:44:48.0855 3204	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:44:48.0863 3204	wmiApSrv - ok
21:44:48.0900 3204	WMPNetworkSvc - ok
21:44:48.0904 3204	WmVirHid        (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
21:44:48.0908 3204	WmVirHid - ok
21:44:48.0914 3204	WmXlCore        (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
21:44:48.0919 3204	WmXlCore - ok
21:44:48.0928 3204	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:44:48.0943 3204	WPCSvc - ok
21:44:48.0969 3204	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:44:48.0984 3204	WPDBusEnum - ok
21:44:49.0005 3204	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:44:49.0039 3204	ws2ifsl - ok
21:44:49.0045 3204	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
21:44:49.0055 3204	wscsvc - ok
21:44:49.0056 3204	WSearch - ok
21:44:49.0126 3204	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:44:49.0199 3204	wuauserv - ok
21:44:49.0244 3204	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:44:49.0279 3204	WudfPf - ok
21:44:49.0306 3204	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:44:49.0327 3204	WUDFRd - ok
21:44:49.0332 3204	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:44:49.0353 3204	wudfsvc - ok
21:44:49.0365 3204	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:44:49.0376 3204	WwanSvc - ok
21:44:49.0429 3204	{329F96B6-DF1E-4328-BFDA-39EA953C1312} (1870a74ee2901ca09ffbfe79a5ee0e94) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
21:44:49.0441 3204	{329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
21:44:49.0480 3204	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:44:49.0658 3204	\Device\Harddisk0\DR0 - ok
21:44:49.0661 3204	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
21:44:49.0714 3204	\Device\Harddisk1\DR1 - ok
21:44:49.0717 3204	Boot (0x1200)   (6112cfafcb084d9fa421e9a45a3432f0) \Device\Harddisk0\DR0\Partition0
21:44:49.0718 3204	\Device\Harddisk0\DR0\Partition0 - ok
21:44:49.0745 3204	Boot (0x1200)   (44ae5cabcda59a4331db0737efc80198) \Device\Harddisk0\DR0\Partition1
21:44:49.0748 3204	\Device\Harddisk0\DR0\Partition1 - ok
21:44:49.0751 3204	Boot (0x1200)   (e8ab15c8c510644298abc8bd7049d262) \Device\Harddisk1\DR1\Partition0
21:44:49.0752 3204	\Device\Harddisk1\DR1\Partition0 - ok
21:44:49.0753 3204	============================================================
21:44:49.0753 3204	Scan finished
21:44:49.0753 3204	============================================================
21:44:49.0764 6304	Detected object count: 4
21:44:49.0764 6304	Actual detected object count: 4
21:45:01.0969 6304	NTIOLib_1_0_6 ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:01.0969 6304	NTIOLib_1_0_6 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:45:01.0970 6304	PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:01.0970 6304	PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:45:01.0971 6304	SetupARService ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:01.0971 6304	SetupARService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:45:01.0972 6304	USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:01.0972 6304	USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:45:13.0908 6636	============================================================
21:45:13.0908 6636	Scan started
21:45:13.0908 6636	Mode: Manual; SigCheck; TDLFS; 
21:45:13.0908 6636	============================================================
21:45:14.0318 6636	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
21:45:14.0342 6636	1394ohci - ok
21:45:14.0371 6636	acedrv11        (a3769020f7e8a70fd3e824c050f33306) C:\Windows\system32\drivers\acedrv11.sys
21:45:14.0381 6636	acedrv11 - ok
21:45:14.0398 6636	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:45:14.0407 6636	ACPI - ok
21:45:14.0425 6636	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:45:14.0434 6636	AcpiPmi - ok
21:45:14.0479 6636	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:45:14.0489 6636	AdobeARMservice - ok
21:45:14.0580 6636	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:45:14.0594 6636	AdobeFlashPlayerUpdateSvc - ok
21:45:14.0638 6636	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:45:14.0658 6636	adp94xx - ok
21:45:14.0676 6636	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:45:14.0691 6636	adpahci - ok
21:45:14.0702 6636	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:45:14.0713 6636	adpu320 - ok
21:45:14.0741 6636	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:45:14.0777 6636	AeLookupSvc - ok
21:45:14.0816 6636	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:45:14.0826 6636	AFD - ok
21:45:14.0831 6636	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:45:14.0837 6636	agp440 - ok
21:45:14.0852 6636	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:45:14.0860 6636	ALG - ok
21:45:14.0862 6636	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:45:14.0868 6636	aliide - ok
21:45:14.0895 6636	AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
21:45:14.0906 6636	AMD External Events Utility - ok
21:45:14.0909 6636	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:45:14.0915 6636	amdide - ok
21:45:14.0920 6636	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:45:14.0926 6636	AmdK8 - ok
21:45:15.0184 6636	amdkmdag        (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
21:45:15.0266 6636	amdkmdag - ok
21:45:15.0268 6636	Scan interrupted by user!
21:45:15.0268 6636	Scan interrupted by user!
21:45:15.0268 6636	Scan interrupted by user!
