| |
| |||||||
Log-Analyse und Auswertung: Ransom Trojan wird nicht durch Malwarebytes gelöschtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
01.07.2012, 03:09
| #1 | |
 |  Ransom Trojan wird nicht durch Malwarebytes gelöscht Ich bin letztens auf folgendes Problem gestoßen: ich wollte gestern (Freitag) Anime gucken (neueste Folge Fate Zero) und musste feststellen dass der MPC schwarz bleibt. ich kriege Ton zwar rein aber kein Bild. Dachte mir das der FFD Video Codec spinnt und have daraufhin das CCCP erneut installiert. Keine Hilfe. Anderer Player: Schwarz mit ton. Als ich einen Quick Scan mit malwarebytes über das System laufen ließ gab dieser mir einen Fund aus. Zitat:
Direkt nach dem Neustart (noch in der Autostartroutine) ein Video abgespielt und siehe da - Ton und Bild! Doch während der Routine wurde das Bild mit einem mal schwarz. malwarebytes nochmal drüberlaufen lassen und den Selben Fehler gefunden. selbes Vorgehen, diesmal nach Hochfahren geguckt ob es sich über den Administrtor löschen lässt. Admin findet nix. Also Fehler gegoogelt und zu verschiedensten Ergebnissen gekommen. von Neu Aufsetzen über Zugriffsänderungen zu Logfiles Posten (hier) Ich stehe derzeit auf dem Schlauch. Da Ransom Trojans offenbar irgendwann den Rechner "hochnehmen" und sperren würde ich dem weitesgehend vorbeugen... anbei die OTL.txt Code:
ATTFilter OTL logfile created on: 01.07.2012 03:25:00 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,48 Gb Total Physical Memory | 5,73 Gb Available Physical Memory | 76,60% Memory free 14,95 Gb Paging File | 12,88 Gb Available in Paging File | 86,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297,71 Gb Total Space | 12,84 Gb Free Space | 4,31% Space Free | Partition Type: NTFS Drive D: | 298,08 Gb Total Space | 46,82 Gb Free Space | 15,71% Space Free | Partition Type: NTFS Drive E: | 441,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: BRONGAA | User Name: Melfice | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.01 03:20:09 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\downloads\OTL.exe PRC - [2012.06.06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Melfice\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.02.10 18:56:24 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe PRC - [2011.09.26 18:57:18 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2011.09.23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2010.06.04 16:32:58 | 000,252,792 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe PRC - [2010.03.12 15:43:38 | 000,241,808 | ---- | M] (Paltiosoft Inc.) -- C:\Program Files (x86)\SoftDenchi\UCManSvc.exe PRC - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe ========== Modules (No Company Name) ========== MOD - [2011.09.26 18:57:18 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (MSK80Service) SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc) SRV:64bit: - [2011.05.26 00:09:58 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.04.07 13:59:32 | 000,294,328 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV:64bit: - [2011.04.05 19:38:16 | 000,828,336 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV:64bit: - [2010.12.09 17:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2010.12.08 15:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:64bit: - [2010.10.20 14:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012.06.19 12:29:24 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.01 23:29:15 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.02.21 18:28:20 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service) SRV - [2012.02.10 18:56:24 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater) SRV - [2012.01.13 12:21:16 | 000,103,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2011.09.23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86) SRV - [2011.03.01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011.02.10 09:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) SRV - [2010.11.29 14:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.12 15:43:38 | 000,241,808 | ---- | M] (Paltiosoft Inc.) [Auto | Running] -- C:\Program Files (x86)\SoftDenchi\UCManSvc.exe -- (UCManSvc) SRV - [2010.01.28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.22 12:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple) DRV:64bit: - [2012.01.11 08:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam) DRV:64bit: - [2011.09.29 10:36:26 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.05.26 01:58:22 | 009,263,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.05.25 23:28:50 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.09 11:29:10 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2011.02.08 19:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2011.02.03 19:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.01.27 12:34:12 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011.01.05 01:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce) DRV:64bit: - [2010.12.01 16:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.11.30 14:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.09.24 07:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2009.07.30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009.07.14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL) DRV:64bit: - [2009.06.15 13:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {8D3D5D19-699D-4D84-887D-3BFD9E4D7F5F} IE:64bit: - HKLM\..\SearchScopes\{8D3D5D19-699D-4D84-887D-3BFD9E4D7F5F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {8D3D5D19-699D-4D84-887D-3BFD9E4D7F5F} IE - HKLM\..\SearchScopes\{8D3D5D19-699D-4D84-887D-3BFD9E4D7F5F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/places?touch=4&cat=1 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.fakku.net/viewforum.php?f=105 IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {5FA600C7-EA20-4F25-A8D3-C42A8520102A} IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{4FFF1A03-D54F-4070-B6D9-A1792386A1F8}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKCU\..