Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Ransom Trojan wird nicht durch Malwarebytes gelöscht

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 01.07.2012, 03:09   #1
MelficeOne
 
Ransom Trojan wird nicht durch Malwarebytes gelöscht - Standard

Ransom Trojan wird nicht durch Malwarebytes gelöscht



Ich bin letztens auf folgendes Problem gestoßen: ich wollte gestern (Freitag) Anime gucken (neueste Folge Fate Zero) und musste feststellen dass der MPC schwarz bleibt. ich kriege Ton zwar rein aber kein Bild.
Dachte mir das der FFD Video Codec spinnt und have daraufhin das CCCP erneut installiert. Keine Hilfe.
Anderer Player: Schwarz mit ton.

Als ich einen Quick Scan mit malwarebytes über das System laufen ließ gab dieser mir einen Fund aus.

Zitat:
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Melfice\LOCALS~1\Temp\msvyhbka.scr -> No action taken.
Malwarebytes diesen Registry-wert löschen lassen (Standartoperation) und Rechner wie gefordert neu gestartet.
Direkt nach dem Neustart (noch in der Autostartroutine) ein Video abgespielt und siehe da - Ton und Bild! Doch während der Routine wurde das Bild mit einem mal schwarz. malwarebytes nochmal drüberlaufen lassen und den Selben Fehler gefunden. selbes Vorgehen, diesmal nach Hochfahren geguckt ob es sich über den Administrtor löschen lässt. Admin findet nix.

Also Fehler gegoogelt und zu verschiedensten Ergebnissen gekommen. von Neu Aufsetzen über Zugriffsänderungen zu Logfiles Posten (hier)

Ich stehe derzeit auf dem Schlauch. Da Ransom Trojans offenbar irgendwann den Rechner "hochnehmen" und sperren würde ich dem weitesgehend vorbeugen...

anbei die OTL.txt
Code:
ATTFilter
OTL logfile created on: 01.07.2012 03:25:00 - Run 1
OTL by OldTimer - Version 3.2.53.0     Folder = C:\downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,48 Gb Total Physical Memory | 5,73 Gb Available Physical Memory | 76,60% Memory free
14,95 Gb Paging File | 12,88 Gb Available in Paging File | 86,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,71 Gb Total Space | 12,84 Gb Free Space | 4,31% Space Free | Partition Type: NTFS
Drive D: | 298,08 Gb Total Space | 46,82 Gb Free Space | 15,71% Space Free | Partition Type: NTFS
Drive E: | 441,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: BRONGAA | User Name: Melfice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.01 03:20:09 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\downloads\OTL.exe
PRC - [2012.06.06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Melfice\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.02.10 18:56:24 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2011.09.26 18:57:18 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011.09.23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010.06.04 16:32:58 | 000,252,792 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
PRC - [2010.03.12 15:43:38 | 000,241,808 | ---- | M] (Paltiosoft Inc.) -- C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
PRC - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.26 18:57:18 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (MSK80Service)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
SRV:64bit: - [2011.05.26 00:09:58 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.04.07 13:59:32 | 000,294,328 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011.04.05 19:38:16 | 000,828,336 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010.12.09 17:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010.12.08 15:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010.10.20 14:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.06.19 12:29:24 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.01 23:29:15 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.02.21 18:28:20 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2012.02.10 18:56:24 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012.01.13 12:21:16 | 000,103,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011.09.23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2011.03.01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.02.10 09:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2010.11.29 14:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.12 15:43:38 | 000,241,808 | ---- | M] (Paltiosoft Inc.) [Auto | Running] -- C:\Program Files (x86)\SoftDenchi\UCManSvc.exe -- (UCManSvc)
SRV - [2010.01.28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.22 12:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012.01.11 08:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011.09.29 10:36:26 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.05.26 01:58:22 | 009,263,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.25 23:28:50 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.09 11:29:10 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.02.08 19:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011.02.03 19:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.01.27 12:34:12 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.01.05 01:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010.12.01 16:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.11.30 14:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.24 07:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2009.07.30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009.06.15 13:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {8D3D5D19-699D-4D84-887D-3BFD9E4D7F5F}
IE:64bit: - HKLM\..\SearchScopes\{8D3D5D19-699D-4D84-887D-3BFD9E4D7F5F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {8D3D5D19-699D-4D84-887D-3BFD9E4D7F5F}
IE - HKLM\..\SearchScopes\{8D3D5D19-699D-4D84-887D-3BFD9E4D7F5F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/places?touch=4&cat=1 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.fakku.net/viewforum.php?f=105
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {5FA600C7-EA20-4F25-A8D3-C42A8520102A}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{4FFF1A03-D54F-4070-B6D9-A1792386A1F8}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKCU\..\SearchScopes\{57B705F0-4A7D-4C63-AC4D-F6E48C646FED}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{5FA600C7-EA20-4F25-A8D3-C42A8520102A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.orbitdownloader.com"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@ptc.com/ProductViewLite: C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll (PTC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Melfice\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.02.23 18:29:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.01 23:29:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.09.26 18:54:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melfice\AppData\Roaming\mozilla\Extensions
[2012.07.01 00:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melfice\AppData\Roaming\mozilla\Firefox\Profiles\g039wqu1.default\extensions
[2011.09.28 20:43:25 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Melfice\AppData\Roaming\mozilla\Firefox\Profiles\g039wqu1.default\extensions\ffxtlbr@Facemoods.com
[2011.10.23 09:59:14 | 000,000,679 | ---- | M] () -- C:\Users\Melfice\AppData\Roaming\Mozilla\Firefox\Profiles\g039wqu1.default\searchplugins\tokyo-toshokan.xml
[2011.10.23 14:31:51 | 000,001,330 | ---- | M] () -- C:\Users\Melfice\AppData\Roaming\Mozilla\Firefox\Profiles\g039wqu1.default\searchplugins\wikipedia-en.xml
[2011.11.05 23:46:47 | 000,001,997 | ---- | M] () -- C:\Users\Melfice\AppData\Roaming\Mozilla\Firefox\Profiles\g039wqu1.default\searchplugins\wolframalpha.xml
[2011.10.09 23:42:09 | 000,002,057 | ---- | M] () -- C:\Users\Melfice\AppData\Roaming\Mozilla\Firefox\Profiles\g039wqu1.default\searchplugins\youtube-videosuche.xml
[2012.01.08 20:14:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.31 20:00:00 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\MELFICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G039WQU1.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2012.05.01 23:29:15 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.19 19:03:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.19 19:03:39 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.19 19:03:39 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.28 20:43:26 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.03.19 19:03:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.19 19:03:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.19 19:03:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\wajam.dll (Wajam)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I File not found
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [ManyCam] C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - Startup: C:\Users\Melfice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Melfice\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Melfice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Melfice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files (x86)\Rainmeter\Rainmeter.exe ()
O4 - Startup: C:\Users\Melfice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
F3:64bit: - HKCU WinNT: Load - (C:\Users\Melfice\LOCALS~1\Temp\msvyhbka.scr) -  File not found
F3 - HKCU WinNT: Load - (C:\Users\Melfice\LOCALS~1\Temp\msvyhbka.scr) -  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AFD53F0-5698-4625-9937-FF29252BADB0}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B44CF995-588F-43B3-BE47-2C119E943906}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.24 10:01:18 | 000,000,027 | ---- | M] () - E:\AUTORUN.INF -- [ UDF ]
O33 - MountPoints2\{fa8c92c9-b6b4-11e0-9916-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fa8c92c9-b6b4-11e0-9916-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe -- [2008.06.24 10:01:18 | 000,063,488 | ---- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.01 00:39:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012.07.01 00:20:01 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Roaming\GRETECH
[2012.07.01 00:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
[2012.07.01 00:18:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GRETECH
[2012.06.30 16:59:54 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{FEE76892-DA96-44B9-B0A4-5C0CDEF4B389}
[2012.06.30 16:59:31 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{6514B212-6F1D-468E-984A-151981F95925}
[2012.06.30 01:40:29 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{1B773419-4E56-4B0C-8C57-A708D733E2EE}
[2012.06.30 01:40:06 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{13868A62-1B13-48B0-957B-69C681809D09}
[2012.06.30 01:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
[2012.06.30 01:26:49 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\ManyCam
[2012.06.30 01:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ManyCam
[2012.06.30 01:26:47 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Roaming\ManyCam
[2012.06.30 01:26:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012.06.30 01:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012.06.30 01:26:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManyCam
[2012.06.30 01:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012.06.29 22:18:25 | 000,000,000 | ---D | C] -- C:\Users\Melfice\Desktop\Analogue A Hate Story
[2012.06.29 21:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
[2012.06.29 21:10:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack
[2012.06.29 13:38:49 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{0051FE67-E0AB-46FF-BB59-45D112B7295B}
[2012.06.29 13:38:22 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{E146B3EA-F0E8-4DB4-8F19-C372CA2B9007}
[2012.06.29 01:37:25 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{8545240C-3F6F-4036-AB25-EF66200BC8EA}
[2012.06.29 01:36:58 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{58ABBF1C-AB02-47C4-B3A8-D68092CFE16B}
[2012.06.28 13:36:31 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{B00DF739-BBDB-4D15-A724-F8F43A9A3723}
[2012.06.28 13:36:17 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{B147D393-1907-4966-AA52-D24964517A61}
[2012.06.28 01:35:38 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{F9ABD92F-459B-4A6C-B013-9501ECCEA48C}
[2012.06.28 01:35:15 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{EE86CEBD-E193-44EB-8474-DEC8D97CF922}
[2012.06.27 13:34:06 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{FAB88ECC-C41B-4C87-BDB7-CC5835B55483}
[2012.06.27 13:33:38 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{911E60D8-EFB9-45A7-9F70-7E638143CFE8}
[2012.06.27 01:33:15 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{35E5AD25-1727-4F1E-8017-C1562B01E8EC}
[2012.06.27 01:32:51 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{B7367BBE-E951-4E12-B091-AC2148501AE9}
[2012.06.26 13:32:13 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{7A67A434-CC40-4B09-A03D-D40B5E3C8E46}
[2012.06.26 13:31:45 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{A5F31274-A3C3-4050-8D16-F8E49675EFA2}
[2012.06.26 01:31:22 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{88CE3ACC-A86A-4BB6-BF6F-373DE3FADB94}
[2012.06.26 01:30:58 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{30645A4D-A81C-47C2-BA1C-CF845E0D7768}
[2012.06.25 13:30:20 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{062E811F-AD77-4AA9-8A9C-4B617A1A5882}
[2012.06.25 13:29:54 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{9C120173-61E5-48AB-B9D9-4D1C97E515AC}
[2012.06.25 01:29:01 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{ED1B8300-91A1-423E-B40E-BB5CD49E8F54}
[2012.06.25 01:28:34 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{974702BF-A534-4EF6-8DF1-16074AFBC8EA}
[2012.06.24 13:27:38 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{512CC663-6BB6-436E-A3D3-5C339A4ADD7B}
[2012.06.24 13:27:12 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{9E2E322A-3CEC-43A5-8582-1540896DAC7A}
[2012.06.24 01:25:45 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{79523661-97A4-4F88-ABB8-A45F3A72ED0F}
[2012.06.24 01:25:07 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{F0DC38E9-9B2C-4AB1-A5F3-1094FC2CA94E}
[2012.06.23 14:25:53 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\Macromedia
[2012.06.23 13:24:18 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{7F5E8616-5F01-48FD-A6A5-D8DA99111896}
[2012.06.23 13:23:57 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{EB9A02BD-1D11-4629-9E36-A8B292B62FC0}
[2012.06.22 12:20:48 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{25D7380A-952A-4BBC-B7AC-7EA86DB57EBB}
[2012.06.22 12:20:21 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{EEB89AAF-EAA1-408E-9581-A08CC041B6C5}
[2012.06.22 00:19:57 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{8A5F398A-7040-47D5-A85B-E9EC119F38D3}
[2012.06.22 00:19:33 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{DE125F2F-5A40-4B1F-9D2C-AC9416D5EEBC}
[2012.06.21 12:18:55 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{58D0E221-688B-4116-A287-0EA62F99E151}
[2012.06.21 12:18:29 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{CA345B44-58A7-4D15-8C09-ECADA4FEFA6B}
[2012.06.21 00:17:52 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{0B1F1B87-0F04-43D7-833F-C76574BADCB6}
[2012.06.21 00:17:38 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{E6EA62EB-6562-46D6-9F49-F45AF20A4158}
[2012.06.20 14:14:54 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utawarerumono
[2012.06.20 12:17:18 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{4854B39A-9788-4D00-AB68-2FDF2BA416FD}
[2012.06.20 12:16:55 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{7A87B4A2-EB28-489A-BC10-62C0CE540A10}
[2012.06.20 00:16:25 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{E55E4B59-4D60-4190-BA4B-BCC2E1C8F494}
[2012.06.20 00:16:02 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{3827E545-A0C2-4950-9EE9-2BD0F23CAE1D}
[2012.06.19 12:15:22 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{3F503903-967C-419B-927A-FE5BD371B0F7}
[2012.06.19 12:14:58 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{F723E167-DF5B-4F60-AF01-1F3D63CD2E63}
[2012.06.19 00:14:33 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{11067D98-7347-472F-9234-6B4D378898D6}
[2012.06.18 12:14:10 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{F0289FF9-A365-4B22-B951-357A35B4A801}
[2012.06.18 00:13:46 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{72F1BC5B-4962-4F4F-8E65-FD122880DC55}
[2012.06.17 12:13:23 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{A16F32DD-1F1A-46E4-B5AF-1227F9B574E6}
[2012.06.17 00:12:59 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{B37E051B-796E-43D9-A761-3BC65D8EB63E}
[2012.06.16 12:12:34 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{05BCBCAB-0CE7-40D1-A357-2EE08764E2BB}
[2012.06.16 00:12:09 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{7610E6BF-0FC9-49E0-8A81-6DCE7D3734F7}
[2012.06.15 12:11:44 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{958013EF-9288-45E1-AE82-8A0C3E6D9E95}
[2012.06.15 00:11:04 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{0C68E6CC-B8AA-42E3-A4F6-160B09D49B0C}
[2012.06.15 00:10:39 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{8D6E6181-7212-42D0-9C9C-C5C71D70DBD7}
[2012.06.14 12:14:51 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{166A36BF-D053-4653-8D1F-2390CBDAB7D1}
[2012.06.14 00:14:27 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{E551CABB-4068-4FF7-A01A-071E2EB7FFD9}
[2012.06.14 00:14:03 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{B5140EDE-58C7-49F8-B9A2-C3522B628E1C}
[2012.06.13 12:13:43 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{C845AADD-2F5C-4C1B-82A6-2327B47045F1}
[2012.06.13 12:13:18 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{6D4143CD-FBF9-40BB-A67E-E129645438D7}
[2012.06.13 00:12:44 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{133AB30C-21F5-4184-B439-D2EEEEAB62A9}
[2012.06.13 00:12:16 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{6E7127A2-7ACB-4463-8CC8-5F16226CD3D8}
[2012.06.12 19:35:26 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Roaming\LoneSurvivor
[2012.06.12 15:54:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.06.12 15:52:39 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Roaming\Braid
[2012.06.12 12:11:55 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{CD8C87AA-F9A5-43CB-8B34-4FEB0967A747}
[2012.06.12 12:11:31 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{68431AE7-D464-47D3-9A0D-D1D32C98ADA3}
[2012.06.12 00:11:03 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{E3863E3F-6A9B-4448-8385-016A4DD43343}
[2012.06.12 00:10:39 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{17638C12-D358-447B-8AB3-B265382F1AEF}
[2012.06.11 12:12:13 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{EB6083E2-C4BE-42D9-BED0-8DEDB127F13C}
[2012.06.11 00:11:04 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{DDF53304-095A-4812-8B53-8CC0BE03124C}
[2012.06.11 00:10:43 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{34B8DB33-D755-486B-AE7C-C0606B03C559}
[2012.06.10 23:57:50 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.06.10 23:55:52 | 000,000,000 | ---D | C] -- C:\Windows\fr
[2012.06.10 23:55:40 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012.06.10 23:55:28 | 000,000,000 | ---D | C] -- C:\Windows\it
[2012.06.10 23:55:13 | 000,000,000 | ---D | C] -- C:\Windows\nl
[2012.06.09 07:37:03 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{E11E790B-FEE6-49CB-BA0F-B4D1D6333B67}
[2012.06.09 07:36:34 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{CF48BCAB-C1E7-4170-9D42-AAF5103BCE8C}
[2012.06.07 00:23:47 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{91BE13D7-BB26-4387-B682-39E81ADA46A2}
[2012.06.07 00:23:27 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{CC665A4C-F21E-4A63-8EBC-E9D92832410E}
[2012.06.05 19:23:49 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Roaming\InstallShield Installation Information
[2012.06.05 03:46:22 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{9DACE0FC-DC2A-4735-A36B-B0EADCCF9079}
[2012.06.05 03:46:01 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{A1CFC0EA-011D-4C61-8B5E-43285CE19ED7}
[2012.06.04 18:53:40 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2012.06.04 18:53:38 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\Procaster
[2012.06.04 18:53:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Livestream Procaster
[2012.06.04 18:53:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Livestream Procaster
[2012.06.04 00:12:40 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{3A701C01-6E49-4BCA-9674-13023D68E7B8}
[2012.06.04 00:12:25 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{06082C70-C4E4-4371-B6D9-EF374CB9EDB0}
[2012.06.03 16:16:30 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{CC022DF7-119A-4104-B5E3-6D741A2BFDFA}
[2012.06.03 16:16:14 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{D61D8835-4874-4D27-9B4F-B042D6AC117D}
[2012.06.02 22:30:56 | 000,000,000 | ---D | C] -- C:\Users\Melfice\Desktop\LoLItemChanger
[2012.06.02 22:28:23 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Roaming\LolClient2
[2012.06.02 22:26:40 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{52CF7BA2-ED15-40BC-93D8-F168102449F1}
[2012.06.02 22:26:04 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{B44E830B-54CB-49D0-BA18-612F0064BB77}
[2012.06.01 06:58:11 | 000,000,000 | ---D | C] -- C:\Users\Melfice\Documents\ProE
[2012.04.19 09:21:21 | 000,130,048 | ---- | C] (Eugene Roshal & FAR Group) -- C:\ProgramData\2wDbJkVL.exe_
[2012.04.19 09:21:21 | 000,130,048 | ---- | C] (Eugene Roshal & FAR Group) -- C:\ProgramData\2wDbJkVL.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.01 03:17:41 | 000,000,168 | ---- | M] () -- C:\Users\Melfice\defogger_reenable
[2012.07.01 03:08:03 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.01 02:56:03 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.01 02:52:53 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.01 02:52:53 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.01 02:44:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.01 02:44:30 | 1725,063,167 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.01 00:19:01 | 000,001,192 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2012.06.30 17:04:13 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.30 17:04:13 | 000,686,540 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.30 17:04:13 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.30 17:04:13 | 000,147,668 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.30 17:04:13 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.30 01:27:31 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\ManyCam.lnk
[2012.06.24 14:37:19 | 000,000,123 | ---- | M] () -- C:\Users\Melfice\Documents\std.out
[2012.06.23 14:15:59 | 000,000,012 | ---- | M] () -- C:\Users\Melfice\AppData\Roaming\urhtps.dat
[2012.06.23 13:33:27 | 000,374,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.23 13:31:08 | 000,000,844 | ---- | M] () -- C:\Users\Melfice\Documents\Dokument5.rtf
[2012.06.20 14:14:54 | 000,000,750 | ---- | M] () -- C:\Users\Melfice\Desktop\Utawarerumono English.lnk
[2012.06.19 15:33:40 | 000,000,061 | ---- | M] () -- C:\Users\Melfice\Desktop\Hello.vbs
[2012.06.17 16:43:15 | 000,000,756 | ---- | M] () -- C:\Users\Melfice\Desktop\Hello2.vbs
[2012.06.15 20:14:59 | 000,012,057 | ---- | M] () -- C:\Users\Melfice\Documents\remys book.odt
[2012.06.15 02:58:01 | 000,005,771 | ---- | M] () -- C:\Users\Melfice\Desktop\for remy.rtf
[2012.06.06 12:43:35 | 000,454,603 | ---- | M] () -- C:\Users\Melfice\Desktop\Scan0001.pdf
[2012.06.05 03:49:28 | 000,000,970 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012.06.04 20:10:49 | 000,000,221 | ---- | M] () -- C:\Users\Melfice\Desktop\Dungeons of Dredmor.url
[2012.06.04 18:53:39 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Livestream Procaster.lnk
[2012.06.03 23:52:40 | 622,321,038 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.06.03 17:56:20 | 000,001,058 | ---- | M] () -- C:\Users\Melfice\Desktop\Magical Diary - Horse Hall.lnk
[2012.06.02 16:37:14 | 000,001,058 | ---- | M] () -- C:\Users\Melfice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.06.02 16:36:36 | 000,001,030 | ---- | M] () -- C:\Users\Melfice\Desktop\Dropbox.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.01 03:17:41 | 000,000,168 | ---- | C] () -- C:\Users\Melfice\defogger_reenable
[2012.07.01 00:19:01 | 000,001,192 | ---- | C] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2012.06.30 01:27:31 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\ManyCam.lnk
[2012.06.23 14:15:59 | 000,000,012 | ---- | C] () -- C:\Users\Melfice\AppData\Roaming\urhtps.dat
[2012.06.23 13:31:07 | 000,000,844 | ---- | C] () -- C:\Users\Melfice\Documents\Dokument5.rtf
[2012.06.20 14:14:54 | 000,000,750 | ---- | C] () -- C:\Users\Melfice\Desktop\Utawarerumono English.lnk
[2012.06.17 01:22:35 | 000,000,756 | ---- | C] () -- C:\Users\Melfice\Desktop\Hello2.vbs
[2012.06.16 14:32:33 | 000,000,061 | ---- | C] () -- C:\Users\Melfice\Desktop\Hello.vbs
[2012.06.15 20:14:56 | 000,012,057 | ---- | C] () -- C:\Users\Melfice\Documents\remys book.odt
[2012.06.15 01:26:00 | 000,005,771 | ---- | C] () -- C:\Users\Melfice\Desktop\for remy.rtf
[2012.06.06 12:45:38 | 000,454,603 | ---- | C] () -- C:\Users\Melfice\Desktop\Scan0001.pdf
[2012.06.04 20:10:49 | 000,000,221 | ---- | C] () -- C:\Users\Melfice\Desktop\Dungeons of Dredmor.url
[2012.06.03 23:52:40 | 622,321,038 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.06.03 17:56:20 | 000,001,058 | ---- | C] () -- C:\Users\Melfice\Desktop\Magical Diary - Horse Hall.lnk
[2012.06.02 16:37:14 | 000,001,058 | ---- | C] () -- C:\Users\Melfice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.02.10 09:52:53 | 000,050,157 | ---- | C] () -- C:\Users\Melfice\AppData\Roaming\SQLite3.dll
[2012.02.02 15:06:23 | 001,579,582 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.19 11:35:50 | 000,000,000 | ---- | C] () -- C:\Windows\Horo.ini
[2012.01.11 22:34:15 | 000,473,600 | ---- | C] () -- C:\Windows\SysWow64\oldharmony.dll
[2011.12.30 22:37:23 | 000,000,298 | ---- | C] () -- C:\Windows\vtmb.ini
[2011.12.28 05:37:59 | 000,067,072 | ---- | C] () -- C:\Users\Melfice\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.07 18:17:46 | 000,083,968 | ---- | C] () -- C:\Windows\UnGins.exe
[2011.12.07 18:16:54 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\Unlha32.dll
[2011.10.30 18:51:33 | 000,000,018 | ---- | C] () -- C:\Windows\gfact.ini
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.26 19:01:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.07.25 14:41:59 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011.07.25 14:19:14 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011.07.25 14:05:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.07.25 14:02:18 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.02.03 19:56:58 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
 