21:45:15.0268 6636	============================================================
21:45:15.0268 6636	Scan finished
21:45:15.0268 6636	============================================================
21:45:15.0272 7056	Detected object count: 0
21:45:15.0272 7056	Actual detected object count: 0
21:45:17.0575 6716	============================================================
21:45:17.0575 6716	Scan started
21:45:17.0575 6716	Mode: Manual; SigCheck; TDLFS; 
21:45:17.0575 6716	============================================================
21:45:17.0865 6716	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
21:45:17.0881 6716	1394ohci - ok
21:45:17.0918 6716	acedrv11        (a3769020f7e8a70fd3e824c050f33306) C:\Windows\system32\drivers\acedrv11.sys
21:45:17.0930 6716	acedrv11 - ok
21:45:17.0945 6716	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:45:17.0958 6716	ACPI - ok
21:45:17.0979 6716	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:45:17.0991 6716	AcpiPmi - ok
21:45:18.0026 6716	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:45:18.0032 6716	AdobeARMservice - ok
21:45:18.0119 6716	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:45:18.0132 6716	AdobeFlashPlayerUpdateSvc - ok
21:45:18.0177 6716	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:45:18.0195 6716	adp94xx - ok
21:45:18.0214 6716	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:45:18.0225 6716	adpahci - ok
21:45:18.0235 6716	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:45:18.0244 6716	adpu320 - ok
21:45:18.0279 6716	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:45:18.0317 6716	AeLookupSvc - ok
21:45:18.0350 6716	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:45:18.0369 6716	AFD - ok
21:45:18.0375 6716	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:45:18.0384 6716	agp440 - ok
21:45:18.0407 6716	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:45:18.0418 6716	ALG - ok
21:45:18.0421 6716	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:45:18.0429 6716	aliide - ok
21:45:18.0458 6716	AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
21:45:18.0477 6716	AMD External Events Utility - ok
21:45:18.0480 6716	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:45:18.0492 6716	amdide - ok
21:45:18.0497 6716	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:45:18.0503 6716	AmdK8 - ok
21:45:18.0764 6716	amdkmdag        (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
21:45:18.0846 6716	amdkmdag - ok
21:45:18.0922 6716	amdkmdap        (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
21:45:18.0942 6716	amdkmdap - ok
21:45:18.0948 6716	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:45:18.0954 6716	AmdPPM - ok
21:45:18.0978 6716	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:45:18.0985 6716	amdsata - ok
21:45:18.0998 6716	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:45:19.0005 6716	amdsbs - ok
21:45:19.0064 6716	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:45:19.0076 6716	amdxata - ok
21:45:19.0112 6716	AppHostSvc      (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
21:45:19.0122 6716	AppHostSvc - ok
21:45:19.0154 6716	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:45:19.0188 6716	AppID - ok
21:45:19.0191 6716	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:45:19.0211 6716	AppIDSvc - ok
21:45:19.0216 6716	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:45:19.0235 6716	Appinfo - ok
21:45:19.0274 6716	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:45:19.0284 6716	Apple Mobile Device - ok
21:45:19.0312 6716	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
21:45:19.0326 6716	AppMgmt - ok
21:45:19.0334 6716	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:45:19.0346 6716	arc - ok
21:45:19.0354 6716	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:45:19.0364 6716	arcsas - ok
21:45:19.0477 6716	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:45:19.0486 6716	aspnet_state - ok
21:45:19.0500 6716	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:45:19.0533 6716	AsyncMac - ok
21:45:19.0555 6716	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:45:19.0560 6716	atapi - ok
21:45:19.0582 6716	AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
21:45:19.0587 6716	AtiHDAudioService - ok
21:45:19.0638 6716	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:45:19.0674 6716	AudioEndpointBuilder - ok
21:45:19.0679 6716	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:45:19.0702 6716	AudioSrv - ok
21:45:19.0721 6716	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:45:19.0731 6716	AxInstSV - ok
21:45:19.0758 6716	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:45:19.0767 6716	b06bdrv - ok
21:45:19.0785 6716	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:45:19.0792 6716	b57nd60a - ok
21:45:19.0827 6716	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:45:19.0834 6716	BDESVC - ok
21:45:19.0842 6716	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:45:19.0863 6716	Beep - ok
21:45:19.0896 6716	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:45:19.0924 6716	BFE - ok
21:45:19.0962 6716	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:45:19.0996 6716	BITS - ok
21:45:20.0021 6716	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:45:20.0027 6716	blbdrive - ok
21:45:20.0082 6716	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:45:20.0099 6716	Bonjour Service - ok
21:45:20.0115 6716	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:45:20.0122 6716	bowser - ok
21:45:20.0149 6716	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:45:20.0158 6716	BrFiltLo - ok
21:45:20.0161 6716	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:45:20.0170 6716	BrFiltUp - ok
21:45:20.0199 6716	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:45:20.0235 6716	Browser - ok
21:45:20.0250 6716	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:45:20.0258 6716	Brserid - ok
21:45:20.0262 6716	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:45:20.0270 6716	BrSerWdm - ok
21:45:20.0272 6716	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:45:20.0280 6716	BrUsbMdm - ok
21:45:20.0282 6716	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:45:20.0288 6716	BrUsbSer - ok
21:45:20.0292 6716	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:45:20.0300 6716	BTHMODEM - ok
21:45:20.0306 6716	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:45:20.0326 6716	bthserv - ok
21:45:20.0333 6716	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:45:20.0354 6716	cdfs - ok
21:45:20.0378 6716	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:45:20.0385 6716	cdrom - ok
21:45:20.0390 6716	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:45:20.0410 6716	CertPropSvc - ok
21:45:20.0413 6716	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:45:20.0421 6716	circlass - ok
21:45:20.0438 6716	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:45:20.0447 6716	CLFS - ok
21:45:20.0469 6716	CLHNServiceForPowerDVD (db26c2ba2ac0ab6be1cfa59f61ce22da) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
21:45:20.0474 6716	CLHNServiceForPowerDVD - ok
21:45:20.0553 6716	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:45:20.0563 6716	clr_optimization_v2.0.50727_32 - ok
21:45:20.0613 6716	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:45:20.0624 6716	clr_optimization_v2.0.50727_64 - ok
21:45:20.0678 6716	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:45:20.0689 6716	clr_optimization_v4.0.30319_32 - ok
21:45:20.0743 6716	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:45:20.0754 6716	clr_optimization_v4.0.30319_64 - ok
21:45:20.0787 6716	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:45:20.0799 6716	CmBatt - ok
21:45:20.0828 6716	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:45:20.0840 6716	cmdide - ok
21:45:20.0883 6716	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:45:20.0911 6716	CNG - ok