\SearchScopes\{57B705F0-4A7D-4C63-AC4D-F6E48C646FED}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{5FA600C7-EA20-4F25-A8D3-C42A8520102A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.orbitdownloader.com" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@ptc.com/ProductViewLite: C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll (PTC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Melfice\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.02.23 18:29:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.01 23:29:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.26 18:54:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melfice\AppData\Roaming\mozilla\Extensions [2012.07.01 00:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melfice\AppData\Roaming\mozilla\Firefox\Profiles\g039wqu1.default\extensions [2011.09.28 20:43:25 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Melfice\AppData\Roaming\mozilla\Firefox\Profiles\g039wqu1.default\extensions\ffxtlbr@Facemoods.com [2011.10.23 09:59:14 | 000,000,679 | ---- | M] () -- C:\Users\Melfice\AppData\Roaming\Mozilla\Firefox\Profiles\g039wqu1.default\searchplugins\tokyo-toshokan.xml [2011.10.23 14:31:51 | 000,001,330 | ---- | M] () -- C:\Users\Melfice\AppData\Roaming\Mozilla\Firefox\Profiles\g039wqu1.default\searchplugins\wikipedia-en.xml [2011.11.05 23:46:47 | 000,001,997 | ---- | M] () -- C:\Users\Melfice\AppData\Roaming\Mozilla\Firefox\Profiles\g039wqu1.default\searchplugins\wolframalpha.xml [2011.10.09 23:42:09 | 000,002,057 | ---- | M] () -- C:\Users\Melfice\AppData\Roaming\Mozilla\Firefox\Profiles\g039wqu1.default\searchplugins\youtube-videosuche.xml [2012.01.08 20:14:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.10.31 20:00:00 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\MELFICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G039WQU1.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI [2012.05.01 23:29:15 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.19 19:03:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.19 19:03:39 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.19 19:03:39 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.28 20:43:26 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2012.03.19 19:03:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.19 19:03:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.19 19:03:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\wajam.dll (Wajam) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll File not found O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.) O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I File not found O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA) O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [ManyCam] C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC) O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet File not found O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - Startup: C:\Users\Melfice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Melfice\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Melfice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Melfice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files (x86)\Rainmeter\Rainmeter.exe () O4 - Startup: C:\Users\Melfice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) F3:64bit: - HKCU WinNT: Load - (C:\Users\Melfice\LOCALS~1\Temp\msvyhbka.scr) - File not found F3 - HKCU WinNT: Load - (C:\Users\Melfice\LOCALS~1\Temp\msvyhbka.scr) - File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>) O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AFD53F0-5698-4625-9937-FF29252BADB0}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B44CF995-588F-43B3-BE47-2C119E943906}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.06.24 10:01:18 | 000,000,027 | ---- | M] () - E:\AUTORUN.INF -- [ UDF ] O33 - MountPoints2\{fa8c92c9-b6b4-11e0-9916-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{fa8c92c9-b6b4-11e0-9916-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe -- [2008.06.24 10:01:18 | 000,063,488 | ---- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.01 00:39:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012.07.01 00:20:01 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Roaming\GRETECH [2012.07.01 00:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player [2012.07.01 00:18:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GRETECH [2012.06.30 16:59:54 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{FEE76892-DA96-44B9-B0A4-5C0CDEF4B389} [2012.06.30 16:59:31 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{6514B212-6F1D-468E-984A-151981F95925} [2012.06.30 01:40:29 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{1B773419-4E56-4B0C-8C57-A708D733E2EE} [2012.06.30 01:40:06 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{13868A62-1B13-48B0-957B-69C681809D09} [2012.06.30 01:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam [2012.06.30 01:26:49 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\ManyCam [2012.06.30 01:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ManyCam [2012.06.30 01:26:47 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Roaming\ManyCam [2012.06.30 01:26:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012.06.30 01:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2012.06.30 01:26:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManyCam [2012.06.30 01:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2012.06.29 22:18:25 | 000,000,000 | ---D | C] -- C:\Users\Melfice\Desktop\Analogue A Hate Story [2012.06.29 21:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack [2012.06.29 21:10:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack [2012.06.29 13:38:49 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{0051FE67-E0AB-46FF-BB59-45D112B7295B} [2012.06.29 13:38:22 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{E146B3EA-F0E8-4DB4-8F19-C372CA2B9007} [2012.06.29 01:37:25 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{8545240C-3F6F-4036-AB25-EF66200BC8EA} [2012.06.29 01:36:58 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{58ABBF1C-AB02-47C4-B3A8-D68092CFE16B} [2012.06.28 13:36:31 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{B00DF739-BBDB-4D15-A724-F8F43A9A3723} [2012.06.28 13:36:17 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{B147D393-1907-4966-AA52-D24964517A61} [2012.06.28 01:35:38 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{F9ABD92F-459B-4A6C-B013-9501ECCEA48C} [2012.06.28 01:35:15 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{EE86CEBD-E193-44EB-8474-DEC8D97CF922} [2012.06.27 13:34:06 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{FAB88ECC-C41B-4C87-BDB7-CC5835B55483} [2012.06.27 13:33:38 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{911E60D8-EFB9-45A7-9F70-7E638143CFE8} [2012.06.27 01:33:15 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{35E5AD25-1727-4F1E-8017-C1562B01E8EC} [2012.06.27 01:32:51 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{B7367BBE-E951-4E12-B091-AC2148501AE9} [2012.06.26 13:32:13 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{7A67A434-CC40-4B09-A03D-D40B5E3C8E46} [2012.06.26 13:31:45 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{A5F31274-A3C3-4050-8D16-F8E49675EFA2} [2012.06.26 01:31:22 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{88CE3ACC-A86A-4BB6-BF6F-373DE3FADB94} [2012.06.26 01:30:58 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{30645A4D-A81C-47C2-BA1C-CF845E0D7768} [2012.06.25 13:30:20 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{062E811F-AD77-4AA9-8A9C-4B617A1A5882} [2012.06.25 13:29:54 