========== LOP Check ==========
 
[2012.02.23 00:50:35 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\.minecraft
[2011.12.13 21:18:21 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\.minecraft_xray
[2012.05.30 12:41:33 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\Audacity
[2012.02.14 17:28:24 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\Babylon
[2012.07.01 03:23:43 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\BitTorrent
[2012.06.12 15:53:12 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\Braid
[2011.10.20 10:22:53 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\DAEMON Tools Lite
[2012.07.01 02:57:22 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\Dropbox
[2011.11.25 12:28:52 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\Gatling Gears
[2011.10.30 18:51:10 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\GetRightToGo
[2011.10.09 04:06:03 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\GrabPro
[2012.02.26 20:12:25 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\Hothead Games
[2012.02.12 15:20:31 | 000,000,000 | RHSD | M] -- C:\Users\Melfice\AppData\Roaming\install
[2012.04.19 10:44:12 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\KISSsoft AG
[2012.03.23 16:50:26 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\kock
[2011.09.26 22:34:23 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\LolClient
[2012.06.02 22:28:23 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\LolClient2
[2012.06.12 19:35:26 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\LoneSurvivor
[2012.06.30 01:29:42 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\ManyCam
[2012.01.16 00:25:03 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\NationRed
[2011.10.20 10:33:27 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\Nitroplus
[2011.12.08 17:12:23 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\OpenOffice.org
[2012.07.01 03:23:55 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\Orbit
[2011.10.09 04:06:07 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\ProgSense
[2011.10.21 13:41:17 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\PTC
[2012.06.29 14:22:59 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\RenPy
[2011.10.21 08:19:14 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\ShanghaiAlice
[2011.09.29 17:36:38 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\Toshiba
[2011.09.26 18:58:29 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\TOSHIBA Online Product Information
[2012.06.28 00:15:59 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\UAs
[2012.06.28 00:15:59 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\xmldm
[2012.04.04 12:41:41 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\‰c?¨?t???“?e?B?A) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\‰©¨ƒtƒƒ“ƒeƒBƒA
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 01.07.2012 03:25:00 - Run 1
OTL by OldTimer - Version 3.2.53.0     Folder = C:\downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,48 Gb Total Physical Memory | 5,73 Gb Available Physical Memory | 76,60% Memory free
14,95 Gb Paging File | 12,88 Gb Available in Paging File | 86,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,71 Gb Total Space | 12,84 Gb Free Space | 4,31% Space Free | Partition Type: NTFS
Drive D: | 298,08 Gb Total Space | 46,82 Gb Free Space | 15,71% Space Free | Partition Type: NTFS
Drive E: | 441,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: BRONGAA | User Name: Melfice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02BD6421-75B7-4459-983C-A47E17169199}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{0627699A-4245-4FDD-A787-D0ECB4F02680}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0D483153-E4D0-4D8F-AC18-6D744F4982E1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{0F6516E8-BDED-4A08-A6EB-0744DF0C3094}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{244EC3DF-C507-41B0-BF54-84E6974CE9EE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{27AC1C97-6260-44F7-9096-7918D82F32A8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2A288C99-722C-44F7-A6B9-ED47D408E4CD}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3A4CA51D-FF00-4A00-BEDD-7D4D0F67F36B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{47A9A33A-8C53-4F9C-9841-AA3059E476EF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4A33861C-850E-4853-9328-B44C75EF8A7B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{4CE746FD-BD5F-4B5B-9CFC-E6A9A6B197B2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{50664960-2CAC-42FD-ABC7-1B9BECA4732A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{595EA277-4CE2-4E21-B435-69452FB2E163}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5F04AD9A-9B7D-46A2-AF17-8BC1D4C88C65}" = lport=138 | protocol=17 | dir=in | app=system | 
"{86251A9C-079E-4B74-9DB9-6D4E146E2879}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{866AF15B-41F7-4408-8622-5BEE61D3E357}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A2DFE449-4B0B-4891-82C3-4BA7BCC92C64}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A9927BEC-A512-4555-8F00-0E68988A1E9D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{AC2D6D8A-1C38-4A9F-B0FC-D6C653881E57}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B00CFD1F-8678-47FC-9B52-85C4F78E95B9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C1A8D6AE-E878-49C7-B526-F510231F02A4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F2020B31-9205-412C-8D2B-72E5DE3EA04D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FEE2B6A9-17FE-4438-98F5-00480B2953E0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00534385-05CE-45A1-800F-F3E5A6864E79}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nation red\nationred.exe | 
"{006FF172-1A7A-4465-9F16-C91BBCF5004A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien breed impact\binaries\alienbreed-impact.exe | 
"{03D8DD7C-29C0-4945-AE01-62C5F368DADC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe | 
"{064E4C26-FBA3-4CE8-A039-BF23D3C7DB5C}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{06A1E8D9-8F95-4602-9199-DEEBA8A84F14}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{084D29A9-C444-44F0-96ED-DA9EB1069C72}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief_2\thief2.exe | 
"{08607C4C-7629-4510-B643-8C3B44BE247C}" = protocol=6 | dir=out | app=system | 
"{08FCDCE3-8205-4187-AABE-335D3E540E05}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe | 
"{0C5FB6BB-6D4A-4284-969C-73291E49F9D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{0E18CF28-E25A-4FE8-B120-BDBE284F8E17}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{10BB2CF6-26DC-4EAF-ABDD-83B74D195889}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{115F6DDC-9222-423E-A8DD-E08284C34586}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\analogue a hate story\analogue.exe | 
"{1396CFCD-2654-4DEC-972E-206A54C5F154}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex\system\deusex.exe | 
"{15266A35-9CE1-49A8-8C4D-DE79F5BAFD56}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\analogue a hate story\analogue.exe | 
"{18D018A2-0119-48E3-A6F4-9965F528AAA1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom ufo defense\dosbox.exe | 
"{1CEB6AF0-DBDB-4EDD-A982-37F40F254E49}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{1D873190-38BD-4817-8360-D3C2748F5337}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe | 
"{1EF01D4D-99C6-498B-8E60-5AB70D09800F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1EF5A11D-49BE-4D8A-A42F-7A27B1B5BBC5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\delve deeper\delvedeeper.exe | 
"{238A5521-8CC2-481B-9E98-80193A167BF6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe | 
"{238B5B29-CA5C-4FA8-AE07-6BF022D3B20D}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{25EB909C-E496-421D-978F-8300DCB813B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{2679FFE0-A175-49B6-BB3C-233CAE8E69F5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom enforcer\system\xcom.exe | 
"{2904DF75-F637-49ED-BFB3-97C4DE13D4F9}" = protocol=6 | dir=in | app=c:\users\melfice\appdata\roaming\dropbox\bin\dropbox.exe | 
"{2A720F21-0C04-45FD-82EF-B3F6DE44AEC1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\on the rain-slick precipice of darkness - episode one\rainslickep1.exe | 
"{2A90C7FA-83D5-413D-9FD6-F6E787BA843A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{2BC166CB-ED3D-40A0-A4F4-A2A7AD639049}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sega classics\segagenesisclassics.exe | 
"{31AF088E-D323-49D7-85AE-6238E730D2E6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom enforcer\system\xcom.exe | 
"{3273DBBF-C4AB-4630-9F9C-F2CB1FEDCD56}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe | 
"{32863A36-671A-43A0-9D2A-93BFD1BC9A22}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{32C284C9-ED68-4815-BE8A-C266927E088F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe | 
"{32F41B10-11B6-4442-9BAC-20F5314A402E}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"{338644B3-1DAA-4FCC-9F5C-1066CF56825C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe | 
"{3904944A-65D1-4B9B-A4C2-9FAC814D3D90}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe | 
"{39643916-86F9-4486-A53B-CF5F1C9A6D44}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{39BE4777-AD56-4F49-900B-5EAB38BA3CDD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe | 
"{3B78E905-919D-4F13-A67E-B281C7DBD70C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | 
"{419DBE59-D692-4036-A029-7769E0AB82B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ufo afterlight\ufo.exe | 
"{41C6B382-9166-424B-8B40-9006F354416B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x-com terror from the deep\runme.exe | 
"{41EF00CA-B0E1-40CE-ACFC-E9C65427B902}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe | 
"{42CF59A9-0493-4953-BE3F-C4EC1BF6FA2B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\puzzle agent\grickle101.exe | 
"{433CA14E-FEA6-40BE-802F-400B4D4C2643}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psychonauts.exe | 
"{436D593A-2DA5-4328-B63D-184560173F7C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{47ACF98F-6221-43F5-BCCA-B2D678D7D532}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bulletstorm\binaries\win32\shippingpc-stormgame.exe | 
"{4B3E0D54-0F6F-4101-BBA8-F0A1A95AD499}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{5184550D-0F03-4935-98CC-5671389E79FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5B55E8BB-D630-4F7F-9F9C-9069AEDB7DD6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5C28F615-4AFF-4ED1-8F1E-41D3EA36283B}" = dir=in | app=d:\program files (x86)\ptc\pvx\i486_nt\obj\productview.exe | 
"{5C3BE4C1-4B1A-4B03-90A6-4D805F68A7AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5D802442-B655-4243-BF6C-13B3F62016E2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{645F22DB-974E-4C28-961E-4B3604FF0E3F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe | 
"{64C5848E-A6E3-4D2B-894B-517C607A43D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam the random encounter\sstre.exe | 
"{65C0EE70-6496-4EDB-A9AA-74EA833ECC45}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\delve deeper\delvedeeper.exe | 
"{68E0A762-8238-4554-A7E9-703A407DD103}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blocks that matter\btm_launcher_win.exe | 
"{68F0DF8B-D80D-459A-BAEF-04D1ED8C572D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\might and magic clash of heroes\clashofheroes.exe | 
"{690956A7-1EBA-495D-BF48-A815816409F3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear\custom.exe | 
"{6B79DCFE-5992-468D-A845-47118DDAA03F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{6F49E621-D643-44C4-965B-BC6D6D5A9CCC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sega classics\segagenesisclassics.exe | 
"{70C82377-64F2-4635-B1D5-7061BEF14559}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7122B725-87BB-4728-9992-21DB6069A978}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe | 
"{736B05FC-7E6D-48DF-B008-8A5DA1AB08B3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{75D686E5-D685-4F80-BDD2-0308970DB2B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief deadly shadows\system\runme.exe | 
"{7C225BBF-60D4-4CA6-A1D0-D97EBAA0EFF5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom ufo defense\xcom\ufo defense_patched.exe | 
"{7D8160B7-3714-46B0-8491-4C086BF36F6A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chantelise\custom.exe | 
"{82BBC64A-8380-4ACF-A7DF-6F98263FA06A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe | 
"{84F633D8-A6EA-46FC-9A63-E3CBC66CB670}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear\recettear.exe | 
"{86ACB5F7-45B1-4B9E-8845-80509996F4FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ninja reflex\ninjareflex.exe | 
"{8720065A-C9EA-44C2-8786-7E5EE311B410}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{873D00A9-13FA-417F-A96C-075368C0BD77}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\puzzle agent\grickle101.exe | 
"{8927DF51-4489-488D-AEF6-6EF1F13CA77E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear\recettear.exe | 
"{89C10380-75AC-4A3C-92C4-013E268A25E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lone survivor\lonesurvivor\lonesurvivor.exe | 
"{8E2FE7B3-FF00-4805-8AEE-0781085F9B4F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{8F1383CC-74DA-400A-A62D-9B8395D904BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{91100486-8A3B-41EB-8E35-971E60D3CB27}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex\system\deusex.exe | 
"{91A180D3-150D-4863-8B03-F935EF5CEDFD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{92CAA75B-DC3B-4A05-9356-CC212005599C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe | 
"{92F91979-2AF3-4A79-94A4-66975DDDD04F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe | 
"{93BCD280-2568-4251-AA4E-06F384A7B48C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
"{943DE906-C7FA-4379-8E22-25092D7BE992}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"{951847AA-39D0-428D-98FF-28E0AB48F63A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{98DB6A0F-0295-4676-B7AD-CC3AE5BC5CAB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9B061228-F9E0-4878-AD47-D7C2D6EA697F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe | 
"{9B54050D-B857-43A3-9CEF-6FEE1239882A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fortune summoners demo\sotes.exe | 
"{9B7BA2BC-E1BB-455C-AF36-B011FBD749E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe | 
"{9D74CAF2-A44B-4C03-B23A-900606A2B868}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe | 
"{9E798239-B1E2-46A4-871D-BA5BF47400FC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ufo afterlight\ufo.exe | 
"{A05C8C27-CD15-4D6A-B2E5-55DB596A7233}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe | 
"{A07B31B9-A85E-4E5A-A452-E52C508C4E4B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien breed impact\binaries\alienbreed-impact.exe | 
"{A102737C-8465-4C59-BD78-1F6D97E6B4BB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x-com terror from the deep\runme.exe | 
"{A32C9534-4624-462A-B40C-DD0C054FDC6C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief_2\thief2.exe | 
"{A3CFCBA4-FC14-4B1E-9619-77A126EB0809}" = protocol=17 | dir=in | app=c:\users\melfice\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A3F177C7-B29C-43F2-8807-DA3F18EAD06F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A79EB65E-587F-4C34-9F15-B10B83461A6E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A7F57BC5-3631-4022-AB0D-86D58D8985B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lone survivor\lonesurvivor\lonesurvivor.exe | 
"{A8160CBF-CC7D-4E9C-BE5B-8850119DA93B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A980B16A-3D4A-4C1E-AA92-BB0BED3F8157}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AA738BE6-31EE-42A1-BA67-A6241179827A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AA747ACD-DC41-4BA6-86B2-CA0F75E50C3E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam the random encounter\sstre.exe | 
"{ABCEE1E4-1C9B-4159-AD58-C5EFDA08377A}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"{AE805AD9-5ACF-4621-8665-A6AE23AD5977}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AEA79DD0-9AAC-44D3-95F6-DCE06537C32A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe | 
"{B1918BDA-28F6-4C66-836E-AB5FB4B0EFCA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe | 
"{B24EFE44-D616-4ADA-A886-7FBE7B0365AB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chantelise\chantelise.exe | 
"{B26225E9-B54B-4253-995E-88FB2B037A9C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{B4218CAC-A536-4673-B86A-C75032203344}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | 
"{B4B91D68-F832-4D4F-BD75-D44A49B23A95}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\might and magic clash of heroes\clashofheroes.exe | 
"{B4C311AA-80AF-4BCD-9B47-21476CAD93E2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fortune summoners demo\sotes.exe | 
"{B63FCA06-72AF-4D54-BB0E-FCE4E1CBCE99}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | 
"{B71A4AD4-D02F-4FE1-B2F7-7F78F1E48011}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x-com terror from the deep\tfd\terror from the deep_patched.exe | 
"{B870A9B3-495A-4BD1-85E1-C26507CC6635}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"{B9F6BBCB-E97F-44B7-8100-78EAB6958206}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear\custom.exe | 
"{B9F97355-3907-4778-8850-E52E1EF59C30}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chantelise\custom.exe | 
"{BA5F1898-DD44-44AD-96FA-921D37B8FC4C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chantelise\chantelise.exe | 
"{C08BB9F6-31A7-4379-B9CC-CBC43D040A20}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cthulhu saves the world\cstw.exe | 
"{C465B31C-8857-4DF6-BBC2-B5C5E9B3E23C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe | 
"{C583807C-7F0C-456E-8E51-C209F7AB89A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C7AB2A96-13BB-4D02-A3A4-FFEB9DC22E49}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sequence\sequence.exe | 
"{CA36BCCF-A4F4-4392-9D6F-8AA2FD7EB443}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cthulhu saves the world\cstw.exe | 
"{CA660C46-CEDF-4EEF-92D5-4BB8DBDA510D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"{CE57C212-EF3F-47BC-9FCF-9939466E1724}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | 
"{CEB3E46F-2D7D-4EA4-8357-8BB13E1D47CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom ufo defense\dosbox.exe | 
"{D14A862F-B7CE-48BC-9F18-9E65C043ECD9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe | 
"{D2A65512-145C-4C11-9D38-002AB4C04D07}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{D30B9CC8-BCFE-4BED-92FB-FD84A5F96203}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D3243FA0-BB52-4842-8016-BAD9E764C1F5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blocks that matter\btm_launcher_win.exe | 
"{D61E0E56-223D-4F5B-B9DE-9BC4DF750EFD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{D95351DC-A9D5-49BA-B00A-5D079364CC43}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\on the rain-slick precipice of darkness - episode one\rainslickep1.exe | 
"{D9EC0D27-2D40-434B-ACF8-E2637292D5D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ninja reflex\ninjareflex.exe | 
"{DA5254A1-C951-4ACA-A6BF-188AE061D759}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief deadly shadows\system\runme.exe | 
"{DA7E7493-98AF-4043-A50A-01ADD55AD15E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x-com terror from the deep\tfd\terror from the deep_patched.exe | 
"{DD4BB57C-D9DF-46BB-9768-AEB762F604F6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{DDF9EB9F-81BE-4B77-A186-DAA5F9F0C23C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe | 
"{DEE1BE25-9B8B-4BDB-8D6C-17C44DA58030}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nation red\nationred.exe | 
"{E1366063-BFD3-4BF3-A8EC-BEB0556738BA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\breath of death vii\bodviipc.exe | 
"{E23C524F-4B5C-4ED3-9F20-9B958178DF1A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{E2B7A63C-DA7A-420F-80F5-B5108095E720}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bulletstorm\binaries\win32\shippingpc-stormgame.exe | 
"{E5E6CD25-3646-40A1-8589-28AEBF8EAA32}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{E86A4CD8-F4A9-4841-8F8A-14F895EE45D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\breath of death vii\bodviipc.exe | 
"{EC2F5460-05AF-4833-848E-57F8D583596B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psychonauts.exe | 
"{EDE88E3B-11FF-469E-8B1D-5F7D5422C3A1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sequence\sequence.exe | 
"{F26FDCB6-64D7-4DC7-B86F-85FFDDFF6A0B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom ufo defense\xcom\ufo defense_patched.exe | 
"{F3A6CD5D-A59C-481C-A236-302472D841F4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F3D0C61D-B1C0-4D0D-AA32-621774340484}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{F488DEB4-A3EC-499C-B6C6-A35E14223A22}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | 
"{F4CBDE10-A6AA-4FA4-936B-E6D7EB6E18B4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"TCP Query User{00174407-5FCA-45D8-A846-A1C6FEFBE2FA}C:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe | 
"TCP Query User{11D9E804-E1F4-41E8-9897-955C5954730C}C:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe | 
"TCP Query User{1AEF323F-BAC8-489F-AC26-ED6FC1B3BE76}D:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe | 
"TCP Query User{1B3B8988-0D01-4832-AF55-08177A9168EB}C:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe | 
"TCP Query User{20D3AD1F-4BA4-41DB-98D4-97C0100A94CB}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"TCP Query User{3CBA7197-2C9C-400D-AE8D-9BE718D2995D}C:\program files (x86)\electronic arts\gatling gears\game\gatlinggears\gatlinggears.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\gatling gears\game\gatlinggears\gatlinggears.exe | 