21:45:20.0916 6716	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:45:20.0924 6716	Compbatt - ok
21:45:20.0931 6716	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:45:20.0939 6716	CompositeBus - ok
21:45:20.0941 6716	COMSysApp - ok
21:45:20.0954 6716	cpuz135         (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
21:45:20.0959 6716	cpuz135 - ok
21:45:20.0961 6716	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:45:20.0967 6716	crcdisk - ok
21:45:20.0993 6716	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:45:21.0013 6716	CryptSvc - ok
21:45:21.0053 6716	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:45:21.0072 6716	CSC - ok
21:45:21.0107 6716	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
21:45:21.0129 6716	CscService - ok
21:45:21.0156 6716	CVirtA          (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
21:45:21.0160 6716	CVirtA - ok
21:45:21.0199 6716	CyberLink PowerDVD 11.0 Monitor Service (e27d60e5a51eedf9a57f5b69a9a6457d) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
21:45:21.0208 6716	CyberLink PowerDVD 11.0 Monitor Service - ok
21:45:21.0218 6716	CyberLink PowerDVD 11.0 Service (857943a77b06ac056771a3b12cd318dd) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
21:45:21.0231 6716	CyberLink PowerDVD 11.0 Service - ok
21:45:21.0329 6716	DAUpdaterSvc    (914a7156b0c0f10be645a02e13f576b2) c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe
21:45:21.0337 6716	DAUpdaterSvc - ok
21:45:21.0369 6716	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:45:21.0400 6716	DcomLaunch - ok
21:45:21.0423 6716	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:45:21.0446 6716	defragsvc - ok
21:45:21.0484 6716	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:45:21.0505 6716	DfsC - ok
21:45:21.0521 6716	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:45:21.0545 6716	Dhcp - ok
21:45:21.0560 6716	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:45:21.0580 6716	discache - ok
21:45:21.0586 6716	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:45:21.0592 6716	Disk - ok
21:45:21.0619 6716	DNE             (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
21:45:21.0624 6716	DNE - ok
21:45:21.0649 6716	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:45:21.0657 6716	Dnscache - ok
21:45:21.0683 6716	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:45:21.0705 6716	dot3svc - ok
21:45:21.0716 6716	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:45:21.0737 6716	DPS - ok
21:45:21.0760 6716	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:45:21.0768 6716	drmkaud - ok
21:45:21.0814 6716	dtsoftbus01     (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:45:21.0821 6716	dtsoftbus01 - ok
21:45:21.0863 6716	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:45:21.0878 6716	DXGKrnl - ok
21:45:21.0886 6716	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:45:21.0907 6716	EapHost - ok
21:45:22.0011 6716	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:45:22.0047 6716	ebdrv - ok
21:45:22.0136 6716	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:45:22.0149 6716	EFS - ok
21:45:22.0208 6716	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:45:22.0231 6716	ehRecvr - ok
21:45:22.0247 6716	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:45:22.0256 6716	ehSched - ok
21:45:22.0288 6716	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:45:22.0301 6716	elxstor - ok
21:45:22.0317 6716	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:45:22.0324 6716	ErrDev - ok
21:45:22.0380 6716	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:45:22.0418 6716	EventSystem - ok
21:45:22.0429 6716	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:45:22.0458 6716	exfat - ok
21:45:22.0493 6716	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:45:22.0514 6716	fastfat - ok
21:45:22.0547 6716	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:45:22.0558 6716	Fax - ok
21:45:22.0562 6716	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:45:22.0568 6716	fdc - ok
21:45:22.0588 6716	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:45:22.0609 6716	fdPHost - ok
21:45:22.0612 6716	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:45:22.0633 6716	FDResPub - ok
21:45:22.0639 6716	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:45:22.0645 6716	FileInfo - ok
21:45:22.0648 6716	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:45:22.0667 6716	Filetrace - ok
21:45:22.0670 6716	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:45:22.0676 6716	flpydisk - ok
21:45:22.0689 6716	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:45:22.0697 6716	FltMgr - ok
21:45:22.0780 6716	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:45:22.0808 6716	FontCache - ok
21:45:22.0885 6716	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:45:22.0894 6716	FontCache3.0.0.0 - ok
21:45:22.0903 6716	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:45:22.0915 6716	FsDepends - ok
21:45:22.0956 6716	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:45:22.0968 6716	Fs_Rec - ok
21:45:22.0982 6716	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:45:22.0997 6716	fvevol - ok
21:45:23.0003 6716	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:45:23.0010 6716	gagp30kx - ok
21:45:23.0038 6716	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:45:23.0043 6716	GEARAspiWDM - ok
21:45:23.0067 6716	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:45:23.0095 6716	gpsvc - ok
21:45:23.0126 6716	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:45:23.0131 6716	gupdate - ok
21:45:23.0133 6716	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:45:23.0138 6716	gupdatem - ok
21:45:23.0161 6716	gusvc           (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:45:23.0167 6716	gusvc - ok
21:45:23.0185 6716	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:45:23.0191 6716	hcw85cir - ok
21:45:23.0230 6716	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:45:23.0249 6716	HdAudAddService - ok
21:45:23.0262 6716	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:45:23.0280 6716	HDAudBus - ok
21:45:23.0284 6716	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:45:23.0294 6716	HidBatt - ok
21:45:23.0301 6716	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:45:23.0309 6716	HidBth - ok
21:45:23.0313 6716	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:45:23.0321 6716	HidIr - ok
21:45:23.0335 6716	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:45:23.0355 6716	hidserv - ok
21:45:23.0365 6716	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:45:23.0372 6716	HidUsb - ok
21:45:23.0389 6716	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:45:23.0409 6716	hkmsvc - ok
21:45:23.0421 6716	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:45:23.0429 6716	HomeGroupListener - ok
21:45:23.0439 6716	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:45:23.0447 6716	HomeGroupProvider - ok
21:45:23.0454 6716	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:45:23.0460 6716	HpSAMD - ok
21:45:23.0491 6716	HTCAND64        (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
21:45:23.0498 6716	HTCAND64 - ok
21:45:23.0516 6716	htcnprot        (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
21:45:23.0521 6716	htcnprot - ok
21:45:23.0556 6716	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:45:23.0584 6716	HTTP - ok
21:45:23.0601 6716	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:45:23.0607 6716	hwpolicy - ok
21:45:23.0613 6716	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:45:23.0620 6716	i8042prt - ok
21:45:23.0648 6716	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:45:23.0658 6716	iaStorV - ok
21:45:23.0795 6716	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:45:23.0816 6716	idsvc - ok