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{9C120173-61E5-48AB-B9D9-4D1C97E515AC} [2012.06.25 01:29:01 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{ED1B8300-91A1-423E-B40E-BB5CD49E8F54} [2012.06.25 01:28:34 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{974702BF-A534-4EF6-8DF1-16074AFBC8EA} [2012.06.24 13:27:38 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{512CC663-6BB6-436E-A3D3-5C339A4ADD7B} [2012.06.24 13:27:12 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{9E2E322A-3CEC-43A5-8582-1540896DAC7A} [2012.06.24 01:25:45 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{79523661-97A4-4F88-ABB8-A45F3A72ED0F} [2012.06.24 01:25:07 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{F0DC38E9-9B2C-4AB1-A5F3-1094FC2CA94E} [2012.06.23 14:25:53 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\Macromedia [2012.06.23 13:24:18 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{7F5E8616-5F01-48FD-A6A5-D8DA99111896} [2012.06.23 13:23:57 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{EB9A02BD-1D11-4629-9E36-A8B292B62FC0} [2012.06.22 12:20:48 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{25D7380A-952A-4BBC-B7AC-7EA86DB57EBB} [2012.06.22 12:20:21 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{EEB89AAF-EAA1-408E-9581-A08CC041B6C5} [2012.06.22 00:19:57 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{8A5F398A-7040-47D5-A85B-E9EC119F38D3} [2012.06.22 00:19:33 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{DE125F2F-5A40-4B1F-9D2C-AC9416D5EEBC} [2012.06.21 12:18:55 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{58D0E221-688B-4116-A287-0EA62F99E151} [2012.06.21 12:18:29 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{CA345B44-58A7-4D15-8C09-ECADA4FEFA6B} [2012.06.21 00:17:52 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{0B1F1B87-0F04-43D7-833F-C76574BADCB6} [2012.06.21 00:17:38 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{E6EA62EB-6562-46D6-9F49-F45AF20A4158} [2012.06.20 14:14:54 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utawarerumono [2012.06.20 12:17:18 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{4854B39A-9788-4D00-AB68-2FDF2BA416FD} [2012.06.20 12:16:55 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{7A87B4A2-EB28-489A-BC10-62C0CE540A10} [2012.06.20 00:16:25 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{E55E4B59-4D60-4190-BA4B-BCC2E1C8F494} [2012.06.20 00:16:02 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{3827E545-A0C2-4950-9EE9-2BD0F23CAE1D} [2012.06.19 12:15:22 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{3F503903-967C-419B-927A-FE5BD371B0F7} [2012.06.19 12:14:58 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{F723E167-DF5B-4F60-AF01-1F3D63CD2E63} [2012.06.19 00:14:33 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{11067D98-7347-472F-9234-6B4D378898D6} [2012.06.18 12:14:10 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{F0289FF9-A365-4B22-B951-357A35B4A801} [2012.06.18 00:13:46 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{72F1BC5B-4962-4F4F-8E65-FD122880DC55} [2012.06.17 12:13:23 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{A16F32DD-1F1A-46E4-B5AF-1227F9B574E6} [2012.06.17 00:12:59 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{B37E051B-796E-43D9-A761-3BC65D8EB63E} [2012.06.16 12:12:34 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{05BCBCAB-0CE7-40D1-A357-2EE08764E2BB} [2012.06.16 00:12:09 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{7610E6BF-0FC9-49E0-8A81-6DCE7D3734F7} [2012.06.15 12:11:44 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{958013EF-9288-45E1-AE82-8A0C3E6D9E95} [2012.06.15 00:11:04 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{0C68E6CC-B8AA-42E3-A4F6-160B09D49B0C} [2012.06.15 00:10:39 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{8D6E6181-7212-42D0-9C9C-C5C71D70DBD7} [2012.06.14 12:14:51 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{166A36BF-D053-4653-8D1F-2390CBDAB7D1} [2012.06.14 00:14:27 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{E551CABB-4068-4FF7-A01A-071E2EB7FFD9} [2012.06.14 00:14:03 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{B5140EDE-58C7-49F8-B9A2-C3522B628E1C} [2012.06.13 12:13:43 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{C845AADD-2F5C-4C1B-82A6-2327B47045F1} [2012.06.13 12:13:18 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{6D4143CD-FBF9-40BB-A67E-E129645438D7} [2012.06.13 00:12:44 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{133AB30C-21F5-4184-B439-D2EEEEAB62A9} [2012.06.13 00:12:16 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{6E7127A2-7ACB-4463-8CC8-5F16226CD3D8} [2012.06.12 19:35:26 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Roaming\LoneSurvivor [2012.06.12 15:54:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.06.12 15:52:39 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Roaming\Braid [2012.06.12 12:11:55 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{CD8C87AA-F9A5-43CB-8B34-4FEB0967A747} [2012.06.12 12:11:31 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{68431AE7-D464-47D3-9A0D-D1D32C98ADA3} [2012.06.12 00:11:03 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{E3863E3F-6A9B-4448-8385-016A4DD43343} [2012.06.12 00:10:39 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{17638C12-D358-447B-8AB3-B265382F1AEF} [2012.06.11 12:12:13 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{EB6083E2-C4BE-42D9-BED0-8DEDB127F13C} [2012.06.11 00:11:04 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{DDF53304-095A-4812-8B53-8CC0BE03124C} [2012.06.11 00:10:43 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{34B8DB33-D755-486B-AE7C-C0606B03C559} [2012.06.10 23:57:50 | 000,000,000 | ---D | C] -- C:\Windows\de [2012.06.10 23:55:52 | 000,000,000 | ---D | C] -- C:\Windows\fr [2012.06.10 23:55:40 | 000,000,000 | ---D | C] -- C:\Windows\en [2012.06.10 23:55:28 | 000,000,000 | ---D | C] -- C:\Windows\it [2012.06.10 23:55:13 | 000,000,000 | ---D | C] -- C:\Windows\nl [2012.06.09 07:37:03 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{E11E790B-FEE6-49CB-BA0F-B4D1D6333B67} [2012.06.09 07:36:34 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{CF48BCAB-C1E7-4170-9D42-AAF5103BCE8C} [2012.06.07 00:23:47 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{91BE13D7-BB26-4387-B682-39E81ADA46A2} [2012.06.07 00:23:27 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{CC665A4C-F21E-4A63-8EBC-E9D92832410E} [2012.06.05 19:23:49 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Roaming\InstallShield Installation Information [2012.06.05 03:46:22 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{9DACE0FC-DC2A-4735-A36B-B0EADCCF9079} [2012.06.05 03:46:01 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{A1CFC0EA-011D-4C61-8B5E-43285CE19ED7} [2012.06.04 18:53:40 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin [2012.06.04 18:53:38 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\Procaster [2012.06.04 18:53:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Livestream Procaster [2012.06.04 18:53:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Livestream Procaster [2012.06.04 00:12:40 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{3A701C01-6E49-4BCA-9674-13023D68E7B8} [2012.06.04 00:12:25 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{06082C70-C4E4-4371-B6D9-EF374CB9EDB0} [2012.06.03 16:16:30 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{CC022DF7-119A-4104-B5E3-6D741A2BFDFA} [2012.06.03 16:16:14 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{D61D8835-4874-4D27-9B4F-B042D6AC117D} [2012.06.02 22:30:56 | 000,000,000 | ---D | C] -- C:\Users\Melfice\Desktop\LoLItemChanger [2012.06.02 22:28:23 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Roaming\LolClient2 [2012.06.02 22:26:40 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{52CF7BA2-ED15-40BC-93D8-F168102449F1} [2012.06.02 22:26:04 | 000,000,000 | ---D | C] -- C:\Users\Melfice\AppData\Local\{B44E830B-54CB-49D0-BA18-612F0064BB77} [2012.06.01 06:58:11 | 000,000,000 | ---D | C] -- C:\Users\Melfice\Documents\ProE [2012.04.19 09:21:21 | 000,130,048 | ---- | C] (Eugene Roshal & FAR Group) -- C:\ProgramData\2wDbJkVL.exe_ [2012.04.19 09:21:21 | 000,130,048 | ---- | C] (Eugene Roshal & FAR Group) -- C:\ProgramData\2wDbJkVL.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.01 03:17:41 | 000,000,168 | ---- | M] () -- C:\Users\Melfice\defogger_reenable [2012.07.01 03:08:03 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.01 02:56:03 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.01 02:52:53 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.01 02:52:53 | 000,024,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.01 02:44:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.01 02:44:30 | 1725,063,167 | -HS- | M] () -- C:\hiberfil.sys [2012.07.01 00:19:01 | 000,001,192 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk [2012.06.30 17:04:13 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.30 17:04:13 | 000,686,540 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.30 17:04:13 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.30 17:04:13 | 000,147,668 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.30 17:04:13 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.30 01:27:31 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\ManyCam.lnk [2012.06.24 14:37:19 | 000,000,123 | ---- | M] () -- C:\Users\Melfice\Documents\std.out [2012.06.23 14:15:59 | 000,000,012 | ---- | M] () -- C:\Users\Melfice\AppData\Roaming\urhtps.dat [2012.06.23 13:33:27 | 000,374,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.23 13:31:08 | 000,000,844 | ---- | M] () -- C:\Users\Melfice\Documents\Dokument5.rtf [2012.06.20 14:14:54 | 000,000,750 | ---- | M] () -- C:\Users\Melfice\Desktop\Utawarerumono English.lnk [2012.06.19 15:33:40 | 000,000,061 | ---- | M] () -- C:\Users\Melfice\Desktop\Hello.vbs [2012.06.17 16:43:15 | 000,000,756 | ---- | M] () -- C:\Users\Melfice\Desktop\Hello2.vbs [2012.06.15 20:14:59 | 000,012,057 | ---- | M] () -- C:\Users\Melfice\Documents\remys book.odt [2012.06.15 02:58:01 | 000,005,771 | ---- | M] () -- C:\Users\Melfice\Desktop\for remy.rtf [2012.06.06 12:43:35 | 000,454,603 | ---- | M] () -- C:\Users\Melfice\Desktop\Scan0001.pdf [2012.06.05 03:49:28 | 000,000,970 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk [2012.06.04 20:10:49 | 000,000,221 | ---- | M] () -- C:\Users\Melfice\Desktop\Dungeons of Dredmor.url [2012.06.04 18:53:39 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Livestream Procaster.lnk [2012.06.03 23:52:40 | 622,321,038 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.06.03 17:56:20 | 000,001,058 | ---- | M] () -- C:\Users\Melfice\Desktop\Magical Diary - Horse Hall.lnk [2012.06.02 16:37:14 | 000,001,058 | ---- | M] () -- C:\Users\Melfice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.06.02 16:36:36 | 000,001,030 | ---- | M] () -- C:\Users\Melfice\Desktop\Dropbox.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.01 03:17:41 | 000,000,168 | ---- | C] () -- C:\Users\Melfice\defogger_reenable [2012.07.01 00:19:01 | 000,001,192 | ---- | C] () -- C:\Users\Public\Desktop\GOM Player.lnk [2012.06.30 01:27:31 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\ManyCam.lnk [2012.06.23 14:15:59 | 000,000,012 | ---- | C] () -- C:\Users\Melfice\AppData\Roaming\urhtps.dat [2012.06.23 13:31:07 | 000,000,844 | ---- | C] () -- C:\Users\Melfice\Documents\Dokument5.rtf [2012.06.20 14:14:54 | 000,000,750 | ---- | C] () -- C:\Users\Melfice\Desktop\Utawarerumono English.lnk [2012.06.17 01:22:35 | 000,000,756 | ---- | C] () -- C:\Users\Melfice\Desktop\Hello2.vbs [2012.06.16 14:32:33 | 000,000,061 | ---- | C] () -- C:\Users\Melfice\Desktop\Hello.vbs [2012.06.15 20:14:56 | 000,012,057 | ---- | C] () -- C:\Users\Melfice\Documents\remys book.odt [2012.06.15 01:26:00 | 000,005,771 | ---- | C] () -- C:\Users\Melfice\Desktop\for remy.rtf [2012.06.06 12:45:38 | 000,454,603 | ---- | C] () -- C:\Users\Melfice\Desktop\Scan0001.pdf [2012.06.04 20:10:49 | 000,000,221 | ---- | C] () -- C:\Users\Melfice\Desktop\Dungeons of Dredmor.url [2012.06.03 23:52:40 | 622,321,038 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.06.03 17:56:20 | 000,001,058 | ---- | C] () -- C:\Users\Melfice\Desktop\Magical Diary - Horse Hall.lnk [2012.06.02 16:37:14 | 000,001,058 | ---- | C] () -- C:\Users\Melfice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.02.10 09:52:53 | 000,050,157 | ---- | C] () -- C:\Users\Melfice\AppData\Roaming\SQLite3.dll [2012.02.02 15:06:23 | 001,579,582 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.01.19 11:35:50 | 000,000,000 | ---- | C] () -- C:\Windows\Horo.ini [2012.01.11 22:34:15 | 000,473,600 | ---- | C] () -- C:\Windows\SysWow64\oldharmony.dll [2011.12.30 22:37:23 | 000,000,298 | ---- | C] () -- C:\Windows\vtmb.ini [2011.12.28 05:37:59 | 000,067,072 | ---- | C] () -- C:\Users\Melfice\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.07 18:17:46 | 000,083,968 | ---- | C] () -- C:\Windows\UnGins.exe [2011.12.07 18:16:54 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\Unlha32.dll [2011.10.30 18:51:33 | 000,000,018 | ---- | C] () -- C:\Windows\gfact.ini [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.26 19:01:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.07.25 14:41:59 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2011.07.25 14:19:14 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2011.07.25 14:05:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.07.25 14:02:18 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.02.03 19:56:58 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll ========== LOP Check ========== [2012.02.23 00:50:35 