"TCP Query User{5847F59E-63D6-4819-8B4B-5DE3EDE49081}D:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe | 
"TCP Query User{5E39EE41-F221-407A-9911-2842640A3340}D:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe" = protocol=6 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe | 
"TCP Query User{5EAA90B2-9E61-40F3-8DD5-A5E35146A307}C:\program files\proewildfire 5.0\bin\proe.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\bin\proe.exe | 
"TCP Query User{60BE1701-40E0-48A6-B9A8-8E594FAA6FB3}C:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe | 
"TCP Query User{68909700-552A-4848-BD49-2837322FB6C4}D:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe" = protocol=6 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe | 
"TCP Query User{6A72D4ED-500E-4E0B-8771-F069EFBD4F79}C:\program files (x86)\steam\steamapps\melficeone\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\melficeone\team fortress 2\hl2.exe | 
"TCP Query User{7E3EF718-FBA9-47E0-B938-C046A793FBFD}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"TCP Query User{81E57A9E-E980-41EA-807A-B2C5A20272C8}C:\program files\proewildfire 5.0\bin\proe.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\bin\proe.exe | 
"TCP Query User{8CDD95B8-7E96-4902-8B81-C582B04DFCFB}C:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe | 
"TCP Query User{9A746F4B-4555-4C25-A830-EC9DE4648D96}C:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe | 
"TCP Query User{A54C7E64-F223-4FCD-9629-BFBE769E4B6B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{A73D2DF8-EA7F-4C78-8775-19CD846F3B5D}C:\users\melfice\appdata\roaming\microsoft\windows\mysql-mxj\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=c:\users\melfice\appdata\roaming\microsoft\windows\mysql-mxj\bin\mysqld-nt.exe | 
"TCP Query User{ABBB2091-7BB7-47B2-956E-5AF55939C9F6}C:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe | 
"TCP Query User{B048FD5C-B32C-42E2-9766-1462B5D4EA68}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"TCP Query User{B4BF3197-C670-4A9E-870F-AADEBB1486DF}C:\program files (x86)\steam\steamapps\melficeone\bloody good time\bgt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\melficeone\bloody good time\bgt.exe | 
"TCP Query User{B890C5F0-9700-4023-8E7C-39C30B23D276}D:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe | 
"TCP Query User{B8D3E778-5142-426E-889E-BE1859CB91AF}D:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe" = protocol=6 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe | 
"TCP Query User{C4BF8C17-67FD-4574-8FA1-5587A3D439D5}C:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe | 
"TCP Query User{C93926EC-E028-4AD7-B3EF-31740583EC5F}D:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe" = protocol=6 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe | 
"TCP Query User{CEE77FB8-0183-474D-809E-995C13827875}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | 
"TCP Query User{CFAA479C-6C69-48E9-A2AE-7A1E7DF6AFE3}D:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe | 
"TCP Query User{D64180FF-BDE0-45D3-AEA6-9E60E04B8704}C:\program files (x86)\steam\steamapps\melficeone\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\melficeone\team fortress 2\hl2.exe | 
"TCP Query User{DC147686-F520-4B87-A309-53ABA3107C04}C:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"TCP Query User{DCB318ED-2A54-4737-96B9-D9A7179E0322}C:\users\melfice\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\melfice\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{DD94203B-5C3E-4940-809A-8B24E11C6114}C:\program files (x86)\orbitdownloader\orbitdm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitdm.exe | 
"TCP Query User{E54E424D-D57E-4359-A703-D8BA0E46F985}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | 
"TCP Query User{E5760DB1-0605-4D37-A949-56787190E6F4}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{E7077C85-9AAB-4DEC-949C-13E149B11E82}E:\jskfcatserver.exe" = protocol=6 | dir=in | app=e:\jskfcatserver.exe | 
"UDP Query User{06268F4A-0A52-4BF0-8CC0-2CADC1CA7C7E}C:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe | 
"UDP Query User{1320CDD1-C192-4D29-813D-492A101C7A52}C:\program files (x86)\steam\steamapps\melficeone\bloody good time\bgt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\melficeone\bloody good time\bgt.exe | 
"UDP Query User{166FDF7D-5138-485D-8A65-C73A2704F0AC}C:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe | 
"UDP Query User{25E2BCC0-6BF1-49CB-9B66-E892218634BE}C:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe | 
"UDP Query User{3006C2B3-2AC6-49AA-9005-68B727450D7D}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | 
"UDP Query User{35E87FD1-9AEA-44D3-A348-E80E83159D2A}E:\jskfcatserver.exe" = protocol=17 | dir=in | app=e:\jskfcatserver.exe | 
"UDP Query User{39491388-02EE-4DC5-8E70-0176EBBF5734}D:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe" = protocol=17 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe | 
"UDP Query User{3B6863B1-ED9D-45D8-82C4-90A6ED835C71}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{421F2EB8-E976-48DD-80CD-0B972D54A5A3}C:\program files (x86)\orbitdownloader\orbitdm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitdm.exe | 
"UDP Query User{4997E979-0565-4904-AD86-5A7F5C2C238D}C:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"UDP Query User{57B574A9-1B0A-49AF-97D7-A85866AC37BC}D:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe | 
"UDP Query User{6053DE18-66DF-402F-A03A-50861859449C}C:\users\melfice\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\melfice\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{63A9392F-15E9-4BB7-86BC-02DD31075798}C:\program files\proewildfire 5.0\bin\proe.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\bin\proe.exe | 
"UDP Query User{6737470F-2CD5-41DC-99F2-5157C22C5A6F}D:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe | 
"UDP Query User{6B0B463F-EA65-4C4A-BD5E-7E4BF5300CFE}D:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe" = protocol=17 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe | 
"UDP Query User{6F5939AD-B89D-4A7B-8DCF-03A8F39AEB80}C:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe | 
"UDP Query User{6F9D5BE8-2822-4858-8BD2-CC955C3C10DD}D:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe" = protocol=17 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe | 
"UDP Query User{7215162F-BEE9-4E0D-A618-871A5250CACE}C:\program files (x86)\steam\steamapps\melficeone\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\melficeone\team fortress 2\hl2.exe | 
"UDP Query User{787E9419-23B8-4821-9317-951298CBE72B}C:\program files (x86)\steam\steamapps\melficeone\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\melficeone\team fortress 2\hl2.exe | 
"UDP Query User{7AF95BCA-3AED-47C6-8816-8AA5718B15DE}C:\program files (x86)\electronic arts\gatling gears\game\gatlinggears\gatlinggears.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\gatling gears\game\gatlinggears\gatlinggears.exe | 
"UDP Query User{89FA4536-259A-46B2-B45A-4656D9743CBA}C:\program files\proewildfire 5.0\bin\proe.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\bin\proe.exe | 
"UDP Query User{92D91A86-39B4-461A-8E91-C5C408218AE0}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | 
"UDP Query User{940012CE-1A38-449F-9E1F-62E6D4FC24A7}D:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe | 
"UDP Query User{975FAE45-A115-452B-A13A-7C0548BBCFDF}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"UDP Query User{99CEF612-B531-4748-8252-4D79EDC3B372}C:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe | 
"UDP Query User{A022DE94-58EB-4764-A2C6-5344030D03D3}D:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe | 
"UDP Query User{AA69AF5D-F8D2-48FE-9DFC-149310CBC299}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"UDP Query User{BD149A4C-95E7-4501-A407-A2ABBA22F2BC}C:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe | 
"UDP Query User{D67E4604-1B9C-4F86-8A0A-5FB4662537D3}C:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe | 
"UDP Query User{E2497D91-E396-44CB-A38D-94D4B45787BD}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{E2C0393E-2512-4675-9520-883A9DFB5C8A}D:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe" = protocol=17 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe | 
"UDP Query User{F4A874B7-BC04-4C64-9185-E1E2BA02EE86}C:\users\melfice\appdata\roaming\microsoft\windows\mysql-mxj\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=c:\users\melfice\appdata\roaming\microsoft\windows\mysql-mxj\bin\mysqld-nt.exe | 
"UDP Query User{F5E1E014-2323-4337-8B62-915E8962C487}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"UDP Query User{FA487F95-CBC5-4B6B-BEC8-96B8CAA2AC88}C:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{34565B7E-F28D-BEEE-75BB-06E7659FC76F}" = ATI Catalyst Install Manager
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{51BC086E-2946-442C-B01D-37587285E833}" = ProductView Express 9.1
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{617C7445-9152-3B2D-5618-117323D728E0}" = ccc-utility64
"{645C958A-F505-A126-F618-DDF4F9C3FE43}" = WMV9/VC-1 Video Playback
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6FF9A012-0254-41E9-81E2-F538C4B53611}" = TOSHIBA eco Utility
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A8F30C52-D992-4077-8A77-30ED12B6244C}" = Creo Thumbnail Viewer 1.0
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{F9232528-EA5C-4DA0-B8BE-637A70E9E673}" = ProductView Express 9.1
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Creo Elements/Pro Schools Edition Release 5.0 Datecode M080" = Creo Elements/Pro Schools Edition Release 5.0 Datecode M080
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Pro/ENGINEER Release Wildfire 5.0 Datecode M060" = Pro/ENGINEER Release Wildfire 5.0 Datecode M060
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{0315398D-7266-AB1A-D7DB-03B5ECB4B126}" = CCC Help Portuguese
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E66EC48-9DFD-0A60-A391-3A15D2F26696}" = CCC Help Japanese
"{0FF68F26-416C-4954-ACA5-6AD5F9DE99C1}" = Nero Multimedia Suite 10 Essentials
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{113DE365-7DB5-6E66-DC10-CF8A3E5BEC74}" = CCC Help Chinese Traditional
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{12109DE2-D313-3456-4C6D-2F1283554D28}" = CCC Help Danish
"{140347A0-4A0C-44FC-9CA1-C8A3471899B7}" = SdRt4200
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{19540CBA-3D6C-D1BB-F713-FC6B082E4D1F}" = CCC Help Greek
"{19B5CAAF-3E36-40F4-83F2-45E0D258000C}" = 神採りアルケミーマイスター Append02
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B3F8894-DC2F-AE2F-548C-BC7786F199FE}" = CCC Help Czech
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{1FB31D8B-476B-AECB-4831-21D65E28AF7A}" = Catalyst Control Center Graphics Previews Common
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2515EAA9-AE9F-4F0A-8301-B40034838B8A}" = Livestream Procaster
"{2580F3D5-CA0A-2D65-EA68-70F433B85146}" = CCC Help Thai
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 5
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{333AE6EB-2EDC-11D7-AAED-001060294115}" = IQ Marathon
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{36285812-1E91-CA80-B1E6-E305348621FE}" = CCC Help Dutch
"{36B3F8D7-F1C7-4558-A348-7C8171BB6404}" = ガジェット トライアル
"{37A58B85-C98F-11D5-B694-00E07D72A995}" = RM2K Mp3 Patch v1.1
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}" = TOSHIBA ConfigFree
"{394A362F-26A0-4F6E-BCFA-4564FB24E0BC}" = Quarry
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D047C6C-19EE-46E3-C14B-9FA84260DF9B}" = Photo Service - powered by myphotobook
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{41810510-3CE0-425B-BE07-B9793731737F}" = 神採りアルケミーマイスター
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{467CDF2F-AB27-4E91-814A-96AA8FBDC61D}_is1" = Zombpocalypse 0.9.2
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46C3E47E-C1BB-11D7-9E00-0004769EEFEB}" = Building Panic
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E27A271-351E-72DC-BD22-06A46243F2A5}" = CCC Help German
"{4ED9CBC6-14B7-4E2A-BF42-E6DD63E722C9}" = KISSsoft 03-2011 
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{5684A50E-D6B1-5593-E292-72EFFF18197F}" = CCC Help Russian
"{5782EF38-8F32-4B9C-9A86-12877A93D8FE}" = Gatling Gears
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58C0E6D2-EA46-4765-A943-126EAF3C9D62}_is1" = Metro 2033 by O22y
"{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}" = TOSHIBA Wireless LAN Indicator
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{663140E6-EB60-11D6-AAED-0004769EEFEB}" = Snake Arena SE
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7EA2ACE0-9281-137B-D513-8B64A846A401}" = CCC Help Turkish
"{800F3931-0773-4BF2-ACF3-DF0A9CF2528D}" = Koihime_Musou
"{8064A378-46F4-4A4E-8AF5-153D0D4018DD}" = Catalyst Control Center - Branding
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8653955E-3E81-DD1E-C159-B9042649EA09}" = CCC Help Norwegian
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92AD9101-1F8A-1A9C-B54C-49EA654FCD03}" = CCC Help Italian
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FF1D21-3C31-C7DD-5201-7F91805706C2}" = CCC Help French
"{93A6108B-997A-FFE1-E304-31204DAAAA7C}" = CCC Help Korean
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{93EC173C-7811-44B6-8760-9515C0893A65}" = Duel 2
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E9C5551-2674-19BD-2BCE-24BF05908E03}" = CCC Help English
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A4ED0A4C-E9E1-78CF-59D8-C42BBB9ACDC5}" = CCC Help Finnish
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.de
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD9E5D61-0EBB-4472-8DA9-359560FB6988}}_is1" = ƒOƒŠ[ƒtƒVƒ“ƒhƒ[ƒ€  Ver1.10
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2E92CF8-8D2F-4203-B5C4-177174472C9A}" = The Typing of The Dead
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6EDBA96-E5CF-EA2B-BEC1-005592B9358E}" = AMD VISION Engine Control Center
"{C7B5C8A0-CE3F-4645-A0B6-B5515794076D}" = 神採りアルケミーマイスター Ver2.00 Update
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2B30220-BEA5-4834-BD6C-54779C393814}" = ミクキス
"{D3CD7848-5C54-0C58-CB65-9A9B74AA3C2A}" = CCC Help Hungarian
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6DAF6F2-2ABF-83FE-B5C0-7C07711D9AA8}" = CCC Help Polish
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D7A7E557-2EB9-4075-9C0C-D889A7690C36}" = KISSsoft 03-2011-DEMO
"{DA47ABC4-52DF-468D-988D-B9E768A3DF52}" = Pizza Connection 2
"{DC26D0EF-06F7-9DC8-5E1F-AFEF20F8E7FC}" = CCC Help Spanish
"{DD5EF061-240A-DF5B-1B6A-A7E38733216D}" = Catalyst Control Center InstallProxy
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF10A0FC-1508-EF3B-AF9D-943B7AEDB967}" = CCC Help Swedish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E656D89A-8CBB-497F-918F-8361A4071C26}" = Nero Burning ROM 11
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EFE563B0-DDDB-45AF-B49A-C109C93E5F35}" = 神採りアルケミーマイスター Append01
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F73498A2-499B-4423-986E-90F99348609F}" = STEINS;GATE
"{F7506A7D-2FED-07D9-60A6-E0832A42A3DA}" = CCC Help Chinese Standard
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{F9D85C9A-4E99-8115-41DA-9427FD77AFD5}" = Catalyst Control Center Localization All
"{FDE58148-57E7-43BF-879A-29CCE818C078}" = eBay
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF54932F-5852-49B4-A614-5E2DAFA8505E}" = Virtual Playtable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF85AD26-D09A-11D6-AAED-0004769EEFEB}" = Gonzo Heads
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"BIT.TRIP RUNNER" = BIT.TRIP RUNNER (remove only)
"BitTorrent" = BitTorrent
"Blip Blop" = Blip Blop (remove only)
"C64 - Classix GOLD" = C64 - Classix GOLD- Version 1.00
"Catapults" = Catapults
"Cave Story Deluxe" = Cave Story Deluxe
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dark Omen" = Dark Omen
"Desura" = Desura
"don't take it personally, babe, it just ain't your story" = don't take it personally, babe, it just ain't your story 1.1
"Dr. Harrison 3.2D" = Dr. Harrison 3.2D
"Earth Defense Force Insect Armageddon_is1" = Earth Defense Force Insect Armageddon
"English Patch for Gadget Trial" = Gadget Trial English Localisation
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook
"facemoods" = Facemoods Toolbar
"Front Mission Evolved_is1" = Front Mission Evolved
"GOM Player" = GOM Player
"hedgewars" = Hedgewars
"Horo_is1" = Horo
"Icy Tower v1.5_is1" = Icy Tower v1.5
"Igneous_is1" = Igneous
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{19B5CAAF-3E36-40F4-83F2-45E0D258000C}" = 神採りアルケミーマイスター Append02
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{41810510-3CE0-425B-BE07-B9793731737F}" = 神採りアルケミーマイスター
"InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{C7B5C8A0-CE3F-4645-A0B6-B5515794076D}" = 神採りアルケミーマイスター Ver2.00 Update
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{EFE563B0-DDDB-45AF-B49A-C109C93E5F35}" = 神採りアルケミーマイスター Append01
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Katawa Shoujo" = Katawa Shoujo
"Magic Table_is1" = Magic Table 1.7.0.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"ManyCam" = ManyCam 3.0.79 (remove only)
"McAfee Virtual Technician" = McAfee Virtual Technician
"MinecraftCrack1.0" = MinecraftCrack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Neva" = Neva
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"PricePeep" = PricePeep for Internet Explorer
"Rainmeter" = Rainmeter (remove only)
"Retro Classix" = Retro Classix 1.0
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"SecuROM Diagnostic Tool" = SecuROM Diagnostic Tool
"Sheep" = Sheep
"Shira Oka - Second Chances 1.1.2" = Shira Oka - Second Chances 1.1.2
"Steam App 102600" = Orcs Must Die!
"Steam App 107100" = Bastion
"Steam App 107300" = Breath of Death VII 
"Steam App 107310" = Cthulhu Saves the World 
"Steam App 111800" = Blocks That Matter
"Steam App 113200" = The Binding Of Isaac
"Steam App 1250" = Killing Floor
"Steam App 13000" = Ninja Reflex: Steamworks Edition
"Steam App 18000" = On the Rain-Slick Precipice of Darkness, Episode One
"Steam App 18070" = The Baconing
"Steam App 200130" = Puzzler World 2
"Steam App 200910" = Sequence
"Steam App 201480" = Serious Sam: The Random Encounter
"Steam App 204060" = Superbrothers: Sword & Sworcery EP
"Steam App 209370" = Analogue: A Hate Story
"Steam App 209830" = Lone Survivor
"Steam App 211740" = Thief 2
"Steam App 22610" = Alien Breed: Impact
"Steam App 2450" = Bloody Good Time
"Steam App 26800" = Braid
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 31270" = Puzzle Agent
"Steam App 34270" = SEGA Genesis & Mega Drive Classics
"Steam App 35700" = Trine
"Steam App 3830" = Psychonauts
"Steam App 39800" = Nation Red
"Steam App 40800" = Super Meat Boy
"Steam App 41000" = Serious Sam HD: The First Encounter
"Steam App 41010" = Serious Sam HD: The Second Encounter
"Steam App 41070" = Serious Sam 3: BFE
"Steam App 43110" = Metro 2033
"Steam App 48000" = LIMBO
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 61700" = Might and Magic: Clash of Heroes
"Steam App 620" = Portal 2
"Steam App 630" = Alien Swarm
"Steam App 63800" = Delve Deeper
"Steam App 65800" = Dungeon Defenders
"Steam App 6910" = Deus Ex: Game of the Year Edition
"Steam App 6980" = Thief: Deadly Shadows
"Steam App 70400" = Recettear: An Item Shop's Tale
"Steam App 70420" = Chantelise
"Steam App 7500" = UFO: Afterlight
"Steam App 7650" = X-COM: Terror from the Deep
"Steam App 7760" = X-COM: UFO Defense
"Steam App 7770" = X-COM: Enforcer
"Steam App 91200" = Anomaly Warzone Earth
"Steam App 91600" = Sanctum
"Steam App 98800" = Dungeons of Dredmor
"Steam App 99810" = Bulletstorm
"Steamless Left4Dead2 Pack" = Steamless Left4Dead2 Pack
"Turok 2" = Turok 2: Seeds of Evil
"Utawarerumono English" = Utawarerumono English v1.1
"webmmf" = WebM Media Foundation Components
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"WTA-33136f14-14d5-4ebb-981f-08769c59bc06" = Plants vs. Zombies - Game of the Year
"WTA-374b417a-7ab2-4208-b04b-b02671fdb430" = Chicken Invaders 3 - Revenge of the Yolk
"WTA-41fcabba-9a7c-4d0c-a98f-4329bafed165" = Zuma Deluxe
"WTA-59d9f67f-d8bc-44bd-b780-f38fc7e94292" = Final Drive: Nitro
"WTA-6f151802-11ed-45da-9651-6ab9139150b1" = Penguins!
"WTA-726c3834-2637-4929-a672-e61956d4594e" = Wedding Dash 2 - Rings Around the World
"WTA-9b2342f1-6586-40ff-92da-58d81ac97fed" = Polar Bowler
"WTA-9fb812a3-ceb4-4c33-b4b1-42974266670d" = Bejeweled 3
"WTA-be61410d-7566-49cf-8d8c-69b79428f30b" = Insaniquarium Deluxe
"WTA-cff1b0c3-8ffa-4a6c-8e20-55e049ec7984" = Diner Dash 2 Restaurant Rescue
"WTA-d53a5529-9cbe-4f77-8d3c-6a459faffb68" = Chuzzle Deluxe
"WTA-d5ede00c-bc16-4fe2-a6f0-3fde9f818086" = Bejeweled 2 Deluxe
"WTA-d9642135-b49a-48b4-81ad-b6c7d9307155" = FATE
"WTA-fb3fe861-3c7d-4ab0-8459-27d6fefa707f" = Slingo Deluxe
"X-Force_is1" = X-Force: Fight For Destiny V0.915b03
"Xuse 永遠のアセリア - この大地の果てで -" = Xuse 永遠のアセリア - この大地の果てで -  (Remove Only)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ダイバージェンス・メーター スクリーンセーバー" = ダイバージェンス・メーター スクリーンセーバー
"ダブルスポイラー_is1" = ダブルスポイラー ver 1.00a
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Castlevania - The Bloodletting V.1.3 BETA" = Castlevania - The Bloodletting V.1.3 BETA
"Dropbox" = Dropbox
"Hornado_is1" = Hornado 2.0
"InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"UnityWebPlayer" = Unity Web Player
"Wajam" = Wajam
"YSF_WIN" = YsF
"Yume Nikki 0.10 English" = Yume Nikki 0.10 English
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.05.2012 04:09:29 | Computer Name = Brongaa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WLXPhotoGallery.exe, Version: 15.4.3538.513,
 Zeitstempel: 0x4dcdb214  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001faa0  ID des fehlerhaften
 Prozesses: 0x2b2c  Startzeit der fehlerhaften Anwendung: 0x01cd3ca934258eac  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 720e21a5-a89c-11e1-a0b3-e89a8f8efd81
 