21:45:23.0821 6716	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:45:23.0830 6716	iirsp - ok
21:45:23.0871 6716	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:45:23.0907 6716	IKEEXT - ok
21:45:23.0910 6716	IntcAzAudAddService - ok
21:45:23.0913 6716	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:45:23.0919 6716	intelide - ok
21:45:23.0928 6716	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:45:23.0935 6716	intelppm - ok
21:45:23.0941 6716	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:45:23.0961 6716	IPBusEnum - ok
21:45:23.0979 6716	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:45:23.0998 6716	IpFilterDriver - ok
21:45:24.0023 6716	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:45:24.0049 6716	iphlpsvc - ok
21:45:24.0055 6716	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:45:24.0062 6716	IPMIDRV - ok
21:45:24.0071 6716	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:45:24.0094 6716	IPNAT - ok
21:45:24.0165 6716	iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
21:45:24.0185 6716	iPod Service - ok
21:45:24.0189 6716	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:45:24.0198 6716	IRENUM - ok
21:45:24.0201 6716	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:45:24.0206 6716	isapnp - ok
21:45:24.0223 6716	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:45:24.0230 6716	iScsiPrt - ok
21:45:24.0259 6716	JRAID           (50de7dd7edb1b512b13666588aefbf6f) C:\Windows\system32\DRIVERS\jraid.sys
21:45:24.0264 6716	JRAID - ok
21:45:24.0269 6716	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:45:24.0274 6716	kbdclass - ok
21:45:24.0286 6716	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:45:24.0292 6716	kbdhid - ok
21:45:24.0316 6716	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:45:24.0323 6716	KeyIso - ok
21:45:24.0334 6716	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:45:24.0340 6716	KSecDD - ok
21:45:24.0350 6716	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:45:24.0357 6716	KSecPkg - ok
21:45:24.0362 6716	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:45:24.0382 6716	ksthunk - ok
21:45:24.0411 6716	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:45:24.0434 6716	KtmRm - ok
21:45:24.0454 6716	L8042Kbd        (df6b07438c9709336b32481feb57dd21) C:\Windows\system32\DRIVERS\L8042Kbd.sys
21:45:24.0459 6716	L8042Kbd - ok
21:45:24.0487 6716	LADF_DHP2       (86dcbf8a41c78561a1da07ab5e7b1ccc) C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys
21:45:24.0491 6716	LADF_DHP2 - ok
21:45:24.0502 6716	LADF_SBVM       (175c04c7813ce64616b5cb046e5e1383) C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys
21:45:24.0509 6716	LADF_SBVM - ok
21:45:24.0541 6716	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:45:24.0564 6716	LanmanServer - ok
21:45:24.0576 6716	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:45:24.0598 6716	LanmanWorkstation - ok
21:45:24.0656 6716	LBTServ         (19eff704cd16dd0429e128431f1dd631) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
21:45:24.0665 6716	LBTServ - ok
21:45:24.0691 6716	LHidFilt        (1074c77a47835e03c15bf92452f9a750) C:\Windows\system32\DRIVERS\LHidFilt.Sys
21:45:24.0697 6716	LHidFilt - ok
21:45:24.0707 6716	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:45:24.0732 6716	lltdio - ok
21:45:24.0763 6716	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:45:24.0786 6716	lltdsvc - ok
21:45:24.0789 6716	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:45:24.0810 6716	lmhosts - ok
21:45:24.0814 6716	LMouFilt        (96999c364c649e2866a268f7420a304a) C:\Windows\system32\DRIVERS\LMouFilt.Sys
21:45:24.0819 6716	LMouFilt - ok
21:45:24.0829 6716	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:45:24.0835 6716	LSI_FC - ok
21:45:24.0844 6716	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:45:24.0851 6716	LSI_SAS - ok
21:45:24.0855 6716	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:45:24.0862 6716	LSI_SAS2 - ok
21:45:24.0868 6716	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:45:24.0875 6716	LSI_SCSI - ok
21:45:24.0882 6716	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:45:24.0903 6716	luafv - ok
21:45:24.0907 6716	LUsbFilt        (11ddb1d900078fbe3691df7b878aec28) C:\Windows\system32\Drivers\LUsbFilt.Sys
21:45:24.0912 6716	LUsbFilt - ok
21:45:24.0945 6716	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
21:45:24.0950 6716	MBAMProtector - ok
21:45:25.0000 6716	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:45:25.0012 6716	MBAMService - ok
21:45:25.0014 6716	MBfilt - ok
21:45:25.0044 6716	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:45:25.0052 6716	Mcx2Svc - ok
21:45:25.0055 6716	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:45:25.0061 6716	megasas - ok
21:45:25.0076 6716	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:45:25.0085 6716	MegaSR - ok
21:45:25.0109 6716	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
21:45:25.0114 6716	MEIx64 - ok
21:45:25.0128 6716	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:45:25.0151 6716	MMCSS - ok
21:45:25.0175 6716	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:45:25.0195 6716	Modem - ok
21:45:25.0213 6716	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:45:25.0221 6716	monitor - ok
21:45:25.0249 6716	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:45:25.0254 6716	mouclass - ok
21:45:25.0257 6716	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:45:25.0264 6716	mouhid - ok
21:45:25.0281 6716	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:45:25.0287 6716	mountmgr - ok
21:45:25.0319 6716	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:45:25.0325 6716	MozillaMaintenance - ok
21:45:25.0365 6716	MpFilter        (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
21:45:25.0373 6716	MpFilter - ok
21:45:25.0382 6716	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:45:25.0389 6716	mpio - ok
21:45:25.0409 6716	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:45:25.0430 6716	mpsdrv - ok
21:45:25.0478 6716	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:45:25.0506 6716	MpsSvc - ok
21:45:25.0642 6716	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:45:25.0662 6716	MRxDAV - ok
21:45:25.0695 6716	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:45:25.0708 6716	mrxsmb - ok
21:45:25.0773 6716	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:45:25.0790 6716	mrxsmb10 - ok
21:45:25.0800 6716	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:45:25.0813 6716	mrxsmb20 - ok
21:45:25.0818 6716	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\DRIVERS\msahci.sys
21:45:25.0829 6716	msahci - ok
21:45:25.0876 6716	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:45:25.0890 6716	msdsm - ok
21:45:25.0955 6716	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:45:25.0971 6716	MSDTC - ok
21:45:25.0979 6716	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:45:26.0006 6716	Msfs - ok
21:45:26.0017 6716	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:45:26.0037 6716	mshidkmdf - ok
21:45:26.0038 6716	MSICDSetup - ok
21:45:26.0041 6716	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:45:26.0046 6716	msisadrv - ok
21:45:26.0076 6716	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:45:26.0097 6716	MSiSCSI - ok
21:45:26.0098 6716	msiserver - ok
21:45:26.0153 6716	MSI_MSIBIOS_010507 (192476c10371dc83243d67432b2cdcbf) C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys
21:45:26.0164 6716	MSI_MSIBIOS_010507 - ok
21:45:26.0180 6716	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:45:26.0213 6716	MSKSSRV - ok
21:45:26.0267 6716	MsMpSvc         (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:45:26.0278 6716	MsMpSvc - ok
21:45:26.0282 6716	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:45:26.0309 6716	MSPCLOCK - ok
21:45:26.0311 6716	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:45:26.0333 6716	MSPQM - ok