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\.minecraft [2011.12.13 21:18:21 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\.minecraft_xray [2012.05.30 12:41:33 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\Audacity [2012.02.14 17:28:24 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\Babylon [2012.07.01 03:23:43 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\BitTorrent [2012.06.12 15:53:12 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\Braid [2011.10.20 10:22:53 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\DAEMON Tools Lite [2012.07.01 02:57:22 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\Dropbox [2011.11.25 12:28:52 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\Gatling Gears [2011.10.30 18:51:10 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\GetRightToGo [2011.10.09 04:06:03 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\GrabPro [2012.02.26 20:12:25 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\Hothead Games [2012.02.12 15:20:31 | 000,000,000 | RHSD | M] -- C:\Users\Melfice\AppData\Roaming\install [2012.04.19 10:44:12 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\KISSsoft AG [2012.03.23 16:50:26 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\kock [2011.09.26 22:34:23 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\LolClient [2012.06.02 22:28:23 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\LolClient2 [2012.06.12 19:35:26 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\LoneSurvivor [2012.06.30 01:29:42 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\ManyCam [2012.01.16 00:25:03 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\NationRed [2011.10.20 10:33:27 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\Nitroplus [2011.12.08 17:12:23 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\OpenOffice.org [2012.07.01 03:23:55 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\Orbit [2011.10.09 04:06:07 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\ProgSense [2011.10.21 13:41:17 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\PTC [2012.06.29 14:22:59 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\RenPy [2011.10.21 08:19:14 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\ShanghaiAlice [2011.09.29 17:36:38 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\Toshiba [2011.09.26 18:58:29 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\TOSHIBA Online Product Information [2012.06.28 00:15:59 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\UAs [2012.06.28 00:15:59 | 000,000,000 | ---D | M] -- C:\Users\Melfice\AppData\Roaming\xmldm [2012.04.04 12:41:41 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Files - Unicode (All) ========== (C:\ProgramData\Microsoft\Windows\Start Menu\Programs\‰c?¨?t???“?e?B?A) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\‰©¨ƒtƒƒ“ƒeƒBƒA ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\system64] -> \systemroot\system32 -> Mount Point < End of report > Code:
ATTFilter OTL Extras logfile created on: 01.07.2012 03:25:00 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,48 Gb Total Physical Memory | 5,73 Gb Available Physical Memory | 76,60% Memory free
14,95 Gb Paging File | 12,88 Gb Available in Paging File | 86,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,71 Gb Total Space | 12,84 Gb Free Space | 4,31% Space Free | Partition Type: NTFS
Drive D: | 298,08 Gb Total Space | 46,82 Gb Free Space | 15,71% Space Free | Partition Type: NTFS
Drive E: | 441,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: BRONGAA | User Name: Melfice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02BD6421-75B7-4459-983C-A47E17169199}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{0627699A-4245-4FDD-A787-D0ECB4F02680}" = rport=137 | protocol=17 | dir=out | app=system |
"{0D483153-E4D0-4D8F-AC18-6D744F4982E1}" = rport=139 | protocol=6 | dir=out | app=system |
"{0F6516E8-BDED-4A08-A6EB-0744DF0C3094}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{244EC3DF-C507-41B0-BF54-84E6974CE9EE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{27AC1C97-6260-44F7-9096-7918D82F32A8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2A288C99-722C-44F7-A6B9-ED47D408E4CD}" = rport=445 | protocol=6 | dir=out | app=system |
"{3A4CA51D-FF00-4A00-BEDD-7D4D0F67F36B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{47A9A33A-8C53-4F9C-9841-AA3059E476EF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4A33861C-850E-4853-9328-B44C75EF8A7B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4CE746FD-BD5F-4B5B-9CFC-E6A9A6B197B2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{50664960-2CAC-42FD-ABC7-1B9BECA4732A}" = rport=138 | protocol=17 | dir=out | app=system |
"{595EA277-4CE2-4E21-B435-69452FB2E163}" = lport=445 | protocol=6 | dir=in | app=system |
"{5F04AD9A-9B7D-46A2-AF17-8BC1D4C88C65}" = lport=138 | protocol=17 | dir=in | app=system |
"{86251A9C-079E-4B74-9DB9-6D4E146E2879}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{866AF15B-41F7-4408-8622-5BEE61D3E357}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A2DFE449-4B0B-4891-82C3-4BA7BCC92C64}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A9927BEC-A512-4555-8F00-0E68988A1E9D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AC2D6D8A-1C38-4A9F-B0FC-D6C653881E57}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B00CFD1F-8678-47FC-9B52-85C4F78E95B9}" = lport=139 | protocol=6 | dir=in | app=system |
"{C1A8D6AE-E878-49C7-B526-F510231F02A4}" = lport=137 | protocol=17 | dir=in | app=system |
"{F2020B31-9205-412C-8D2B-72E5DE3EA04D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FEE2B6A9-17FE-4438-98F5-00480B2953E0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00534385-05CE-45A1-800F-F3E5A6864E79}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nation red\nationred.exe |
"{006FF172-1A7A-4465-9F16-C91BBCF5004A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien breed impact\binaries\alienbreed-impact.exe |
"{03D8DD7C-29C0-4945-AE01-62C5F368DADC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe |
"{064E4C26-FBA3-4CE8-A039-BF23D3C7DB5C}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{06A1E8D9-8F95-4602-9199-DEEBA8A84F14}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{084D29A9-C444-44F0-96ED-DA9EB1069C72}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief_2\thief2.exe |
"{08607C4C-7629-4510-B643-8C3B44BE247C}" = protocol=6 | dir=out | app=system |
"{08FCDCE3-8205-4187-AABE-335D3E540E05}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe |
"{0C5FB6BB-6D4A-4284-969C-73291E49F9D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{0E18CF28-E25A-4FE8-B120-BDBE284F8E17}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{10BB2CF6-26DC-4EAF-ABDD-83B74D195889}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{115F6DDC-9222-423E-A8DD-E08284C34586}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\analogue a hate story\analogue.exe |