Error - 28.05.2012 14:34:35 | Computer Name = Brongaa | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.05.2012 16:15:33 | Computer Name = Brongaa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mpc-hc.exe, Version: 1.5.3.3514, 
Zeitstempel: 0x4e3453bc  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e211319  Ausnahmecode: 0xe06d7363  Fehleroffset: 0x0000b9bc  ID des fehlerhaften
 Prozesses: 0x1f7c  Startzeit der fehlerhaften Anwendung: 0x01cd3d0e30e99edd  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: e054b603-a901-11e1-885d-e89a8f8efd81
 
Error - 29.05.2012 21:32:53 | Computer Name = Brongaa | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.05.2012 11:37:26 | Computer Name = Brongaa | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.05.2012 10:44:08 | Computer Name = Brongaa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421,
 Zeitstempel: 0x4d76255d  Name des fehlerhaften Moduls: Flash32_11_2_202_235.ocx, 
Version: 11.2.202.235, Zeitstempel: 0x4f9af5a5  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x00420569  ID des fehlerhaften Prozesses: 0x1d78  Startzeit der fehlerhaften Anwendung:
 0x01cd3f34a1e29fb7  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet
 Explorer\iexplore.exe  Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_2_202_235.ocx
Berichtskennung:
 130b95e4-ab2f-11e1-bc9a-e89a8f8efd81
 
Error - 31.05.2012 14:44:44 | Computer Name = Brongaa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Dungeons of Dredmor.exe, Version:
 0.0.0.0, Zeitstempel: 0x4f7bc61d  Name des fehlerhaften Moduls: ntdll.dll, Version:
 6.1.7601.17725, Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002dfe4
ID
 des fehlerhaften Prozesses: 0x217c  Startzeit der fehlerhaften Anwendung: 0x01cd3f5a9ebc6bf8
Pfad
 der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\common\dungeons
 of dredmor\Dungeons of Dredmor.exe  Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
 b00b7d42-ab50-11e1-bc9a-e89a8f8efd81
 
Error - 01.06.2012 17:39:52 | Computer Name = Brongaa | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgefuhrt werden und wurde beendet. Uberprufen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: cd0    Startzeit: 01cd3e7a76f265c1    Endzeit: 83    Anwendungspfad: 
C:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID: 4b4da3a6-ac32-11e1-bc9a-e89a8f8efd81

 
Error - 01.06.2012 22:28:52 | Computer Name = Brongaa | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgefuhrt werden und wurde beendet. Uberprufen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 2b9c    Startzeit: 01cd406763bff551    Endzeit: 35    Anwendungspfad:
 C:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 02.06.2012 07:19:15 | Computer Name = Brongaa | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgefuhrt werden und wurde beendet. Uberprufen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 6020    Startzeit: 01cd406df899ee44    Endzeit: 184    Anwendungspfad:
 C:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 02.06.2012 10:32:03 | Computer Name = Brongaa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cmd.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce78e2b  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000cea18  ID des fehlerhaften
 Prozesses: 0x5848  Startzeit der fehlerhaften Anwendung: 0x01cd40cc7699be54  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\cmd.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: b7d2c13a-acbf-11e1-bc9a-e89a8f8efd81
 
Error - 02.06.2012 15:32:58 | Computer Name = Brongaa | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgefuhrt werden und wurde beendet. Uberprufen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 3fd0    Startzeit: 01cd4040df8b96a2    Endzeit: 1986    Anwendungspfad:
 C:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 02.06.2012 16:25:08 | Computer Name = Brongaa | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.06.2012 06:09:22 | Computer Name = Brongaa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: pglclock.exe, Version: 0.0.0.0, Zeitstempel:
 0x4c745d5f  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000533dd  ID des fehlerhaften
 Prozesses: 0x20f0  Startzeit der fehlerhaften Anwendung: 0x01cd4170f1ea2352  Pfad der
 fehlerhaften Anwendung: C:\Program Files\proeWildfire 5.0\x86e_win64\obj\pglclock.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 305ccfe1-ad64-11e1-afde-e89a8f8efd81
 
Error - 03.06.2012 06:11:38 | Computer Name = Brongaa | Source = Application Hang | ID = 1002
Description = Programm xtop.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgefuhrt
 werden und wurde beendet. Uberprufen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1734    Startzeit:
 01cd4170db3daaf4    Endzeit: 85    Anwendungspfad: C:\Program Files\proeWildfire 5.0\x86e_win64\obj\xtop.exe

Berichts-ID:
 7c0a7a8f-ad64-11e1-afde-e89a8f8efd81  
 
Error - 03.06.2012 10:15:33 | Computer Name = Brongaa | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.06.2012 18:00:29 | Computer Name = Brongaa | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.06.2012 18:05:39 | Computer Name = Brongaa | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 12.0.0.4493 kann nicht mehr unter Windows
 ausgefuhrt werden und wurde beendet. Uberprufen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: c20    Startzeit: 
01cd41d4be2b025b    Endzeit: 34    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
   
 
Error - 03.06.2012 18:11:45 | Computer Name = Brongaa | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgefuhrt werden und wurde beendet. Uberprufen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 40c    Startzeit: 01cd41d4470bacde    Endzeit: 44    Anwendungspfad: 
C:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID: 15c98220-adc9-11e1-9231-e89a8f8efd81

 
[ System Events ]
Error - 30.06.2012 18:29:29 | Computer Name = Brongaa | Source = bowser | ID = 8003
Description = 
 
Error - 30.06.2012 18:56:15 | Computer Name = Brongaa | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst
 abhangig: MfeFire. Dieser Dienst ist eventuell nicht installiert.
 