21:45:26.0352 6716	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:45:26.0361 6716	MsRPC - ok
21:45:26.0367 6716	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:45:26.0373 6716	mssmbios - ok
21:45:26.0375 6716	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:45:26.0395 6716	MSTEE - ok
21:45:26.0397 6716	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:45:26.0403 6716	MTConfig - ok
21:45:26.0413 6716	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:45:26.0418 6716	Mup - ok
21:45:26.0430 6716	mv91cons        (e53d9ab63917338d7ffe12e85310a636) C:\Windows\system32\DRIVERS\mv91cons.sys
21:45:26.0434 6716	mv91cons - ok
21:45:26.0455 6716	mv91xx          (38b4c95e821528fb91df16a78e04450f) C:\Windows\system32\DRIVERS\mv91xx.sys
21:45:26.0462 6716	mv91xx - ok
21:45:26.0535 6716	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:45:26.0571 6716	napagent - ok
21:45:26.0585 6716	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:45:26.0596 6716	NativeWifiP - ok
21:45:26.0627 6716	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:45:26.0641 6716	NDIS - ok
21:45:26.0645 6716	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:45:26.0665 6716	NdisCap - ok
21:45:26.0676 6716	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:45:26.0696 6716	NdisTapi - ok
21:45:26.0724 6716	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:45:26.0743 6716	Ndisuio - ok
21:45:26.0770 6716	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:45:26.0807 6716	NdisWan - ok
21:45:26.0823 6716	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:45:26.0842 6716	NDProxy - ok
21:45:26.0846 6716	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:45:26.0866 6716	NetBIOS - ok
21:45:26.0880 6716	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:45:26.0901 6716	NetBT - ok
21:45:26.0923 6716	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:45:26.0929 6716	Netlogon - ok
21:45:26.0962 6716	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:45:26.0985 6716	Netman - ok
21:45:27.0086 6716	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:45:27.0097 6716	NetMsmqActivator - ok
21:45:27.0101 6716	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:45:27.0109 6716	NetPipeActivator - ok
21:45:27.0133 6716	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:45:27.0169 6716	netprofm - ok
21:45:27.0172 6716	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:45:27.0179 6716	NetTcpActivator - ok
21:45:27.0181 6716	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:45:27.0188 6716	NetTcpPortSharing - ok
21:45:27.0203 6716	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:45:27.0209 6716	nfrd960 - ok
21:45:27.0241 6716	NisDrv          (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:45:27.0247 6716	NisDrv - ok
21:45:27.0307 6716	NisSrv          (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
21:45:27.0317 6716	NisSrv - ok
21:45:27.0332 6716	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:45:27.0354 6716	NlaSvc - ok
21:45:27.0371 6716	nm3             (f554c5fd7bd1efa4da5cfe2eed86391f) C:\Windows\system32\DRIVERS\nm3.sys
21:45:27.0377 6716	nm3 - ok
21:45:27.0384 6716	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:45:27.0405 6716	Npfs - ok
21:45:27.0408 6716	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:45:27.0428 6716	nsi - ok
21:45:27.0431 6716	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:45:27.0450 6716	nsiproxy - ok
21:45:27.0543 6716	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:45:27.0574 6716	Ntfs - ok
21:45:27.0583 6716	NTIOLib_1_0_3 - ok
21:45:27.0618 6716	NTIOLib_1_0_4   (1b32c54b95121ab1683c7b83b2db4b96) C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys
21:45:27.0623 6716	NTIOLib_1_0_4 - ok
21:45:27.0662 6716	NTIOLib_1_0_6   (c02f70960fa934b8defa16a03d7f6556) C:\Program Files (x86)\Setup Files\Ms7681v1G0\NTIOLib_X64.sys
21:45:27.0666 6716	NTIOLib_1_0_6 ( UnsignedFile.Multi.Generic ) - warning
21:45:27.0666 6716	NTIOLib_1_0_6 - detected UnsignedFile.Multi.Generic (1)
21:45:27.0704 6716	ntk_PowerDVD    (7420b2e1f65642129b6e23bd42f752aa) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys
21:45:27.0714 6716	ntk_PowerDVD - ok
21:45:27.0749 6716	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:45:27.0785 6716	Null - ok
21:45:27.0805 6716	nusb3hub        (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
21:45:27.0811 6716	nusb3hub - ok
21:45:27.0844 6716	nusb3xhc        (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:45:27.0850 6716	nusb3xhc - ok
21:45:27.0880 6716	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:45:27.0892 6716	nvraid - ok
21:45:27.0918 6716	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:45:27.0930 6716	nvstor - ok
21:45:27.0992 6716	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:45:28.0005 6716	nv_agp - ok
21:45:28.0013 6716	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:45:28.0025 6716	ohci1394 - ok
21:45:28.0170 6716	OODefragAgent   (edd196bf2ee1f18af1bedcf68d12025f) C:\Program Files\OO Software\Defrag\oodag.exe
21:45:28.0209 6716	OODefragAgent - ok
21:45:28.0235 6716	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:45:28.0240 6716	ose - ok
21:45:28.0363 6716	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:45:28.0421 6716	osppsvc - ok
21:45:28.0466 6716	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:45:28.0477 6716	p2pimsvc - ok
21:45:28.0488 6716	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:45:28.0498 6716	p2psvc - ok
21:45:28.0514 6716	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:45:28.0521 6716	Parport - ok
21:45:28.0565 6716	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:45:28.0571 6716	partmgr - ok
21:45:28.0610 6716	PassThru Service (a1e779a0cf7a21b42e8fd3e8856d8481) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
21:45:28.0614 6716	PassThru Service ( UnsignedFile.Multi.Generic ) - warning
21:45:28.0614 6716	PassThru Service - detected UnsignedFile.Multi.Generic (1)
21:45:28.0627 6716	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:45:28.0644 6716	PcaSvc - ok
21:45:28.0655 6716	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:45:28.0667 6716	pci - ok
21:45:28.0670 6716	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:45:28.0678 6716	pciide - ok
21:45:28.0691 6716	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:45:28.0698 6716	pcmcia - ok
21:45:28.0702 6716	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:45:28.0708 6716	pcw - ok
21:45:28.0727 6716	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:45:28.0752 6716	PEAUTH - ok
21:45:28.0827 6716	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
21:45:28.0849 6716	PeerDistSvc - ok
21:45:28.0894 6716	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:45:28.0902 6716	PerfHost - ok
21:45:29.0005 6716	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:45:29.0043 6716	pla - ok
21:45:29.0069 6716	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:45:29.0078 6716	PlugPlay - ok
21:45:29.0080 6716	PnkBstrA - ok
21:45:29.0083 6716	PnkBstrB - ok
21:45:29.0086 6716	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:45:29.0093 6716	PNRPAutoReg - ok
21:45:29.0124 6716	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:45:29.0133 6716	PNRPsvc - ok
21:45:29.0147 6716	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:45:29.0171 6716	PolicyAgent - ok
21:45:29.0181 6716	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:45:29.0203 6716	Power - ok
21:45:29.0218 6716	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:45:29.0238 6716	PptpMiniport - ok
21:45:29.0262 6716	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:45:29.0268 6716	Processor - ok
21:45:29.0280 6716	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:45:29.0301 6716	ProfSvc - ok
21:45:29.0327 6716	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:45:29.0334 6716	ProtectedStorage - ok