"{1396CFCD-2654-4DEC-972E-206A54C5F154}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex\system\deusex.exe |
"{15266A35-9CE1-49A8-8C4D-DE79F5BAFD56}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\analogue a hate story\analogue.exe |
"{18D018A2-0119-48E3-A6F4-9965F528AAA1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom ufo defense\dosbox.exe |
"{1CEB6AF0-DBDB-4EDD-A982-37F40F254E49}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1D873190-38BD-4817-8360-D3C2748F5337}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
"{1EF01D4D-99C6-498B-8E60-5AB70D09800F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1EF5A11D-49BE-4D8A-A42F-7A27B1B5BBC5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\delve deeper\delvedeeper.exe |
"{238A5521-8CC2-481B-9E98-80193A167BF6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe |
"{238B5B29-CA5C-4FA8-AE07-6BF022D3B20D}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{25EB909C-E496-421D-978F-8300DCB813B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{2679FFE0-A175-49B6-BB3C-233CAE8E69F5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom enforcer\system\xcom.exe |
"{2904DF75-F637-49ED-BFB3-97C4DE13D4F9}" = protocol=6 | dir=in | app=c:\users\melfice\appdata\roaming\dropbox\bin\dropbox.exe |
"{2A720F21-0C04-45FD-82EF-B3F6DE44AEC1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\on the rain-slick precipice of darkness - episode one\rainslickep1.exe |
"{2A90C7FA-83D5-413D-9FD6-F6E787BA843A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{2BC166CB-ED3D-40A0-A4F4-A2A7AD639049}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sega classics\segagenesisclassics.exe |
"{31AF088E-D323-49D7-85AE-6238E730D2E6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom enforcer\system\xcom.exe |
"{3273DBBF-C4AB-4630-9F9C-F2CB1FEDCD56}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe |
"{32863A36-671A-43A0-9D2A-93BFD1BC9A22}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{32C284C9-ED68-4815-BE8A-C266927E088F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
"{32F41B10-11B6-4442-9BAC-20F5314A402E}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{338644B3-1DAA-4FCC-9F5C-1066CF56825C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{3904944A-65D1-4B9B-A4C2-9FAC814D3D90}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe |
"{39643916-86F9-4486-A53B-CF5F1C9A6D44}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{39BE4777-AD56-4F49-900B-5EAB38BA3CDD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe |
"{3B78E905-919D-4F13-A67E-B281C7DBD70C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{419DBE59-D692-4036-A029-7769E0AB82B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ufo afterlight\ufo.exe |
"{41C6B382-9166-424B-8B40-9006F354416B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x-com terror from the deep\runme.exe |
"{41EF00CA-B0E1-40CE-ACFC-E9C65427B902}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{42CF59A9-0493-4953-BE3F-C4EC1BF6FA2B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\puzzle agent\grickle101.exe |
"{433CA14E-FEA6-40BE-802F-400B4D4C2643}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psychonauts.exe |
"{436D593A-2DA5-4328-B63D-184560173F7C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{47ACF98F-6221-43F5-BCCA-B2D678D7D532}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bulletstorm\binaries\win32\shippingpc-stormgame.exe |
"{4B3E0D54-0F6F-4101-BBA8-F0A1A95AD499}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{5184550D-0F03-4935-98CC-5671389E79FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5B55E8BB-D630-4F7F-9F9C-9069AEDB7DD6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5C28F615-4AFF-4ED1-8F1E-41D3EA36283B}" = dir=in | app=d:\program files (x86)\ptc\pvx\i486_nt\obj\productview.exe |
"{5C3BE4C1-4B1A-4B03-90A6-4D805F68A7AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5D802442-B655-4243-BF6C-13B3F62016E2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{645F22DB-974E-4C28-961E-4B3604FF0E3F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe |
"{64C5848E-A6E3-4D2B-894B-517C607A43D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam the random encounter\sstre.exe |
"{65C0EE70-6496-4EDB-A9AA-74EA833ECC45}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\delve deeper\delvedeeper.exe |
"{68E0A762-8238-4554-A7E9-703A407DD103}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blocks that matter\btm_launcher_win.exe |
"{68F0DF8B-D80D-459A-BAEF-04D1ED8C572D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\might and magic clash of heroes\clashofheroes.exe |
"{690956A7-1EBA-495D-BF48-A815816409F3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear\custom.exe |
"{6B79DCFE-5992-468D-A845-47118DDAA03F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{6F49E621-D643-44C4-965B-BC6D6D5A9CCC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sega classics\segagenesisclassics.exe |
"{70C82377-64F2-4635-B1D5-7061BEF14559}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7122B725-87BB-4728-9992-21DB6069A978}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe |
"{736B05FC-7E6D-48DF-B008-8A5DA1AB08B3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{75D686E5-D685-4F80-BDD2-0308970DB2B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief deadly shadows\system\runme.exe |
"{7C225BBF-60D4-4CA6-A1D0-D97EBAA0EFF5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom ufo defense\xcom\ufo defense_patched.exe |
"{7D8160B7-3714-46B0-8491-4C086BF36F6A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chantelise\custom.exe |
"{82BBC64A-8380-4ACF-A7DF-6F98263FA06A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{84F633D8-A6EA-46FC-9A63-E3CBC66CB670}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear\recettear.exe |
"{86ACB5F7-45B1-4B9E-8845-80509996F4FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ninja reflex\ninjareflex.exe |
"{8720065A-C9EA-44C2-8786-7E5EE311B410}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{873D00A9-13FA-417F-A96C-075368C0BD77}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\puzzle agent\grickle101.exe |
"{8927DF51-4489-488D-AEF6-6EF1F13CA77E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear\recettear.exe |
"{89C10380-75AC-4A3C-92C4-013E268A25E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lone survivor\lonesurvivor\lonesurvivor.exe |
"{8E2FE7B3-FF00-4805-8AEE-0781085F9B4F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{8F1383CC-74DA-400A-A62D-9B8395D904BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{91100486-8A3B-41EB-8E35-971E60D3CB27}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex\system\deusex.exe |
"{91A180D3-150D-4863-8B03-F935EF5CEDFD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{92CAA75B-DC3B-4A05-9356-CC212005599C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{92F91979-2AF3-4A79-94A4-66975DDDD04F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe |
"{93BCD280-2568-4251-AA4E-06F384A7B48C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{943DE906-C7FA-4379-8E22-25092D7BE992}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{951847AA-39D0-428D-98FF-28E0AB48F63A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{98DB6A0F-0295-4676-B7AD-CC3AE5BC5CAB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9B061228-F9E0-4878-AD47-D7C2D6EA697F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{9B54050D-B857-43A3-9CEF-6FEE1239882A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fortune summoners demo\sotes.exe |
"{9B7BA2BC-E1BB-455C-AF36-B011FBD749E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe |
"{9D74CAF2-A44B-4C03-B23A-900606A2B868}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine\trine_launcher.exe |
"{9E798239-B1E2-46A4-871D-BA5BF47400FC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ufo afterlight\ufo.exe |
"{A05C8C27-CD15-4D6A-B2E5-55DB596A7233}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe |
"{A07B31B9-A85E-4E5A-A452-E52C508C4E4B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien breed impact\binaries\alienbreed-impact.exe |
"{A102737C-8465-4C59-BD78-1F6D97E6B4BB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x-com terror from the deep\runme.exe |
"{A32C9534-4624-462A-B40C-DD0C054FDC6C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief_2\thief2.exe |
"{A3CFCBA4-FC14-4B1E-9619-77A126EB0809}" = protocol=17 | dir=in | app=c:\users\melfice\appdata\roaming\dropbox\bin\dropbox.exe |
"{A3F177C7-B29C-43F2-8807-DA3F18EAD06F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A79EB65E-587F-4C34-9F15-B10B83461A6E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A7F57BC5-3631-4022-AB0D-86D58D8985B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lone survivor\lonesurvivor\lonesurvivor.exe |
"{A8160CBF-CC7D-4E9C-BE5B-8850119DA93B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A980B16A-3D4A-4C1E-AA92-BB0BED3F8157}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AA738BE6-31EE-42A1-BA67-A6241179827A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AA747ACD-DC41-4BA6-86B2-CA0F75E50C3E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam the random encounter\sstre.exe |
"{ABCEE1E4-1C9B-4159-AD58-C5EFDA08377A}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{AE805AD9-5ACF-4621-8665-A6AE23AD5977}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AEA79DD0-9AAC-44D3-95F6-DCE06537C32A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe |
"{B1918BDA-28F6-4C66-836E-AB5FB4B0EFCA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe |
"{B24EFE44-D616-4ADA-A886-7FBE7B0365AB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chantelise\chantelise.exe |
"{B26225E9-B54B-4253-995E-88FB2B037A9C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B4218CAC-A536-4673-B86A-C75032203344}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe |
"{B4B91D68-F832-4D4F-BD75-D44A49B23A95}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\might and magic clash of heroes\clashofheroes.exe |
"{B4C311AA-80AF-4BCD-9B47-21476CAD93E2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fortune summoners demo\sotes.exe |
"{B63FCA06-72AF-4D54-BB0E-FCE4E1CBCE99}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{B71A4AD4-D02F-4FE1-B2F7-7F78F1E48011}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x-com terror from the deep\tfd\terror from the deep_patched.exe |
"{B870A9B3-495A-4BD1-85E1-C26507CC6635}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{B9F6BBCB-E97F-44B7-8100-78EAB6958206}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear\custom.exe |
"{B9F97355-3907-4778-8850-E52E1EF59C30}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chantelise\custom.exe |
"{BA5F1898-DD44-44AD-96FA-921D37B8FC4C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chantelise\chantelise.exe |
"{C08BB9F6-31A7-4379-B9CC-CBC43D040A20}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cthulhu saves the world\cstw.exe |
"{C465B31C-8857-4DF6-BBC2-B5C5E9B3E23C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe |
"{C583807C-7F0C-456E-8E51-C209F7AB89A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C7AB2A96-13BB-4D02-A3A4-FFEB9DC22E49}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sequence\sequence.exe |
"{CA36BCCF-A4F4-4392-9D6F-8AA2FD7EB443}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cthulhu saves the world\cstw.exe |
"{CA660C46-CEDF-4EEF-92D5-4BB8DBDA510D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{CE57C212-EF3F-47BC-9FCF-9939466E1724}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe |
"{CEB3E46F-2D7D-4EA4-8357-8BB13E1D47CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom ufo defense\dosbox.exe |
"{D14A862F-B7CE-48BC-9F18-9E65C043ECD9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{D2A65512-145C-4C11-9D38-002AB4C04D07}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{D30B9CC8-BCFE-4BED-92FB-FD84A5F96203}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D3243FA0-BB52-4842-8016-BAD9E764C1F5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blocks that matter\btm_launcher_win.exe |
"{D61E0E56-223D-4F5B-B9DE-9BC4DF750EFD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{D95351DC-A9D5-49BA-B00A-5D079364CC43}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\on the rain-slick precipice of darkness - episode one\rainslickep1.exe |
"{D9EC0D27-2D40-434B-ACF8-E2637292D5D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ninja reflex\ninjareflex.exe |
"{DA5254A1-C951-4ACA-A6BF-188AE061D759}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief deadly shadows\system\runme.exe |
"{DA7E7493-98AF-4043-A50A-01ADD55AD15E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\x-com terror from the deep\tfd\terror from the deep_patched.exe |
"{DD4BB57C-D9DF-46BB-9768-AEB762F604F6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DDF9EB9F-81BE-4B77-A186-DAA5F9F0C23C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe |
"{DEE1BE25-9B8B-4BDB-8D6C-17C44DA58030}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nation red\nationred.exe |
"{E1366063-BFD3-4BF3-A8EC-BEB0556738BA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\breath of death vii\bodviipc.exe |
"{E23C524F-4B5C-4ED3-9F20-9B958178DF1A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{E2B7A63C-DA7A-420F-80F5-B5108095E720}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bulletstorm\binaries\win32\shippingpc-stormgame.exe |
"{E5E6CD25-3646-40A1-8589-28AEBF8EAA32}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{E86A4CD8-F4A9-4841-8F8A-14F895EE45D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\breath of death vii\bodviipc.exe |
"{EC2F5460-05AF-4833-848E-57F8D583596B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\psychonauts\psychonauts.exe |