Error - 30.06.2012 18:56:15 | Computer Name = Brongaa | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Anti-Spam Service" ist von folgendem Dienst abhangig:
 MfeFire. Dieser Dienst ist eventuell nicht installiert.
 
Error - 30.06.2012 18:57:15 | Computer Name = Brongaa | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.
 
Error - 30.06.2012 18:57:15 | Computer Name = Brongaa | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0"
 wurde aufgrund folgenden Fehlers nicht gestartet:   %%1053
 
Error - 30.06.2012 18:59:36 | Computer Name = Brongaa | Source = bowser | ID = 8003
Description = 
 
Error - 30.06.2012 19:03:11 | Computer Name = Brongaa | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
Error - 30.06.2012 20:44:42 | Computer Name = Brongaa | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst
 abhangig: MfeFire. Dieser Dienst ist eventuell nicht installiert.
 
Error - 30.06.2012 20:44:42 | Computer Name = Brongaa | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Anti-Spam Service" ist von folgendem Dienst abhangig:
 MfeFire. Dieser Dienst ist eventuell nicht installiert.
 
Error - 30.06.2012 20:47:46 | Computer Name = Brongaa | Source = bowser | ID = 8003
Description = 
 
 
< End of report >
         
und der Full Scan Report von MBAM

Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.29.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Melfice :: BRONGAA [administrator]

01.07.2012 00:57:56
mbam-log-2012-07-01 (02-40-56).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 568456
Time elapsed: 1 hour(s), 42 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Melfice\LOCALS~1\Temp\msvyhbka.scr -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Die eigentlich geforderten dds.txt und attach.txt konnte ich jedoch nirgendwo finden.

Danke vorab für Hilfe.

Alt 01.07.2012, 11:54   #2
markusg
/// Malware-holic
 
Ransom Trojan wird nicht durch Malwarebytes gelöscht - Standard

Ransom Trojan wird nicht durch Malwarebytes gelöscht



hi
wer illegale oder halb legale streams guckt, muss sich über malware nicht wundern, zumal deinem system einige updates fehlen, gefundenes fressen für solche leute, die angeblich kostenloses zeug zum angucken anbieten, aber umsonst ist nun mal nichts, was normalerweise geld kostet.
schaun wir mal

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
F3:64bit: - HKCU WinNT: Load - (C:\Users\Melfice\LOCALS~1\Temp\msvyhbka.scr) -  File not found
F3 - HKCU WinNT: Load - (C:\Users\Melfice\LOCALS~1\Temp\msvyhbka.scr) -  File not found
 :Files
:Commands
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
__________________

__________________

Alt 01.07.2012, 13:35   #3
MelficeOne
 
Ransom Trojan wird nicht durch Malwarebytes gelöscht - Standard

Ransom Trojan wird nicht durch Malwarebytes gelöscht



Naja, solange hier niemand die Rechte dran hat is das alles i-wie Grauzone... aber das isteine andere Geschchte.

Fix wie befohlen ausgeführt, Textdokument gibt aus
Code:
ATTFilter
========== OTL ==========
64bit-Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Melfice\LOCALS~1\Temp\msvyhbka.scr scheduled to be deleted on reboot.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Melfice\LOCALS~1\Temp\msvyhbka.scr deleted successfully.
========== COMMANDS ==========
 
OTL by OldTimer - Version 3.2.53.0 log created on 07012012_142755

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
64bit-Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Melfice\LOCALS~1\Temp\msvyhbka.scr deleted successfully.
         
(Zwischenstand: Videos sind immer noch schwarz)

Ich bedanke mich im Vornhinein für die Hilfe und entschuldige mich für entstandende unannehmlichkeiten
__________________

Alt 01.07.2012, 13:50   #4
markusg
/// Malware-holic
 
Ransom Trojan wird nicht durch Malwarebytes gelöscht - Standard

Ransom Trojan wird nicht durch Malwarebytes gelöscht



das ins netz stellen urheberrechtlich geschtützter werke ist strafbar.
das ansehen ist evtl. in einer grauzone, aber denkst du wirklich diese leute verdienen nicht mit euch, da gehts um hunderte millionen durch werbung + die malware die noch verteilt wird
hi
für eine weitere analyse benötige ich mal folgendes.
c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte

Trojaner-Board Upload Channel
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 01.07.2012, 14:07   #5
MelficeOne
 
Ransom Trojan wird nicht durch Malwarebytes gelöscht - Standard

Ransom Trojan wird nicht durch Malwarebytes gelöscht



okay, ist hochgeladen.
warte nun auf weitere Anweisungen


Alt 01.07.2012, 16:13   #6
markusg
/// Malware-holic
 
Ransom Trojan wird nicht durch Malwarebytes gelöscht - Standard

Ransom Trojan wird nicht durch Malwarebytes gelöscht



Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> Ransom Trojan wird nicht durch Malwarebytes gelöscht

Alt 01.07.2012, 16:28   #7
MelficeOne
 
Ransom Trojan wird nicht durch Malwarebytes gelöscht - Standard

Ransom Trojan wird nicht durch Malwarebytes gelöscht



der bösartige Registry wert in MBAM nicht mehr angezeigt (grade nockmal einen quick scan drüberlaufen lassen)

trotzdem Combofix ausführen?

Combofix sagt
Code:
ATTFilter
ComboFix 12-07-01.03 - Melfice 01.07.2012  17:49:58.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.932.81.1031.18.7655.5468 [GMT 2:00]
Running from: c:\users\Melfice\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\2wDbJkVL.exe_
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4346.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM450D.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM453D.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM45BC.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM45DD.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM45FF.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4610.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4631.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4A58.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4A79.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4A8B.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4AAC.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4BB7.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4BD9.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4BEA.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4C69.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4CE8.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4D28.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4E43.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4E64.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4F9E.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4FBF.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM500F.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM515A.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM51E8.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM52D4.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM5594.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM56CE.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM57BA.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM582A.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM5889.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM5A7E.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM5E86.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM5F05.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM6196.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM62C0.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM638D.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM6766.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM6842.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM693E.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM6BB0.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM6FB8.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM7150.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM72E8.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM7605.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM7636.tmp
c:\users\Melfice\AppData\Local\Temp\YTMP7MC8AA\TAA84C3.tmp
c:\users\Melfice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kitre0.exe.lnk
c:\windows\apppatch\AppLoc.exe
c:\windows\IsUn0407.exe
c:\windows\ƒ_ƒCƒo[ƒWƒFƒ“ƒXEƒ[ƒ^[ ƒXƒNƒŠ[ƒ“ƒZ[ƒo[.scr
D:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2012-06-01 to 2012-07-01  )))))))))))))))))))))))))))))))
.
.
2012-07-01 16:01 . 2012-07-01 16:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-01 16:01 . 2012-07-01 16:01	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2012-07-01 15:05 . 2012-06-28 12:52	25232	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-07-01 15:05 . 2012-06-28 12:52	355856	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-07-01 15:05 . 2012-06-28 12:52	54072	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-07-01 15:05 . 2012-06-28 12:52	59728	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-07-01 15:05 . 2012-06-28 12:52	958912	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-07-01 15:05 . 2012-06-28 12:52	71064	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-07-01 15:05 . 2012-06-28 12:51	285328	----a-w-	c:\windows\system32\aswBoot.exe
2012-07-01 15:04 . 2012-06-28 12:52	41224	----a-w-	c:\windows\avastSS.scr
2012-07-01 15:04 . 2012-06-28 12:51	227648	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-07-01 15:04 . 2012-07-01 15:04	--------	d-----w-	c:\programdata\AVAST Software
2012-07-01 15:04 . 2012-07-01 15:04	--------	d-----w-	c:\program files\AVAST Software
2012-07-01 12:27 . 2012-07-01 12:27	--------	d-----w-	C:\_OTL
2012-07-01 09:32 . 2012-07-01 09:32	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Media Player Classic
2012-06-30 22:39 . 2012-06-30 22:39	--------	d-----w-	c:\program files (x86)\Oracle
2012-06-30 22:20 . 2012-06-30 22:20	--------	d-----w-	c:\users\Melfice\AppData\Roaming\GRETECH
2012-06-30 22:18 . 2012-06-30 22:18	--------	d-----w-	c:\program files (x86)\GRETECH
2012-06-29 23:26 . 2012-06-29 23:29	--------	d-----w-	c:\users\Melfice\AppData\Local\ManyCam
2012-06-29 23:26 . 2012-06-29 23:26	--------	d-----w-	c:\programdata\ManyCam
2012-06-29 23:26 . 2012-06-29 23:29	--------	d-----w-	c:\users\Melfice\AppData\Roaming\ManyCam
2012-06-29 23:26 . 2012-06-29 23:26	--------	d-----w-	c:\program files (x86)\Ask.com
2012-06-29 23:26 . 2012-06-29 23:27	--------	d-----w-	c:\program files (x86)\ManyCam
2012-06-29 23:25 . 2012-06-29 23:25	--------	d-----w-	c:\programdata\Ask
2012-06-29 19:10 . 2012-07-01 09:32	--------	d-----w-	c:\program files (x86)\Combined Community Codec Pack
2012-06-29 08:01 . 2012-05-31 04:04	9013136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F4DBAC46-B623-4206-89E3-BEEE0BC7A80E}\mpengine.dll
2012-06-23 12:25 . 2012-06-23 12:25	--------	d-----w-	c:\users\Melfice\AppData\Local\Macromedia
2012-06-21 22:55 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-21 22:55 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-21 22:55 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-21 22:55 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-21 22:54 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-21 22:54 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-21 22:54 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-21 22:53 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-21 22:53 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-19 12:49 . 2012-06-19 12:49	69632	----a-w-	c:\users\Melfice\AppData\Roaming\Microsoft\Windows\mysql-mxj\c-mxj-utils\kill.exe
2012-06-19 12:27 . 2012-06-19 12:27	5750784	----a-w-	c:\users\Melfice\AppData\Roaming\Microsoft\Windows\mysql-mxj\bin\mysqld-nt.exe
2012-06-15 01:00 . 2012-05-18 01:56	304640	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2012-06-14 03:26 . 2012-04-26 05:41	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-14 03:26 . 2012-04-26 05:41	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-14 03:26 . 2012-04-26 05:34	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-06-14 03:26 . 2012-05-01 05:40	209920	----a-w-	c:\windows\system32\profsvc.dll
2012-06-12 17:35 . 2012-06-12 17:35	--------	d-----w-	c:\users\Melfice\AppData\Roaming\LoneSurvivor
2012-06-12 13:54 . 2012-06-12 13:54	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-06-12 13:53 . 2012-05-04 17:29	772504	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-06-12 13:52 . 2012-06-12 13:53	--------	d-----w-	c:\users\Melfice\AppData\Roaming\Braid
2012-06-10 21:57 . 2012-06-10 21:57	--------	d-----w-	c:\windows\de
2012-06-10 21:55 . 2012-06-10 21:55	--------	d-----w-	c:\windows\fr
2012-06-10 21:55 . 2012-06-10 21:55	--------	d-----w-	c:\windows\en
2012-06-10 21:55 . 2012-06-10 21:55	--------	d-----w-	c:\windows\it
2012-06-10 21:55 . 2012-06-10 21:55	--------	d-----w-	c:\windows\nl
2012-06-10 21:46 . 2012-06-10 21:46	15712	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\7812e4371cd475202\MeshBetaRemover.exe
2012-06-10 21:46 . 2012-06-10 21:46	89944	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\77ba62ab1cd475201\DSETUP.dll
2012-06-10 21:46 . 2012-06-10 21:46	537432	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\77ba62ab1cd475201\DXSETUP.exe
2012-06-10 21:46 . 2012-06-10 21:46	1801048	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\77ba62ab1cd475201\dsetup32.dll
2012-06-05 17:23 . 2012-06-05 17:23	--------	d-----w-	c:\users\Melfice\AppData\Roaming\InstallShield Installation Information
2012-06-05 17:23 . 2008-07-12 06:18	540688	----a-w-	c:\windows\system32\d3dx10_39.dll
2012-06-05 17:23 . 2008-07-12 06:18	1942552	----a-w-	c:\windows\system32\D3DCompiler_39.dll
2012-06-05 17:23 . 2008-07-12 06:18	4992520	----a-w-	c:\windows\system32\D3DX9_39.dll
2012-06-04 16:53 . 2012-06-04 16:53	--------	d-sh--w-	c:\windows\SysWow64\AI_RecycleBin
2012-06-04 16:53 . 2012-06-04 18:04	--------	d-----w-	c:\users\Melfice\AppData\Local\Procaster
2012-06-04 16:53 . 2012-06-04 16:53	--------	d-----w-	c:\program files (x86)\Livestream Procaster
2012-06-02 20:28 . 2012-06-02 20:28	--------	d-----w-	c:\users\Melfice\AppData\Roaming\LolClient2
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-27 22:11 . 2012-03-29 06:34	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-27 22:11 . 2011-09-26 18:39	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 17:29 . 2011-06-14 08:01	687504	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-04-19 07:21 . 2012-04-19 07:21	130048	----a-w-	c:\programdata\2wDbJkVL.exe
2012-04-04 13:56 . 2012-02-12 13:11	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-06 19:33	1519304	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}]
2012-02-02 23:58	924488	----a-w-	c:\program files (x86)\PricePeep\pricepeep.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Melfice\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Melfice\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Melfice\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-26 3077528]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-06-05 6380440]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-02-22 6591800]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-01-02 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"ManyCam"="c:\program files (x86)\ManyCam\Bin\ManyCam.exe" [2012-06-06 2160536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-01-07 1406248]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-06 1564872]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-06-28 4273976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\Melfice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Melfice\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Rainmeter.lnk - c:\program files (x86)\Rainmeter\Rainmeter.exe [2006-1-21 118784]
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-6-14 1470848]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-01 136176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-02-21 131912]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-01 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-01 129976]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2010-11-30 307304]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-04-05 828336]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-29 270912]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-25 204288]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-06-28 71064]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2012-01-13 103440]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-04-07 294328]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S2 UCManSvc;UCManSvc;c:\program files (x86)\SoftDenchi\UCManSvc.exe [2010-03-12 241808]
S2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [2012-02-10 109064]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-05-25 9263104]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-05-25 300544]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-02-09 77424]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-08 38096]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2009-06-15 12800]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-04 1109096]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-01 13:58]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-01 13:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-06-28 12:51	133400	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Melfice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Melfice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Melfice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Melfice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2011-06-14 150992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.fakku.net/viewforum.php?f=105
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Zu TOSHIBA Bulletin Board hinzufugen - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Melfice\AppData\Roaming\Mozilla\Firefox\Profiles\g039wqu1.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
Toolbar-Locked - (no file)
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
AddRemove-Blip Blop - d:\program files (x86)\Blip Blop\uninstall.exe
AddRemove-Catapults - d:\program files (x86)\Catapults\uninstall.exe
AddRemove-Dark Omen - c:\windows\IsUn0407.exe
AddRemove-don't take it personally, babe, it just ain't your story - c:\program files (x86)\don't take it personally
AddRemove-Dr. Harrison 3.2D - d:\program files (x86)\XLM Software\Doc Harrison\SXUNINST.EXE
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe
AddRemove-Igneous_is1 - c:\program files (x86)\Igneous\unins000.exe
AddRemove-MinecraftCrack1.0 - c:\minecraftcrack\uninstall.exe
AddRemove-Sheep - c:\windows\IsUn0407.exe
AddRemove-Turok 2 - c:\windows\IsUn0407.exe
AddRemove-Castlevania - The Bloodletting V.1.3 BETA - c:\program files (x86)\Castlevania - The Bloodletting V.1.3 BETA\Uninstall.exe
AddRemove-Hornado_is1 - d:\hornado\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\À0¤0Ð0ü0¸0§0ó0¹0û0á0ü0¿0ü0 *¹0¯0ê0ü0ó0»0ü0Ð0ü0]
"UninstallString"="c:\\Windows\\ƒ_ƒCƒo[ƒWƒFƒ“ƒXEƒ[ƒ^[ ƒXƒNƒŠ[ƒ“ƒZ[ƒo[Uninst.exe"
"DisplayName"="ƒ_ƒCƒo[ƒWƒFƒ“ƒXEƒ[ƒ^[ ƒXƒNƒŠ[ƒ“ƒZ[ƒo["
"DisplayIcon"="c:\\Windows\\ƒ_ƒCƒo[ƒWƒFƒ“ƒXEƒ[ƒ^[ ƒXƒNƒŠ[ƒ“ƒZ[ƒo[Uninst.exe,0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
.
**************************************************************************
.
Completion time: 2012-07-01  18:13:11 - machine was rebooted
ComboFix-quarantined-files.txt  2012-07-01 16:13
.
Pre-Run: 21 Verzeichnis(se), 15.793.565.696 Bytes frei
Post-Run: 23 Verzeichnis(se), 18.569.375.744 Bytes frei
.
- - End Of File - - BBC484703CBFF40B0DBB9AE274CF1248
         