21:45:29.0350 6716	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:45:29.0371 6716	Psched - ok
21:45:29.0443 6716	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:45:29.0462 6716	ql2300 - ok
21:45:29.0558 6716	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:45:29.0571 6716	ql40xx - ok
21:45:29.0622 6716	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:45:29.0644 6716	QWAVE - ok
21:45:29.0650 6716	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:45:29.0668 6716	QWAVEdrv - ok
21:45:29.0698 6716	RapiMgr         (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
21:45:29.0712 6716	RapiMgr - ok
21:45:29.0732 6716	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:45:29.0775 6716	RasAcd - ok
21:45:29.0798 6716	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:45:29.0835 6716	RasAgileVpn - ok
21:45:29.0841 6716	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:45:29.0861 6716	RasAuto - ok
21:45:29.0865 6716	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:45:29.0885 6716	Rasl2tp - ok
21:45:29.0901 6716	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:45:29.0922 6716	RasMan - ok
21:45:29.0926 6716	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:45:29.0946 6716	RasPppoe - ok
21:45:29.0949 6716	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:45:29.0969 6716	RasSstp - ok
21:45:29.0979 6716	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:45:30.0000 6716	rdbss - ok
21:45:30.0003 6716	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:45:30.0011 6716	rdpbus - ok
21:45:30.0032 6716	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:45:30.0052 6716	RDPCDD - ok
21:45:30.0083 6716	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
21:45:30.0090 6716	RDPDR - ok
21:45:30.0093 6716	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:45:30.0112 6716	RDPENCDD - ok
21:45:30.0115 6716	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:45:30.0135 6716	RDPREFMP - ok
21:45:30.0161 6716	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
21:45:30.0167 6716	RdpVideoMiniport - ok
21:45:30.0214 6716	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
21:45:30.0222 6716	RDPWD - ok
21:45:30.0247 6716	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:45:30.0255 6716	rdyboost - ok
21:45:30.0275 6716	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:45:30.0299 6716	RemoteAccess - ok
21:45:30.0311 6716	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:45:30.0332 6716	RemoteRegistry - ok
21:45:30.0338 6716	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:45:30.0359 6716	RpcEptMapper - ok
21:45:30.0369 6716	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:45:30.0376 6716	RpcLocator - ok
21:45:30.0398 6716	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:45:30.0422 6716	RpcSs - ok
21:45:30.0427 6716	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:45:30.0447 6716	rspndr - ok
21:45:30.0481 6716	RTL8167         (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:45:30.0491 6716	RTL8167 - ok
21:45:30.0518 6716	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
21:45:30.0528 6716	s3cap - ok
21:45:30.0560 6716	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:45:30.0573 6716	SamSs - ok
21:45:30.0597 6716	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:45:30.0610 6716	sbp2port - ok
21:45:30.0623 6716	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:45:30.0657 6716	SCardSvr - ok
21:45:30.0678 6716	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:45:30.0702 6716	scfilter - ok
21:45:30.0763 6716	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:45:30.0805 6716	Schedule - ok
21:45:30.0820 6716	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:45:30.0840 6716	SCPolicySvc - ok
21:45:30.0856 6716	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:45:30.0863 6716	SDRSVC - ok
21:45:30.0895 6716	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:45:30.0915 6716	secdrv - ok
21:45:30.0930 6716	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:45:30.0950 6716	seclogon - ok
21:45:30.0954 6716	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:45:30.0975 6716	SENS - ok
21:45:30.0978 6716	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:45:30.0984 6716	SensrSvc - ok
21:45:30.0987 6716	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:45:30.0993 6716	Serenum - ok
21:45:31.0008 6716	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:45:31.0014 6716	Serial - ok
21:45:31.0017 6716	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:45:31.0023 6716	sermouse - ok
21:45:31.0037 6716	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:45:31.0057 6716	SessionEnv - ok
21:45:31.0129 6716	SetupARService  (18a4eb256e35a6dd233c4d005835879a) C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe
21:45:31.0132 6716	SetupARService ( UnsignedFile.Multi.Generic ) - warning
21:45:31.0133 6716	SetupARService - detected UnsignedFile.Multi.Generic (1)
21:45:31.0136 6716	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:45:31.0148 6716	sffdisk - ok
21:45:31.0151 6716	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:45:31.0163 6716	sffp_mmc - ok
21:45:31.0166 6716	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:45:31.0181 6716	sffp_sd - ok
21:45:31.0184 6716	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:45:31.0190 6716	sfloppy - ok
21:45:31.0209 6716	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:45:31.0232 6716	SharedAccess - ok
21:45:31.0249 6716	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:45:31.0271 6716	ShellHWDetection - ok
21:45:31.0274 6716	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:45:31.0280 6716	SiSRaid2 - ok
21:45:31.0285 6716	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:45:31.0290 6716	SiSRaid4 - ok
21:45:31.0333 6716	SkypeUpdate     (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:45:31.0344 6716	SkypeUpdate - ok
21:45:31.0352 6716	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:45:31.0393 6716	Smb - ok
21:45:31.0399 6716	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:45:31.0406 6716	SNMPTRAP - ok
21:45:31.0426 6716	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:45:31.0432 6716	spldr - ok
21:45:31.0457 6716	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:45:31.0481 6716	Spooler - ok
21:45:31.0576 6716	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:45:31.0623 6716	sppsvc - ok
21:45:31.0694 6716	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:45:31.0729 6716	sppuinotify - ok
21:45:31.0765 6716	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:45:31.0774 6716	srv - ok
21:45:31.0802 6716	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:45:31.0811 6716	srv2 - ok
21:45:31.0824 6716	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:45:31.0832 6716	srvnet - ok
21:45:31.0852 6716	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:45:31.0876 6716	SSDPSRV - ok
21:45:31.0892 6716	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:45:31.0913 6716	SstpSvc - ok
21:45:31.0917 6716	Steam Client Service - ok
21:45:31.0921 6716	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:45:31.0926 6716	stexstor - ok
21:45:31.0957 6716	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:45:31.0972 6716	stisvc - ok
21:45:31.0977 6716	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
21:45:31.0983 6716	storflt - ok
21:45:31.0986 6716	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
21:45:31.0992 6716	storvsc - ok
21:45:32.0007 6716	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:45:32.0012 6716	swenum - ok
21:45:32.0051 6716	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:45:32.0090 6716	swprv - ok
21:45:32.0092 6716	Synth3dVsc - ok
21:45:32.0332 6716	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:45:32.0363 6716	SysMain - ok
21:45:32.0406 6716	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:45:32.0420 6716	TabletInputService - ok
21:45:32.0437 6716	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:45:32.0470 6716	TapiSrv - ok
21:45:32.0476 6716	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:45:32.0497 6716	TBS - ok
21:45:32.0577 6716	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:45:32.0620 6716	Tcpip - ok
21:45:32.0710 6716	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:45:32.0741 6716	TCPIP6 - ok
21:45:32.0804 6716	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:45:32.0838 6716	tcpipreg - ok
21:45:32.0862 6716	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:45:32.0868 6716	TDPIPE - ok
21:45:32.0907 6716	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:45:32.0914 6716	TDTCP - ok
21:45:32.0940 6716	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:45:32.0960 6716	tdx - ok
21:45:32.0969 6716	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:45:32.0975 6716	TermDD - ok
21:45:33.0026 6716	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:45:33.0074 6716	TermService - ok
21:45:33.0079 6716	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:45:33.0090 6716	Themes - ok
21:45:33.0129 6716	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:45:33.0166 6716	THREADORDER - ok
21:45:33.0174 6716	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:45:33.0195 6716	TrkWks - ok
21:45:33.0225 6716	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:45:33.0259 6716	TrustedInstaller - ok
21:45:33.0264 6716	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:45:33.0283 6716	tssecsrv - ok
21:45:33.0311 6716	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:45:33.0323 6716	TsUsbFlt - ok
21:45:33.0327 6716	tsusbhub - ok
21:45:33.0353 6716	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:45:33.0385 6716	tunnel - ok
21:45:33.0434 6716	TwonkyProxy - ok
21:45:33.0438 6716	TwonkyServer - ok
21:45:33.0442 6716	TwonkyWebDav - ok
21:45:33.0502 6716	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:45:33.0514 6716	uagp35 - ok
21:45:33.0537 6716	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:45:33.0582 6716	udfs - ok
21:45:33.0587 6716	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:45:33.0595 6716	UI0Detect - ok
21:45:33.0599 6716	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:45:33.0605 6716	uliagpkx - ok
21:45:33.0709 6716	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:45:33.0723 6716	umbus - ok
21:45:33.0741 6716	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:45:33.0754 6716	UmPass - ok
21:45:33.0768 6716	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
21:45:33.0785 6716	UmRdpService - ok
21:45:33.0849 6716	UnlockerDriver5 (9dc07e73a4abb9acf692113b36a5009f) C:\Program Files\Unlocker\UnlockerDriver5.sys
21:45:33.0858 6716	UnlockerDriver5 - ok
21:45:33.0878 6716	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:45:33.0918 6716	upnphost - ok
21:45:33.0940 6716	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:45:33.0943 6716	USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
21:45:33.0943 6716	USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
21:45:33.0957 6716	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:45:33.0965 6716	usbaudio - ok
21:45:33.0978 6716	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:45:33.0984 6716	usbccgp - ok
21:45:33.0991 6716	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:45:33.0999 6716	usbcir - ok
21:45:34.0058 6716	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:45:34.0070 6716	usbehci - ok
21:45:34.0090 6716	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:45:34.0100 6716	usbhub - ok
21:45:34.0125 6716	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:45:34.0132 6716	usbohci - ok
21:45:34.0136 6716	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:45:34.0145 6716	usbprint - ok
21:45:34.0157 6716	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:45:34.0165 6716	USBSTOR - ok
21:45:34.0168 6716	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:45:34.0175 6716	usbuhci - ok
21:45:34.0200 6716	usb_rndisx      (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
21:45:34.0209 6716	usb_rndisx - ok
21:45:34.0232 6716	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:45:34.0260 6716	UxSms - ok
21:45:34.0280 6716	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:45:34.0287 6716	VaultSvc - ok
21:45:34.0306 6716	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:45:34.0312 6716	vdrvroot - ok
21:45:34.0345 6716	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:45:34.0370 6716	vds - ok
21:45:34.0374 6716	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:45:34.0382 6716	vga - ok
21:45:34.0427 6716	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:45:34.0462 6716	VgaSave - ok
21:45:34.0464 6716	VGPU - ok
21:45:34.0477 6716	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:45:34.0485 6716	vhdmp - ok
21:45:34.0488 6716	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:45:34.0493 6716	viaide - ok
21:45:34.0506 6716	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
21:45:34.0513 6716	vmbus - ok
21:45:34.0516 6716	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
21:45:34.0522 6716	VMBusHID - ok
21:45:34.0528 6716	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:45:34.0534 6716	volmgr - ok
21:45:34.0557 6716	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:45:34.0565 6716	volmgrx - ok
21:45:34.0581 6716	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:45:34.0589 6716	volsnap - ok
21:45:34.0622 6716	vpcbus          (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
21:45:34.0629 6716	vpcbus - ok
21:45:34.0645 6716	vpcnfltr        (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
21:45:34.0652 6716	vpcnfltr - ok
21:45:34.0660 6716	vpcusb          (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
21:45:34.0667 6716	vpcusb - ok
21:45:34.0670 6716	vpcuxd          (63f4e10873beb4124028c6d1a66b0968) C:\Windows\system32\DRIVERS\vpcuxd.sys
21:45:34.0676 6716	vpcuxd - ok
21:45:34.0693 6716	vpcvmm          (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
21:45:34.0703 6716	vpcvmm - ok
21:45:34.0713 6716	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:45:34.0720 6716	vsmraid - ok
21:45:34.0796 6716	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:45:34.0834 6716	VSS - ok
21:45:34.0896 6716	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:45:34.0910 6716	vwifibus - ok
21:45:34.0931 6716	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:45:34.0966 6716	W32Time - ok
21:45:34.0995 6716	W3SVC           (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
21:45:35.0004 6716	W3SVC - ok
21:45:35.0008 6716	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:45:35.0014 6716	WacomPen - ok
21:45:35.0030 6716	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:45:35.0050 6716	WANARP - ok
21:45:35.0052 6716	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:45:35.0071 6716	Wanarpv6 - ok
21:45:35.0074 6716	WAS             (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
21:45:35.0083 6716	WAS - ok
21:45:35.0140 6716	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:45:35.0175 6716	WatAdminSvc - ok
21:45:35.0263 6716	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:45:35.0294 6716	wbengine - ok
21:45:35.0325 6716	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:45:35.0339 6716	WbioSrvc - ok
21:45:35.0387 6716	WcesComm        (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
21:45:35.0405 6716	WcesComm - ok
21:45:35.0426 6716	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:45:35.0439 6716	wcncsvc - ok
21:45:35.0443 6716	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:45:35.0450 6716	WcsPlugInService - ok
21:45:35.0477 6716	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:45:35.0482 6716	Wd - ok