Alt 02.07.2012, 13:24   #8
markusg
/// Malware-holic
 
Ransom Trojan wird nicht durch Malwarebytes gelöscht - Standard

Ransom Trojan wird nicht durch Malwarebytes gelöscht



hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.07.2012, 15:31   #9
MelficeOne
 
Ransom Trojan wird nicht durch Malwarebytes gelöscht - Standard

Ransom Trojan wird nicht durch Malwarebytes gelöscht



TDSS Killer sagt:
Code:
ATTFilter
16:28:26.0712 15592	TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
16:28:26.0960 15592	============================================================
16:28:26.0960 15592	Current date / time: 2012/07/02 16:28:26.0960
16:28:26.0960 15592	SystemInfo:
16:28:26.0960 15592	
16:28:26.0960 15592	OS Version: 6.1.7601 ServicePack: 1.0
16:28:26.0960 15592	Product type: Workstation
16:28:26.0960 15592	ComputerName: BRONGAA
16:28:26.0960 15592	UserName: Melfice
16:28:26.0960 15592	Windows directory: C:\Windows
16:28:26.0960 15592	System windows directory: C:\Windows
16:28:26.0960 15592	Running under WOW64
16:28:26.0960 15592	Processor architecture: Intel x64
16:28:26.0960 15592	Number of processors: 2
16:28:26.0960 15592	Page size: 0x1000
16:28:26.0960 15592	Boot type: Normal boot
16:28:26.0960 15592	============================================================
16:28:28.0452 15592	Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:28:28.0520 15592	============================================================
16:28:28.0520 15592	\Device\Harddisk0\DR0:
16:28:28.0529 15592	MBR partitions:
16:28:28.0529 15592	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC8000, BlocksNum 0x25369000
16:28:28.0529 15592	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x25431000, BlocksNum 0x25427000
16:28:28.0529 15592	============================================================
16:28:28.0570 15592	C: <-> \Device\Harddisk0\DR0\Partition0
16:28:28.0630 15592	D: <-> \Device\Harddisk0\DR0\Partition1
16:28:28.0630 15592	============================================================
16:28:28.0630 15592	Initialize success
16:28:28.0630 15592	============================================================
16:28:56.0928 3256	============================================================
16:28:56.0928 3256	Scan started
16:28:56.0928 3256	Mode: Manual; SigCheck; TDLFS; 
16:28:56.0928 3256	============================================================
16:29:00.0095 3256	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:29:00.0203 3256	1394ohci - ok
16:29:00.0249 3256	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:29:00.0270 3256	ACPI - ok
16:29:00.0308 3256	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:29:00.0341 3256	AcpiPmi - ok
16:29:00.0439 3256	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
16:29:00.0470 3256	adp94xx - ok
16:29:00.0513 3256	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
16:29:00.0540 3256	adpahci - ok
16:29:00.0583 3256	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
16:29:00.0601 3256	adpu320 - ok
16:29:00.0627 3256	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:29:00.0690 3256	AeLookupSvc - ok
16:29:00.0767 3256	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:29:00.0812 3256	AFD - ok
16:29:00.0854 3256	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:29:00.0872 3256	agp440 - ok
16:29:00.0903 3256	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:29:00.0946 3256	ALG - ok
16:29:00.0959 3256	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:29:00.0974 3256	aliide - ok
16:29:01.0040 3256	AMD External Events Utility (833d43cfbac21365d36cf797377457d9) C:\Windows\system32\atiesrxx.exe
16:29:01.0098 3256	AMD External Events Utility - ok
16:29:01.0120 3256	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:29:01.0135 3256	amdide - ok
16:29:01.0169 3256	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
16:29:01.0209 3256	AmdK8 - ok
16:29:01.0733 3256	amdkmdag        (fad670b417adccd9c99bc3aa3d754958) C:\Windows\system32\DRIVERS\atikmdag.sys
16:29:02.0039 3256	amdkmdag - ok
16:29:02.0201 3256	amdkmdap        (f0b63dead17f760dbc85ccd7bf978c05) C:\Windows\system32\DRIVERS\atikmpag.sys
16:29:02.0251 3256	amdkmdap - ok
16:29:02.0298 3256	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:29:02.0339 3256	AmdPPM - ok
16:29:02.0373 3256	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:29:02.0399 3256	amdsata - ok
16:29:02.0422 3256	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
16:29:02.0440 3256	amdsbs - ok
16:29:02.0444 3256	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:29:02.0458 3256	amdxata - ok
16:29:02.0490 3256	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:29:02.0567 3256	AppID - ok
16:29:02.0607 3256	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:29:02.0691 3256	AppIDSvc - ok
16:29:02.0720 3256	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:29:02.0781 3256	Appinfo - ok
16:29:02.0861 3256	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
16:29:02.0892 3256	arc - ok
16:29:02.0902 3256	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
16:29:02.0920 3256	arcsas - ok
16:29:03.0009 3256	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:29:03.0032 3256	aspnet_state - ok
16:29:03.0080 3256	aswFsBlk        (5d0fcd12a43e92409eb2ac88c6cf7d48) C:\Windows\system32\drivers\aswFsBlk.sys
16:29:03.0102 3256	aswFsBlk - ok
16:29:03.0170 3256	aswMonFlt       (d51d963c2357b02a862f99bc0802aabb) C:\Windows\system32\drivers\aswMonFlt.sys
16:29:03.0194 3256	aswMonFlt - ok
16:29:03.0220 3256	aswRdr          (f2a846c15ea4e35d0a8e53891abdf528) C:\Windows\System32\Drivers\aswrdr2.sys
16:29:03.0234 3256	aswRdr - ok
16:29:03.0316 3256	aswSnx          (87542057e699eed8d1a545c75cef4547) C:\Windows\system32\drivers\aswSnx.sys
16:29:03.0351 3256	aswSnx - ok
16:29:03.0406 3256	aswSP           (58143f82d886e10bafe33dc57eee53f9) C:\Windows\system32\drivers\aswSP.sys
16:29:03.0427 3256	aswSP - ok
16:29:03.0468 3256	aswTdi          (c944767bd5e69bf3f49a6562abd4eaea) C:\Windows\system32\drivers\aswTdi.sys
16:29:03.0484 3256	aswTdi - ok
16:29:03.0539 3256	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:29:03.0611 3256	AsyncMac - ok
16:29:03.0631 3256	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:29:03.0645 3256	atapi - ok
16:29:03.0718 3256	AtiHDAudioService (e02b26650acc2f4901342d4a66774ad7) C:\Windows\system32\drivers\AtihdW76.sys
16:29:03.0748 3256	AtiHDAudioService - ok
16:29:03.0820 3256	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:29:03.0902 3256	AudioEndpointBuilder - ok
16:29:03.0911 3256	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:29:03.0958 3256	AudioSrv - ok
16:29:04.0085 3256	avast! Antivirus (b31f785751157aa8e2a33ea1cb4dc5be) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:29:04.0111 3256	avast! Antivirus - ok
16:29:04.0169 3256	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:29:04.0231 3256	AxInstSV - ok
16:29:04.0283 3256	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
16:29:04.0325 3256	b06bdrv - ok
16:29:04.0370 3256	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:29:04.0425 3256	b57nd60a - ok
16:29:04.0520 3256	BBSvc           (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
16:29:04.0546 3256	BBSvc - ok
16:29:04.0568 3256	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:29:04.0599 3256	BDESVC - ok
16:29:04.0640 3256	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:29:04.0683 3256	Beep - ok
16:29:04.0757 3256	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:29:04.0842 3256	BFE - ok
16:29:04.0913 3256	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
16:29:05.0054 3256	BITS - ok
16:29:05.0224 3256	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
16:29:05.0282 3256	blbdrive - ok
16:29:05.0305 3256	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:29:05.0341 3256	bowser - ok
16:29:05.0367 3256	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
16:29:05.0411 3256	BrFiltLo - ok
16:29:05.0433 3256	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
16:29:05.0452 3256	BrFiltUp - ok
16:29:05.0529 3256	BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:29:05.0602 3256	BridgeMP - ok
16:29:05.0645 3256	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:29:05.0737 3256	Browser - ok
16:29:05.0779 3256	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:29:05.0828 3256	Brserid - ok
16:29:05.0835 3256	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:29:05.0864 3256	BrSerWdm - ok
16:29:05.0869 3256	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:29:05.0891 3256	BrUsbMdm - ok
16:29:05.0895 3256	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:29:05.0922 3256	BrUsbSer - ok
16:29:05.0946 3256	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
16:29:05.0987 3256	BTHMODEM - ok
16:29:06.0022 3256	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:29:06.0084 3256	bthserv - ok
16:29:06.0113 3256	catchme - ok
16:29:06.0164 3256	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:29:06.0248 3256	cdfs - ok
16:29:06.0296 3256	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:29:06.0315 3256	cdrom - ok
16:29:06.0367 3256	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:29:06.0468 3256	CertPropSvc - ok
16:29:06.0589 3256	cfWiMAXService  (41e7c4fa6491747402cfca77cc1c7aab) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
16:29:06.0617 3256	cfWiMAXService - ok
16:29:06.0670 3256	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
16:29:06.0730 3256	circlass - ok
16:29:06.0781 3256	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:29:06.0813 3256	CLFS - ok
16:29:06.0868 3256	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:29:06.0897 3256	clr_optimization_v2.0.50727_32 - ok
16:29:06.0946 3256	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:29:06.0960 3256	clr_optimization_v2.0.50727_64 - ok
16:29:07.0061 3256	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:29:07.0086 3256	clr_optimization_v4.0.30319_32 - ok
16:29:07.0137 3256	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:29:07.0176 3256	clr_optimization_v4.0.30319_64 - ok
16:29:07.0206 3256	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
16:29:07.0252 3256	CmBatt - ok
16:29:07.0295 3256	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:29:07.0314 3256	cmdide - ok
16:29:07.0364 3256	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:29:07.0395 3256	CNG - ok
16:29:07.0517 3256	CnxtHdAudService (66847c979893a11cfcc2280e772d7ea1) C:\Windows\system32\drivers\CHDRT64.sys
16:29:07.0557 3256	CnxtHdAudService - ok
16:29:07.0680 3256	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
16:29:07.0709 3256	Compbatt - ok
16:29:07.0730 3256	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:29:07.0768 3256	CompositeBus - ok
16:29:07.0783 3256	COMSysApp - ok
16:29:07.0874 3256	ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
16:29:07.0897 3256	ConfigFree Service - ok
16:29:07.0923 3256	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
16:29:07.0948 3256	crcdisk - ok
16:29:08.0019 3256	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
16:29:08.0051 3256	CryptSvc - ok
16:29:08.0123 3256	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:29:08.0203 3256	DcomLaunch - ok
16:29:08.0250 3256	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:29:08.0312 3256	defragsvc - ok
16:29:08.0406 3256	Desura Install Service (2b9a817dc1bdad9ce5495099b6a7136a) C:\Program Files (x86)\Common Files\Desura\desura_service.exe
16:29:08.0429 3256	Desura Install Service - ok
16:29:08.0461 3256	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:29:08.0503 3256	DfsC - ok
16:29:08.0566 3256	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:29:08.0635 3256	Dhcp - ok
16:29:08.0640 3256	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:29:08.0688 3256	discache - ok
16:29:08.0752 3256	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
16:29:08.0772 3256	Disk - ok
16:29:08.0806 3256	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:29:08.0845 3256	Dnscache - ok
16:29:08.0869 3256	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:29:08.0927 3256	dot3svc - ok
16:29:08.0954 3256	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:29:08.0999 3256	DPS - ok
16:29:09.0042 3256	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:29:09.0074 3256	drmkaud - ok
16:29:09.0127 3256	dtsoftbus01     (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:29:09.0145 3256	dtsoftbus01 - ok
16:29:09.0227 3256	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:29:09.0261 3256	DXGKrnl - ok
16:29:09.0303 3256	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:29:09.0388 3256	EapHost - ok
16:29:09.0568 3256	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
16:29:09.0636 3256	ebdrv - ok
16:29:09.0719 3256	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:29:09.0768 3256	EFS - ok
16:29:09.0835 3256	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:29:09.0877 3256	ehRecvr - ok
16:29:09.0912 3256	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:29:09.0943 3256	ehSched - ok
16:29:10.0035 3256	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
16:29:10.0071 3256	elxstor - ok
16:29:10.0077 3256	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:29:10.0092 3256	ErrDev - ok
16:29:10.0153 3256	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:29:10.0201 3256	EventSystem - ok
16:29:10.0235 3256	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:29:10.0299 3256	exfat - ok
16:29:10.0327 3256	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:29:10.0396 3256	fastfat - ok
16:29:10.0468 3256	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:29:10.0531 3256	Fax - ok
16:29:10.0571 3256	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
16:29:10.0611 3256	fdc - ok
16:29:10.0639 3256	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:29:10.0683 3256	fdPHost - ok
16:29:10.0704 3256	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:29:10.0763 3256	FDResPub - ok
16:29:10.0787 3256	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:29:10.0802 3256	FileInfo - ok
16:29:10.0813 3256	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:29:10.0872 3256	Filetrace - ok
16:29:10.0896 3256	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
16:29:10.0912 3256	flpydisk - ok
16:29:10.0942 3256	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:29:10.0963 3256	FltMgr - ok
16:29:11.0037 3256	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:29:11.0077 3256	FontCache - ok
16:29:11.0131 3256	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:29:11.0157 3256	FontCache3.0.0.0 - ok
16:29:11.0202 3256	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:29:11.0219 3256	FsDepends - ok
16:29:11.0256 3256	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:29:11.0271 3256	Fs_Rec - ok
16:29:11.0316 3256	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:29:11.0341 3256	fvevol - ok
16:29:11.0376 3256	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
16:29:11.0392 3256	gagp30kx - ok
16:29:11.0495 3256	GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
16:29:11.0521 3256	GamesAppService - ok
16:29:11.0574 3256	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:29:11.0637 3256	gpsvc - ok
16:29:11.0725 3256	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:29:11.0747 3256	gupdate - ok
16:29:11.0753 3256	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:29:11.0767 3256	gupdatem - ok
16:29:11.0792 3256	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:29:11.0827 3256	hcw85cir - ok
16:29:11.0857 3256	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:29:11.0896 3256	HdAudAddService - ok
16:29:11.0939 3256	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:29:11.0984 3256	HDAudBus - ok
16:29:12.0004 3256	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
16:29:12.0032 3256	HidBatt - ok
16:29:12.0054 3256	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
16:29:12.0095 3256	HidBth - ok
16:29:12.0100 3256	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
16:29:12.0119 3256	HidIr - ok
16:29:12.0147 3256	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
16:29:12.0225 3256	hidserv - ok
16:29:12.0278 3256	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:29:12.0310 3256	HidUsb - ok
16:29:12.0337 3256	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:29:12.0415 3256	hkmsvc - ok
16:29:12.0442 3256	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:29:12.0493 3256	HomeGroupListener - ok
16:29:12.0527 3256	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:29:12.0561 3256	HomeGroupProvider - ok
16:29:12.0607 3256	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:29:12.0634 3256	HpSAMD - ok
16:29:12.0698 3256	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:29:12.0774 3256	HTTP - ok
16:29:12.0779 3256	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:29:12.0793 3256	hwpolicy - ok
16:29:12.0820 3256	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:29:12.0837 3256	i8042prt - ok
16:29:12.0909 3256	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:29:12.0940 3256	iaStorV - ok
16:29:13.0054 3256	IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:29:13.0081 3256	IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:29:13.0081 3256	IDriverT - detected UnsignedFile.Multi.Generic (1)
16:29:13.0190 3256	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:29:13.0226 3256	idsvc - ok
16:29:13.0343 3256	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
16:29:13.0365 3256	iirsp - ok
16:29:13.0431 3256	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:29:13.0503 3256	IKEEXT - ok
16:29:13.0511 3256	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:29:13.0526 3256	intelide - ok
16:29:13.0546 3256	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
16:29:13.0576 3256	intelppm - ok
16:29:13.0599 3256	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:29:13.0665 3256	IPBusEnum - ok
16:29:13.0691 3256	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:29:13.0749 3256	IpFilterDriver - ok
16:29:13.0809 3256	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:29:13.0876 3256	iphlpsvc - ok
16:29:13.0904 3256	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:29:13.0935 3256	IPMIDRV - ok
16:29:13.0942 3256	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:29:13.0991 3256	IPNAT - ok
16:29:14.0020 3256	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:29:14.0041 3256	IRENUM - ok
16:29:14.0045 3256	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:29:14.0060 3256	isapnp - ok
16:29:14.0083 3256	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:29:14.0103 3256	iScsiPrt - ok
16:29:14.0131 3256	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:29:14.0145 3256	kbdclass - ok
16:29:14.0185 3256	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:29:14.0240 3256	kbdhid - ok
16:29:14.0276 3256	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:29:14.0309 3256	KeyIso - ok
16:29:14.0324 3256	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:29:14.0340 3256	KSecDD - ok
16:29:14.0358 3256	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:29:14.0374 3256	KSecPkg - ok
16:29:14.0393 3256	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:29:14.0457 3256	ksthunk - ok
16:29:14.0511 3256	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:29:14.0590 3256	KtmRm - ok
16:29:14.0641 3256	L1C             (045fb70bc993b691517ce309045ff02d) C:\Windows\system32\DRIVERS\L1C62x64.sys
16:29:14.0668 3256	L1C - ok
16:29:14.0731 3256	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
16:29:14.0805 3256	LanmanServer - ok
16:29:14.0835 3256	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:29:14.0894 3256	LanmanWorkstation - ok
16:29:14.0939 3256	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:29:14.0981 3256	lltdio - ok
16:29:15.0010 3256	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:29:15.0074 3256	lltdsvc - ok
16:29:15.0097 3256	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:29:15.0160 3256	lmhosts - ok
16:29:15.0209 3256	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
16:29:15.0225 3256	LSI_FC - ok
16:29:15.0511 3256	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
16:29:15.0569 3256	LSI_SAS - ok
16:29:15.0594 3256	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
16:29:15.0609 3256	LSI_SAS2 - ok
16:29:15.0639 3256	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
16:29:15.0655 3256	LSI_SCSI - ok
16:29:15.0675 3256	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:29:15.0736 3256	luafv - ok
16:29:15.0806 3256	ManyCam         (922cbac7b992b9614cab7122f4bf9406) C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
16:29:15.0852 3256	ManyCam - ok
16:29:15.0946 3256	McAfee SiteAdvisor Service (be8c524313db75fa26fb2b0c0aaff88e) c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
16:29:15.0975 3256	McAfee SiteAdvisor Service - ok
16:29:16.0014 3256	mcaudrv_simple  (34a42dd7cf525d0d2c5232916496e4b8) C:\Windows\system32\drivers\mcaudrv_x64.sys
16:29:16.0028 3256	mcaudrv_simple - ok
16:29:16.0066 3256	McMPFSvc - ok
16:29:16.0095 3256	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:29:16.0115 3256	Mcx2Svc - ok
16:29:16.0142 3256	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
16:29:16.0158 3256	megasas - ok
16:29:16.0173 3256	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
16:29:16.0193 3256	MegaSR - ok
16:29:16.0227 3256	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:29:16.0287 3256	MMCSS - ok
16:29:16.0292 3256	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:29:16.0352 3256	Modem - ok
16:29:16.0399 3256	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:29:16.0437 3256	monitor - ok
16:29:16.0476 3256	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:29:16.0492 3256	mouclass - ok
16:29:16.0508 3256	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:29:16.0549 3256	mouhid - ok
16:29:16.0588 3256	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:29:16.0605 3256	mountmgr - ok
16:29:16.0682 3256	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:29:16.0710 3256	MozillaMaintenance - ok
16:29:16.0732 3256	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:29:16.0749 3256	mpio - ok
16:29:16.0777 3256	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:29:16.0819 3256	mpsdrv - ok
16:29:16.0883 3256	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:29:16.0964 3256	MpsSvc - ok
16:29:16.0990 3256	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:29:17.0032 3256	MRxDAV - ok
16:29:17.0071 3256	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:29:17.0090 3256	mrxsmb - ok
16:29:17.0112 3256	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:29:17.0132 3256	mrxsmb10 - ok
16:29:17.0151 3256	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:29:17.0183 3256	mrxsmb20 - ok
16:29:17.0221 3256	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\DRIVERS\msahci.sys
16:29:17.0249 3256	msahci - ok
16:29:17.0272 3256	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:29:17.0291 3256	msdsm - ok
16:29:17.0322 3256	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:29:17.0361 3256	MSDTC - ok
16:29:17.0380 3256	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:29:17.0442 3256	Msfs - ok
16:29:17.0476 3256	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:29:17.0542 3256	mshidkmdf - ok
16:29:17.0565 3256	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:29:17.0580 3256	msisadrv - ok
16:29:17.0642 3256	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:29:17.0701 3256	MSiSCSI - ok
16:29:17.0705 3256	msiserver - ok
16:29:17.0777 3256	MSK80Service - ok
16:29:17.0844 3256	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:29:17.0902 3256	MSKSSRV - ok
16:29:17.0906 3256	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:29:17.0967 3256	MSPCLOCK - ok
16:29:17.0972 3256	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:29:18.0025 3256	MSPQM - ok
16:29:18.0057 3256	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:29:18.0085 3256	MsRPC - ok
16:29:18.0094 3256	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:29:18.0109 3256	mssmbios - ok
16:29:18.0123 3256	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:29:18.0182 3256	MSTEE - ok
16:29:18.0187 3256	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
16:29:18.0216 3256	MTConfig - ok
16:29:18.0241 3256	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:29:18.0256 3256	Mup - ok
16:29:18.0293 3256	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:29:18.0367 3256	napagent - ok
16:29:18.0427 3256	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:29:18.0471 3256	NativeWifiP - ok
16:29:18.0593 3256	NAUpdate        (1bbbf640bc0e0b750537baece8d66c18) c:\Program Files (x86)\Nero\Update\NASvc.exe
16:29:18.0620 3256	NAUpdate - ok
16:29:18.0709 3256	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:29:18.0746 3256	NDIS - ok
16:29:18.0785 3256	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:29:18.0844 3256	NdisCap - ok
16:29:18.0872 3256	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:29:18.0914 3256	NdisTapi - ok
16:29:18.0932 3256	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:29:18.0974 3256	Ndisuio - ok
16:29:19.0000 3256	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:29:19.0057 3256	NdisWan - ok
16:29:19.0063 3256	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:29:19.0107 3256	NDProxy - ok
16:29:19.0118 3256	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:29:19.0174 3256	NetBIOS - ok
16:29:19.0202 3256	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:29:19.0272 3256	NetBT - ok
16:29:19.0309 3256	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:29:19.0327 3256	Netlogon - ok
16:29:19.0388 3256	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:29:19.0453 3256	Netman - ok
16:29:19.0553 3256	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:29:19.0593 3256	NetMsmqActivator - ok
16:29:19.0609 3256	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:29:19.0625 3256	NetPipeActivator - ok
16:29:19.0675 3256	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:29:19.0755 3256	netprofm - ok
16:29:19.0760 3256	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:29:19.0775 3256	NetTcpActivator - ok
16:29:19.0780 3256	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:29:19.0794 3256	NetTcpPortSharing - ok
16:29:19.0858 3256	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
16:29:19.0881 3256	nfrd960 - ok
16:29:19.0952 3256	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:29:20.0008 3256	NlaSvc - ok
16:29:20.0024 3256	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:29:20.0066 3256	Npfs - ok
16:29:20.0079 3256	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:29:20.0140 3256	nsi - ok
16:29:20.0145 3256	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:29:20.0194 3256	nsiproxy - ok
16:29:20.0301 3256	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:29:20.0351 3256	Ntfs - ok
16:29:20.0441 3256	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:29:20.0530 3256	Null - ok
16:29:20.0847 3256	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:29:20.0880 3256	nvraid - ok
16:29:20.0891 3256	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:29:20.0908 3256	nvstor - ok
16:29:20.0943 3256	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:29:20.0960 3256	nv_agp - ok
16:29:20.0966 3256	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:29:21.0002 3256	ohci1394 - ok
16:29:21.0050 3256	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:29:21.0074 3256	p2pimsvc - ok
16:29:21.0102 3256	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:29:21.0125 3256	p2psvc - ok
16:29:21.0143 3256	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
16:29:21.0173 3256	Parport - ok
16:29:21.0202 3256	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:29:21.0218 3256	partmgr - ok
16:29:21.0240 3256	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:29:21.0288 3256	PcaSvc - ok
16:29:21.0318 3256	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:29:21.0338 3256	pci - ok
16:29:21.0358 3256	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
16:29:21.0375 3256	pciide - ok
16:29:21.0405 3256	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
16:29:21.0426 3256	pcmcia - ok
16:29:21.0432 3256	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:29:21.0449 3256	pcw - ok
16:29:21.0500 3256	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:29:21.0575 3256	PEAUTH - ok
16:29:21.0676 3256	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:29:21.0719 3256	PerfHost - ok
16:29:21.0832 3256	PGEffect        (91111cebbde8015e822c46120ed9537c) C:\Windows\system32\DRIVERS\pgeffect.sys
16:29:21.0852 3256	PGEffect - ok
16:29:21.0930 3256	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:29:21.0996 3256	pla - ok
16:29:22.0055 3256	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:29:22.0105 3256	PlugPlay - ok
16:29:22.0137 3256	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:29:22.0174 3256	PNRPAutoReg - ok
16:29:22.0191 3256	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:29:22.0213 3256	PNRPsvc - ok
16:29:22.0264 3256	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:29:22.0338 3256	PolicyAgent - ok
16:29:22.0382 3256	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:29:22.0462 3256	Power - ok
16:29:22.0522 3256	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:29:22.0599 3256	PptpMiniport - ok
16:29:22.0619 3256	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
16:29:22.0658 3256	Processor - ok
16:29:22.0716 3256	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
16:29:22.0757 3256	ProfSvc - ok
16:29:22.0788 3256	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:29:22.0804 3256	ProtectedStorage - ok
16:29:22.0871 3256	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:29:22.0961 3256	Psched - ok
16:29:23.0014 3256	QIOMem          (c8fcb4899f8b70cc34e0d9876a80963c) C:\Windows\system32\drivers\QIOMem.sys
16:29:23.0057 3256	QIOMem - ok
16:29:23.0150 3256	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
16:29:23.0198 3256	ql2300 - ok
16:29:23.0279 3256	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
16:29:23.0308 3256	ql40xx - ok
16:29:23.0342 3256	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:29:23.0369 3256	QWAVE - ok
16:29:23.0382 3256	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:29:23.0427 3256	QWAVEdrv - ok
16:29:23.0451 3256	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:29:23.0504 3256	RasAcd - ok
16:29:23.0543 3256	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:29:23.0607 3256	RasAgileVpn - ok
16:29:23.0638 3256	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:29:23.0697 3256	RasAuto - ok
16:29:23.0719 3256	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:29:23.0780 3256	Rasl2tp - ok
16:29:23.0811 3256	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:29:23.0884 3256	RasMan - ok
16:29:23.0930 3256	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:29:23.0997 3256	RasPppoe - ok
16:29:24.0004 3256	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:29:24.0053 3256	RasSstp - ok
16:29:24.0068 3256	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:29:24.0115 3256	rdbss - ok
16:29:24.0136 3256	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
16:29:24.0172 3256	rdpbus - ok
16:29:24.0196 3256	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:29:24.0236 3256	RDPCDD - ok
16:29:24.0274 3256	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:29:24.0315 3256	RDPENCDD - ok
16:29:24.0327 3256	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:29:24.0383 3256	RDPREFMP - ok
16:29:24.0430 3256	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
16:29:24.0473 3256	RDPWD - ok
16:29:24.0534 3256	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:29:24.0566 3256	rdyboost - ok
16:29:24.0600 3256	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:29:24.0671 3256	RemoteAccess - ok
16:29:24.0711 3256	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:29:24.0774 3256	RemoteRegistry - ok
16:29:24.0808 3256	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:29:24.0854 3256	RpcEptMapper - ok
16:29:24.0878 3256	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:29:24.0896 3256	RpcLocator - ok
16:29:24.0946 3256	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:29:24.0995 3256	RpcSs - ok
16:29:25.0052 3256	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:29:25.0108 3256	rspndr - ok
16:29:25.0171 3256	RSUSBSTOR       (135a64530d7699ad48f29d73a658dd11) C:\Windows\system32\Drivers\RtsUStor.sys
16:29:25.0190 3256	RSUSBSTOR - ok
16:29:25.0248 3256	RSUSBVSTOR      (e54a5586a28d0630a79a68bbab84bfcf) C:\Windows\system32\Drivers\RTSUVSTOR.sys
16:29:25.0268 3256	RSUSBVSTOR - ok
16:29:25.0346 3256	RTL8192Ce       (64fdf4fe366ca42da2b7d9d424b6e39b) C:\Windows\system32\DRIVERS\rtl8192Ce.sys
16:29:25.0380 3256	RTL8192Ce - ok
16:29:25.0410 3256	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:29:25.0426 3256	SamSs - ok
16:29:25.0451 3256	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:29:25.0468 3256	sbp2port - ok
16:29:25.0499 3256	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:29:25.0564 3256	SCardSvr - ok
16:29:25.0584 3256	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:29:25.0637 3256	scfilter - ok
16:29:25.0700 3256	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:29:25.0778 3256	Schedule - ok
16:29:25.0813 3256	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:29:25.0853 3256	SCPolicySvc - ok
16:29:25.0882 3256	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:29:25.0925 3256	SDRSVC - ok
16:29:26.0012 3256	SeaPort         (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
16:29:26.0041 3256	SeaPort - ok
16:29:26.0106 3256	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:29:26.0162 3256	secdrv - ok
16:29:26.0187 3256	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:29:26.0229 3256	seclogon - ok
16:29:26.0239 3256	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
16:29:26.0297 3256	SENS - ok
16:29:26.0327 3256	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:29:26.0345 3256	SensrSvc - ok
16:29:26.0377 3256	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
16:29:26.0415 3256	Serenum - ok
16:29:26.0432 3256	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
16:29:26.0461 3256	Serial - ok
16:29:26.0466 3256	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
16:29:26.0496 3256	sermouse - ok
16:29:26.0538 3256	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:29:26.0588 3256	SessionEnv - ok
16:29:26.0592 3256	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:29:26.0642 3256	sffdisk - ok
16:29:26.0680 3256	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:29:26.0712 3256	sffp_mmc - ok
16:29:26.0717 3256	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:29:26.0747 3256	sffp_sd - ok
16:29:26.0752 3256	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
16:29:26.0778 3256	sfloppy - ok
16:29:26.0822 3256	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:29:26.0903 3256	SharedAccess - ok
16:29:26.0954 3256	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:29:27.0023 3256	ShellHWDetection - ok
16:29:27.0061 3256	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
16:29:27.0077 3256	SiSRaid2 - ok
16:29:27.0099 3256	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
16:29:27.0115 3256	SiSRaid4 - ok
16:29:27.0219 3256	SkypeUpdate     (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
16:29:27.0234 3256	SkypeUpdate - ok
16:29:27.0267 3256	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:29:27.0327 3256	Smb - ok
16:29:27.0375 3256	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:29:27.0417 3256	SNMPTRAP - ok
16:29:27.0451 3256	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:29:27.0466 3256	spldr - ok
16:29:27.0519 3256	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:29:27.0577 3256	Spooler - ok
16:29:27.0738 3256	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:29:27.0843 3256	sppsvc - ok
16:29:27.0920 3256	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:29:28.0006 3256	sppuinotify - ok
16:29:28.0070 3256	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:29:28.0123 3256	srv - ok
16:29:28.0156 3256	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:29:28.0200 3256	srv2 - ok
16:29:28.0256 3256	SrvHsfHDA       (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
16:29:28.0279 3256	SrvHsfHDA - ok
16:29:28.0359 3256	SrvHsfV92       (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
16:29:28.0423 3256	SrvHsfV92 - ok
16:29:28.0557 3256	SrvHsfWinac     (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
16:29:28.0606 3256	SrvHsfWinac - ok
16:29:28.0646 3256	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:29:28.0663 3256	srvnet - ok
16:29:28.0710 3256	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:29:28.0771 3256	SSDPSRV - ok
16:29:28.0778 3256	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:29:28.0822 3256	SstpSvc - ok
16:29:28.0892 3256	Steam Client Service - ok
16:29:28.0923 3256	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
16:29:28.0942 3256	stexstor - ok
16:29:29.0019 3256	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:29:29.0058 3256	stisvc - ok
16:29:29.0077 3256	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:29:29.0092 3256	swenum - ok
16:29:29.0166 3256	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:29:29.0238 3256	swprv - ok
16:29:29.0349 3256	SynTP           (f5b46df59feaa48a442aed7eeb754d4b) C:\Windows\system32\DRIVERS\SynTP.sys
16:29:29.0396 3256	SynTP - ok
16:29:29.0542 3256	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:29:29.0616 3256	SysMain - ok
16:29:29.0708 3256	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:29:29.0754 3256	TabletInputService - ok
16:29:29.0780 3256	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:29:29.0846 3256	TapiSrv - ok
16:29:29.0875 3256	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:29:29.0921 3256	TBS - ok
16:29:30.0059 3256	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:29:30.0117 3256	Tcpip - ok
16:29:30.0328 3256	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:29:30.0382 3256	TCPIP6 - ok
16:29:30.0468 3256	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:29:30.0542 3256	tcpipreg - ok
16:29:30.0580 3256	tdcmdpst        (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
16:29:30.0592 3256	tdcmdpst - ok
16:29:30.0607 3256	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:29:30.0634 3256	TDPIPE - ok
16:29:30.0671 3256	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:29:30.0685 3256	TDTCP - ok
16:29:30.0727 3256	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:29:30.0789 3256	tdx - ok
16:29:30.0936 3256	TemproMonitoringService (1b709733a04dcc41a63f9cd1f76a4ebe) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
16:29:31.0017 3256	TemproMonitoringService - ok
16:29:31.0081 3256	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:29:31.0111 3256	TermDD - ok
16:29:31.0164 3256	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:29:31.0244 3256	TermService - ok
16:29:31.0265 3256	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:29:31.0289 3256	Themes - ok
16:29:31.0317 3256	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:29:31.0362 3256	THREADORDER - ok
16:29:31.0456 3256	TMachInfo       (83e91963c4452be6899503cf9ebfd3ed) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
16:29:31.0483 3256	TMachInfo - ok
16:29:31.0522 3256	TODDSrv         (8e2c799d3476eac32c3ba0df7ce6af19) C:\Windows\system32\TODDSrv.exe
16:29:31.0540 3256	TODDSrv - ok
16:29:31.0662 3256	TosCoSrv        (cdc97fa5c42b07fb0d4600e17c32f582) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
16:29:31.0689 3256	TosCoSrv - ok
16:29:31.0778 3256	TOSHIBA eco Utility Service (2ecc833ea37cece0052d4d9adc184177) C:\Program Files\TOSHIBA\TECO\TecoService.exe
16:29:31.0802 3256	TOSHIBA eco Utility Service - ok
16:29:31.0874 3256	TOSHIBA HDD SSD Alert Service (edb4b432db13ea3d1eb2356310d33263) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
16:29:31.0893 3256	TOSHIBA HDD SSD Alert Service - ok
16:29:31.0973 3256	TPCHSrv         (9f8410ccc72b3470c96da415be0cf423) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
16:29:32.0000 3256	TPCHSrv - ok
16:29:32.0113 3256	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:29:32.0197 3256	TrkWks - ok
16:29:32.0243 3256	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:29:32.0313 3256	TrustedInstaller - ok
16:29:32.0362 3256	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:29:32.0417 3256	tssecsrv - ok
16:29:32.0448 3256	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:29:32.0486 3256	TsUsbFlt - ok
16:29:32.0491 3256	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
16:29:32.0517 3256	TsUsbGD - ok
16:29:32.0555 3256	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:29:32.0613 3256	tunnel - ok
16:29:32.0677 3256	TVALZ           (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
16:29:32.0701 3256	TVALZ - ok
16:29:32.0739 3256	TVALZFL         (9c7191f4b2e49bff47a6c1144b5923fa) C:\Windows\system32\DRIVERS\TVALZFL.sys
16:29:32.0754 3256	TVALZFL - ok
16:29:32.0775 3256	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
16:29:32.0794 3256	uagp35 - ok
16:29:32.0903 3256	UCManSvc        (f7df6654663ad07dab615a7af513d90c) C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
16:29:32.0939 3256	UCManSvc ( UnsignedFile.Multi.Generic ) - warning
16:29:32.0939 3256	UCManSvc - detected UnsignedFile.Multi.Generic (1)
16:29:32.0982 3256	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:29:33.0059 3256	udfs - ok
16:29:33.0094 3256	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:29:33.0113 3256	UI0Detect - ok
16:29:33.0174 3256	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:29:33.0203 3256	uliagpkx - ok
16:29:33.0242 3256	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:29:33.0276 3256	umbus - ok
16:29:33.0282 3256	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
16:29:33.0310 3256	UmPass - ok
16:29:33.0356 3256	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:29:33.0426 3256	upnphost - ok
16:29:33.0458 3256	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:29:33.0493 3256	usbccgp - ok
16:29:33.0538 3256	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:29:33.0578 3256	usbcir - ok
16:29:33.0599 3256	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
16:29:33.0627 3256	usbehci - ok
16:29:33.0651 3256	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
16:29:33.0677 3256	usbhub - ok
16:29:33.0699 3256	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:29:33.0714 3256	usbohci - ok
16:29:33.0736 3256	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
16:29:33.0754 3256	usbprint - ok
16:29:33.0776 3256	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:29:33.0804 3256	USBSTOR - ok
16:29:33.0810 3256	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:29:33.0827 3256	usbuhci - ok
16:29:33.0846 3256	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
16:29:33.0880 3256	usbvideo - ok
16:29:33.0911 3256	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:29:33.0974 3256	UxSms - ok
16:29:34.0011 3256	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:29:34.0029 3256	VaultSvc - ok
16:29:34.0089 3256	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:29:34.0114 3256	vdrvroot - ok
16:29:34.0192 3256	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:29:34.0245 3256	vds - ok
16:29:34.0279 3256	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:29:34.0299 3256	vga - ok
16:29:34.0304 3256	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:29:34.0346 3256	VgaSave - ok
16:29:34.0359 3256	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:29:34.0378 3256	vhdmp - ok
16:29:34.0399 3256	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:29:34.0414 3256	viaide - ok
16:29:34.0431 3256	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:29:34.0446 3256	volmgr - ok
16:29:34.0471 3256	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:29:34.0493 3256	volmgrx - ok
16:29:34.0508 3256	volsnap         (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
16:29:34.0528 3256	volsnap - ok
16:29:34.0569 3256	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
16:29:34.0586 3256	vsmraid - ok
16:29:34.0681 3256	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:29:34.0766 3256	VSS - ok
16:29:34.0858 3256	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:29:34.0891 3256	vwifibus - ok
16:29:34.0909 3256	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:29:34.0938 3256	vwififlt - ok
16:29:34.0985 3256	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:29:35.0055 3256	W32Time - ok
16:29:35.0087 3256	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
16:29:35.0114 3256	WacomPen - ok
16:29:35.0199 3256	WajamUpdater    (4aa2cc5979aff984227364f2c23b04f3) C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
16:29:35.0217 3256	WajamUpdater ( UnsignedFile.Multi.Generic ) - warning
16:29:35.0217 3256	WajamUpdater - detected UnsignedFile.Multi.Generic (1)
16:29:35.0262 3256	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:29:35.0320 3256	WANARP - ok
16:29:35.0333 3256	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:29:35.0373 3256	Wanarpv6 - ok
16:29:35.0461 3256	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:29:35.0528 3256	wbengine - ok
16:29:35.0624 3256	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:29:35.0664 3256	WbioSrvc - ok
16:29:35.0694 3256	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:29:35.0759 3256	wcncsvc - ok
16:29:35.0783 3256	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:29:35.0817 3256	WcsPlugInService - ok
16:29:35.0868 3256	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
16:29:35.0884 3256	Wd - ok
16:29:35.0930 3256	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:29:35.0959 3256	Wdf01000 - ok
16:29:35.0985 3256	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:29:36.0033 3256	WdiServiceHost - ok
16:29:36.0038 3256	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:29:36.0063 3256	WdiSystemHost - ok
16:29:36.0126 3256	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:29:36.0179 3256	WebClient - ok
16:29:36.0211 3256	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:29:36.0285 3256	Wecsvc - ok
16:29:36.0314 3256	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:29:36.0361 3256	wercplsupport - ok
16:29:36.0386 3256	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:29:36.0432 3256	WerSvc - ok
16:29:36.0491 3256	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:29:36.0533 3256	WfpLwf - ok
16:29:36.0554 3256	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:29:36.0568 3256	WIMMount - ok
16:29:36.0613 3256	WinDefend - ok
16:29:36.0624 3256	WinHttpAutoProxySvc - ok
16:29:36.0674 3256	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:29:36.0720 3256	Winmgmt - ok
16:29:36.0859 3256	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:29:36.0939 3256	WinRM - ok
16:29:37.0105 3256	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:29:37.0170 3256	Wlansvc - ok
16:29:37.0233 3256	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:29:37.0248 3256	wlcrasvc - ok
16:29:37.0417 3256	wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:29:37.0481 3256	wlidsvc - ok
16:29:37.0598 3256	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:29:37.0623 3256	WmiAcpi - ok
16:29:37.0675 3256	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:29:37.0718 3256	wmiApSrv - ok
16:29:37.0779 3256	WMPNetworkSvc - ok
16:29:37.0815 3256	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:29:37.0854 3256	WPCSvc - ok
16:29:37.0873 3256	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:29:37.0894 3256	WPDBusEnum - ok
16:29:37.0926 3256	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:29:38.0000 3256	ws2ifsl - ok
16:29:38.0030 3256	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
16:29:38.0057 3256	wscsvc - ok
16:29:38.0061 3256	WSearch - ok
16:29:38.0197 3256	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
16:29:38.0269 3256	wuauserv - ok
16:29:38.0375 3256	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:29:38.0467 3256	WudfPf - ok
16:29:38.0490 3256	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:29:38.0532 3256	WUDFRd - ok
16:29:38.0564 3256	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:29:38.0608 3256	wudfsvc - ok
16:29:38.0627 3256	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:29:38.0676 3256	WwanSvc - ok
16:29:38.0793 3256	YahooAUService  (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
16:29:38.0827 3256	YahooAUService - ok
16:29:38.0872 3256	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:29:39.0840 3256	\Device\Harddisk0\DR0 - ok
16:29:39.0875 3256	Boot (0x1200)   (ba246afdb5997f5d159fa9fbe04aad32) \Device\Harddisk0\DR0\Partition0
16:29:39.0877 3256	\Device\Harddisk0\DR0\Partition0 - ok
16:29:39.0918 3256	Boot (0x1200)   (a2a1edba15eed36aad34e96ebc9cf815) \Device\Harddisk0\DR0\Partition1
16:29:39.0920 3256	\Device\Harddisk0\DR0\Partition1 - ok
16:29:39.0921 3256	============================================================
16:29:39.0921 3256	Scan finished
16:29:39.0921 3256	============================================================
16:29:39.0939 2360	Detected object count: 3
16:29:39.0939 2360	Actual detected object count: 3
16:30:15.0151 2360	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:30:15.0151 2360	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:30:15.0154 2360	UCManSvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:30:15.0154 2360	UCManSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:30:15.0155 2360	WajamUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
16:30:15.0155 2360	WajamUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Zwischeninfo: nach Anwenden des ComboFix gingen Videos bis zur aktivierung des Ruhezustands, danach wieder selbes Problem