21:45:35.0518 6716	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:45:35.0529 6716	Wdf01000 - ok
21:45:35.0537 6716	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:45:35.0548 6716	WdiServiceHost - ok
21:45:35.0550 6716	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:45:35.0560 6716	WdiSystemHost - ok
21:45:35.0576 6716	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:45:35.0588 6716	WebClient - ok
21:45:35.0600 6716	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:45:35.0622 6716	Wecsvc - ok
21:45:35.0627 6716	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:45:35.0648 6716	wercplsupport - ok
21:45:35.0654 6716	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:45:35.0674 6716	WerSvc - ok
21:45:35.0684 6716	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:45:35.0703 6716	WfpLwf - ok
21:45:35.0727 6716	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:45:35.0733 6716	WIMMount - ok
21:45:35.0737 6716	WinDefend - ok
21:45:35.0740 6716	WinHttpAutoProxySvc - ok
21:45:35.0777 6716	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:45:35.0812 6716	Winmgmt - ok
21:45:35.0920 6716	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:45:35.0967 6716	WinRM - ok
21:45:36.0017 6716	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:45:36.0033 6716	WinUsb - ok
21:45:36.0077 6716	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:45:36.0106 6716	Wlansvc - ok
21:45:36.0234 6716	wlidsvc         (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:45:36.0268 6716	wlidsvc - ok
21:45:36.0314 6716	WmBEnum         (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
21:45:36.0324 6716	WmBEnum - ok
21:45:36.0345 6716	WmFilter        (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
21:45:36.0354 6716	WmFilter - ok
21:45:36.0372 6716	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:45:36.0384 6716	WmiAcpi - ok
21:45:36.0413 6716	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:45:36.0430 6716	wmiApSrv - ok
21:45:36.0441 6716	WMPNetworkSvc - ok
21:45:36.0445 6716	WmVirHid        (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
21:45:36.0450 6716	WmVirHid - ok
21:45:36.0457 6716	WmXlCore        (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
21:45:36.0463 6716	WmXlCore - ok
21:45:36.0469 6716	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:45:36.0477 6716	WPCSvc - ok
21:45:36.0492 6716	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:45:36.0502 6716	WPDBusEnum - ok
21:45:36.0529 6716	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:45:36.0554 6716	ws2ifsl - ok
21:45:36.0561 6716	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
21:45:36.0571 6716	wscsvc - ok
21:45:36.0573 6716	WSearch - ok
21:45:36.0640 6716	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:45:36.0683 6716	wuauserv - ok
21:45:36.0727 6716	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:45:36.0751 6716	WudfPf - ok
21:45:36.0773 6716	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:45:36.0795 6716	WUDFRd - ok
21:45:36.0802 6716	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:45:36.0827 6716	wudfsvc - ok
21:45:36.0842 6716	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:45:36.0853 6716	WwanSvc - ok
21:45:36.0903 6716	{329F96B6-DF1E-4328-BFDA-39EA953C1312} (1870a74ee2901ca09ffbfe79a5ee0e94) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
21:45:36.0914 6716	{329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
21:45:36.0929 6716	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:45:37.0107 6716	\Device\Harddisk0\DR0 - ok
21:45:37.0110 6716	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
21:45:37.0139 6716	\Device\Harddisk1\DR1 - ok
21:45:37.0142 6716	Boot (0x1200)   (6112cfafcb084d9fa421e9a45a3432f0) \Device\Harddisk0\DR0\Partition0
21:45:37.0143 6716	\Device\Harddisk0\DR0\Partition0 - ok
21:45:37.0170 6716	Boot (0x1200)   (44ae5cabcda59a4331db0737efc80198) \Device\Harddisk0\DR0\Partition1
21:45:37.0172 6716	\Device\Harddisk0\DR0\Partition1 - ok
21:45:37.0175 6716	Boot (0x1200)   (e8ab15c8c510644298abc8bd7049d262) \Device\Harddisk1\DR1\Partition0
21:45:37.0177 6716	\Device\Harddisk1\DR1\Partition0 - ok
21:45:37.0177 6716	============================================================
21:45:37.0177 6716	Scan finished
21:45:37.0177 6716	============================================================
21:45:37.0184 6324	Detected object count: 4
21:45:37.0184 6324	Actual detected object count: 4
21:45:44.0345 6324	NTIOLib_1_0_6 ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:44.0345 6324	NTIOLib_1_0_6 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:45:44.0346 6324	PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:44.0346 6324	PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:45:44.0347 6324	SetupARService ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:44.0347 6324	SetupARService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:45:44.0348 6324	USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
21:45:44.0349 6324	USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Antwort

Themen zu Infizierung mit locked-Trojaner
7-zip, alternate, bho, bonjour, browser, call of duty, document, downloader, error, firefox, flash player, google, google earth, grand theft auto, helper, iexplore.exe, install.exe, jdownloader, langs, launch, locker, microsoft office word, monkey island, mozilla, mp3, prima, realtek, registry, rundll, scan, searchscopes, security, senden, software, starten, svchost.exe, teamspeak, usb, usb 3.0, windows, windows xp



Ähnliche Themen: Infizierung mit locked-Trojaner


  1. Trojaner eingefangen Dateien sind Locked verschlüsselt! Wie entschlüsseln? Hilfe!!
    Log-Analyse und Auswertung - 30.01.2014 (3)
  2. .LOCKED Trojaner - wie files entschlüsseln wenn Passwort bekannt?
    Plagegeister aller Art und deren Bekämpfung - 28.01.2014 (7)
  3. Trojaner verschlüsselt Dateien ( Locked )
    Log-Analyse und Auswertung - 07.01.2014 (5)
  4. Locked-Dateien Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 18.07.2013 (5)
  5. GVU Trojaner - abges. Modus locked - OTL logs
    Log-Analyse und Auswertung - 20.04.2013 (2)
  6. GVU Trojaner Infizierung
    Plagegeister aller Art und deren Bekämpfung - 18.03.2013 (14)
  7. GVU Trojaner / Infizierung / Logfiles
    Log-Analyse und Auswertung - 26.10.2012 (18)
  8. Windows Verschlüsslungs Trojaner / keine .locked Dateien
    Log-Analyse und Auswertung - 13.06.2012 (1)
  9. locked-Dateiname.xyza Problem nach Systemwiederherstellung von Scareware-Trojaner
    Log-Analyse und Auswertung - 10.06.2012 (1)
  10. locked- , meine Dateien sind locked---virus- trojaner-würmer ?
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  11. verschluesselungs-trojaner-ohne-locked
    Log-Analyse und Auswertung - 25.05.2012 (4)
  12. Verschlüsselungs Trojaner hat zugeschlagen - Dateien nicht mit locked*.???? verschlüsselt
    Log-Analyse und Auswertung - 24.05.2012 (3)
  13. Verschlüsselungs Trojaner OHNE locked
    Log-Analyse und Auswertung - 19.05.2012 (3)
  14. Trojaner/locked dateien
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (1)
  15. Trojaner? Rechnung.exe geöffnet aus Email, Dateien nun locked
    Plagegeister aller Art und deren Bekämpfung - 30.04.2012 (12)
  16. Verschlüsselungs Trojaner locked-ORIGINALDATEINAMEN.typ.wxyz
    Plagegeister aller Art und deren Bekämpfung - 27.04.2012 (2)
  17. Infizierung durch Trojaner?
    Log-Analyse und Auswertung - 21.01.2011 (46)

Zum Thema Infizierung mit locked-Trojaner - Hallo Leute, heute morgen wurde bei mir der Verschlüsselungstrojaner aktiv. Aufgefallen ist es mir, als diverse Programme nicht mehr starten wollten. Bei meiner Fehlersuche habe ich dann die schönen "locked-"-Dateien - Infizierung mit locked-Trojaner...
Archiv
Du betrachtest: Infizierung mit locked-Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.