Alt 03.07.2012, 13:59   #10
markusg
/// Malware-holic
 
Ransom Trojan wird nicht durch Malwarebytes gelöscht - Standard

Ransom Trojan wird nicht durch Malwarebytes gelöscht



tritt das problem immer nach ruhezustand auf?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.07.2012, 14:43   #11
MelficeOne
 
Ransom Trojan wird nicht durch Malwarebytes gelöscht - Standard

Ransom Trojan wird nicht durch Malwarebytes gelöscht



nach dem 1. (bzw 2.) hochfahren nach Anwendung von Combofix haben Videos Funktioniert, nach einleiten des Ruhezustandes trat das Problem wieder wie bekannt auf
( Videos funktionieren bis etwa 90% das Startup prozesses, dann schwarz)

Wechsle ich den Benutzer (ohne abmelden) habe ich das selbe Problem auf anderen Benutzerkonten, Melde ich mich ab laufen die Videos normal auf anderen Benutzserkonten.

Ich habe Combofix seit der ersten Anwendung nicht noch einmal ausgeführt (allg. Warnung zu ComboFix).

Alt 04.07.2012, 13:37   #12
markusg
/// Malware-holic
 
Ransom Trojan wird nicht durch Malwarebytes gelöscht - Standard

Ransom Trojan wird nicht durch Malwarebytes gelöscht



wenn du den pc runterfährst und startest, funktionieren vidios dann oder dann momentan auch nicht?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.07.2012, 17:35   #13
MelficeOne
 
Ransom Trojan wird nicht durch Malwarebytes gelöscht - Standard

Ransom Trojan wird nicht durch Malwarebytes gelöscht



die Videos funktionieren während des startens (Also Windows-oberfläche ist da, Autostartprogramme werden geladen und ausgeführt)
Währen des Autostarts werden die Videos abrupt schwarz

Alt 04.07.2012, 19:08   #14
markusg
/// Malware-holic
 
Ransom Trojan wird nicht durch Malwarebytes gelöscht - Standard

Ransom Trojan wird nicht durch Malwarebytes gelöscht



und wieso lässt du ihn nicht erst fertig arbeiten befor du etwas startest? macht das nen unterschied bitte mal testen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.07.2012, 21:30   #15
MelficeOne
 
Ransom Trojan wird nicht durch Malwarebytes gelöscht - Standard

Ransom Trojan wird nicht durch Malwarebytes gelöscht



weil ich in dem Fall testen wollte ob ein startender Prozess den Fehler verursacht. bzw ob ein neuer Prozess parallel zum Videoausfall auftritt.

Macht nebenbei keinen Unterschied, Videos sind immer noch schwarz

Antwort

Themen zu Ransom Trojan wird nicht durch Malwarebytes gelöscht
anime, autorun, bho, bingbar, diner dash, error, fehler, firefox, flash player, helper, home, iexplore.exe, index, install.exe, installation, jdownloader, mozilla, mp3, neu aufsetzen, ntdll.dll, object, of death, pando media booster, plug-in, pricepeep, problem, programm, realtek, registry, scan, searchscopes, security, siteadvisor, software, storm, svchost.exe, system, tower, trojan, trojan ransom, usb 2.0, wajam, wildtangent games, win64, windows



Ähnliche Themen: Ransom Trojan wird nicht durch Malwarebytes gelöscht


  1. Trojan.Ransom.ED gelöscht. Ist mein PC nun Virenfrei?
    Plagegeister aller Art und deren Bekämpfung - 11.05.2015 (4)
  2. Windows 7 , 64Bit: Malwarebytes findet PUM.UserWLoad und Trojan.Ransom
    Log-Analyse und Auswertung - 09.09.2013 (14)
  3. GfilterSvc.exe wird durch Malwarebytes geblockt
    Log-Analyse und Auswertung - 19.07.2013 (19)
  4. PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden
    Log-Analyse und Auswertung - 14.07.2013 (13)
  5. Trojan.Ransom.SUGen/PUM.Hijack.StartMenu/und Trojan Ransom
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (2)
  6. Malwarebytes hat Trojan.Ransom.SUGen gefunden
    Plagegeister aller Art und deren Bekämpfung - 05.04.2013 (22)
  7. Trojan.Ransom.ED, Trojan.Agent.ED, Trojan.FakeMS.PRGen und Bublik b. durch Email erhalten?
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (29)
  8. EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes
    Plagegeister aller Art und deren Bekämpfung - 30.03.2013 (20)
  9. Malwarebytes Anti-Malware findet Trojan.Ransom.ANC
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (37)
  10. GVU-Virus, Trojan.Ransom.SUGen und weitere gefunden mit Malwarebytes
    Log-Analyse und Auswertung - 01.03.2013 (19)
  11. AVG Rescue cd-Trojan.Ransom.SUGen gelöscht-Desktop bleibt schwarz-nur mit Taskmanager zugänglich
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (31)
  12. Malwarebytes meldet (Trojan.Ransom.ANC)
    Plagegeister aller Art und deren Bekämpfung - 30.10.2012 (7)
  13. Malwarebytes --> Registrierung: PUM.Hijack.HomePageControl --- Datei: Trojan.Ransom.Gen
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (29)
  14. laut Malwarebytes ist mein PC von Trojan.Ransom betroffen
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (20)
  15. Trojan.Ransom mit Malwarebytes gefunden
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (25)
  16. wpbt0.dll hat System blockiert durch Ukash. Hat Malwarebytes erfolgreich gelöscht?
    Plagegeister aller Art und deren Bekämpfung - 10.02.2012 (5)
  17. PUM.Bad.Proxy und Trojan.Spyeyes durch Malwarebytes gefunden und gelöscht,OTL und gmer durchgelaufen
    Log-Analyse und Auswertung - 23.01.2012 (1)

Zum Thema Ransom Trojan wird nicht durch Malwarebytes gelöscht - Ich bin letztens auf folgendes Problem gestoßen: ich wollte gestern (Freitag) Anime gucken (neueste Folge Fate Zero) und musste feststellen dass der MPC schwarz bleibt. ich kriege Ton zwar rein - Ransom Trojan wird nicht durch Malwarebytes gelöscht...
Archiv
Du betrachtest: Ransom Trojan wird nicht durch Malwarebytes gelöscht auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.