"{EDE88E3B-11FF-469E-8B1D-5F7D5422C3A1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sequence\sequence.exe |
"{F26FDCB6-64D7-4DC7-B86F-85FFDDFF6A0B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom ufo defense\xcom\ufo defense_patched.exe |
"{F3A6CD5D-A59C-481C-A236-302472D841F4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F3D0C61D-B1C0-4D0D-AA32-621774340484}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F488DEB4-A3EC-499C-B6C6-A35E14223A22}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{F4CBDE10-A6AA-4FA4-936B-E6D7EB6E18B4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"TCP Query User{00174407-5FCA-45D8-A846-A1C6FEFBE2FA}C:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe |
"TCP Query User{11D9E804-E1F4-41E8-9897-955C5954730C}C:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe |
"TCP Query User{1AEF323F-BAC8-489F-AC26-ED6FC1B3BE76}D:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe |
"TCP Query User{1B3B8988-0D01-4832-AF55-08177A9168EB}C:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe |
"TCP Query User{20D3AD1F-4BA4-41DB-98D4-97C0100A94CB}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{3CBA7197-2C9C-400D-AE8D-9BE718D2995D}C:\program files (x86)\electronic arts\gatling gears\game\gatlinggears\gatlinggears.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\gatling gears\game\gatlinggears\gatlinggears.exe |
"TCP Query User{5847F59E-63D6-4819-8B4B-5DE3EDE49081}D:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{5E39EE41-F221-407A-9911-2842640A3340}D:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe" = protocol=6 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe |
"TCP Query User{5EAA90B2-9E61-40F3-8DD5-A5E35146A307}C:\program files\proewildfire 5.0\bin\proe.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\bin\proe.exe |
"TCP Query User{60BE1701-40E0-48A6-B9A8-8E594FAA6FB3}C:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe |
"TCP Query User{68909700-552A-4848-BD49-2837322FB6C4}D:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe" = protocol=6 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe |
"TCP Query User{6A72D4ED-500E-4E0B-8771-F069EFBD4F79}C:\program files (x86)\steam\steamapps\melficeone\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\melficeone\team fortress 2\hl2.exe |
"TCP Query User{7E3EF718-FBA9-47E0-B938-C046A793FBFD}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"TCP Query User{81E57A9E-E980-41EA-807A-B2C5A20272C8}C:\program files\proewildfire 5.0\bin\proe.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\bin\proe.exe |
"TCP Query User{8CDD95B8-7E96-4902-8B81-C582B04DFCFB}C:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe |
"TCP Query User{9A746F4B-4555-4C25-A830-EC9DE4648D96}C:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"TCP Query User{A54C7E64-F223-4FCD-9629-BFBE769E4B6B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{A73D2DF8-EA7F-4C78-8775-19CD846F3B5D}C:\users\melfice\appdata\roaming\microsoft\windows\mysql-mxj\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=c:\users\melfice\appdata\roaming\microsoft\windows\mysql-mxj\bin\mysqld-nt.exe |
"TCP Query User{ABBB2091-7BB7-47B2-956E-5AF55939C9F6}C:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"TCP Query User{B048FD5C-B32C-42E2-9766-1462B5D4EA68}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{B4BF3197-C670-4A9E-870F-AADEBB1486DF}C:\program files (x86)\steam\steamapps\melficeone\bloody good time\bgt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\melficeone\bloody good time\bgt.exe |
"TCP Query User{B890C5F0-9700-4023-8E7C-39C30B23D276}D:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe |
"TCP Query User{B8D3E778-5142-426E-889E-BE1859CB91AF}D:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe" = protocol=6 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe |
"TCP Query User{C4BF8C17-67FD-4574-8FA1-5587A3D439D5}C:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe |
"TCP Query User{C93926EC-E028-4AD7-B3EF-31740583EC5F}D:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe" = protocol=6 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe |
"TCP Query User{CEE77FB8-0183-474D-809E-995C13827875}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{CFAA479C-6C69-48E9-A2AE-7A1E7DF6AFE3}D:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{D64180FF-BDE0-45D3-AEA6-9E60E04B8704}C:\program files (x86)\steam\steamapps\melficeone\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\melficeone\team fortress 2\hl2.exe |
"TCP Query User{DC147686-F520-4B87-A309-53ABA3107C04}C:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"TCP Query User{DCB318ED-2A54-4737-96B9-D9A7179E0322}C:\users\melfice\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\melfice\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{DD94203B-5C3E-4940-809A-8B24E11C6114}C:\program files (x86)\orbitdownloader\orbitdm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitdm.exe |
"TCP Query User{E54E424D-D57E-4359-A703-D8BA0E46F985}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{E5760DB1-0605-4D37-A949-56787190E6F4}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{E7077C85-9AAB-4DEC-949C-13E149B11E82}E:\jskfcatserver.exe" = protocol=6 | dir=in | app=e:\jskfcatserver.exe |
"UDP Query User{06268F4A-0A52-4BF0-8CC0-2CADC1CA7C7E}C:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe |
"UDP Query User{1320CDD1-C192-4D29-813D-492A101C7A52}C:\program files (x86)\steam\steamapps\melficeone\bloody good time\bgt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\melficeone\bloody good time\bgt.exe |
"UDP Query User{166FDF7D-5138-485D-8A65-C73A2704F0AC}C:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"UDP Query User{25E2BCC0-6BF1-49CB-9B66-E892218634BE}C:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe |
"UDP Query User{3006C2B3-2AC6-49AA-9005-68B727450D7D}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{35E87FD1-9AEA-44D3-A348-E80E83159D2A}E:\jskfcatserver.exe" = protocol=17 | dir=in | app=e:\jskfcatserver.exe |
"UDP Query User{39491388-02EE-4DC5-8E70-0176EBBF5734}D:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe" = protocol=17 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe |
"UDP Query User{3B6863B1-ED9D-45D8-82C4-90A6ED835C71}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{421F2EB8-E976-48DD-80CD-0B972D54A5A3}C:\program files (x86)\orbitdownloader\orbitdm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitdm.exe |
"UDP Query User{4997E979-0565-4904-AD86-5A7F5C2C238D}C:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"UDP Query User{57B574A9-1B0A-49AF-97D7-A85866AC37BC}D:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{6053DE18-66DF-402F-A03A-50861859449C}C:\users\melfice\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\melfice\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{63A9392F-15E9-4BB7-86BC-02DD31075798}C:\program files\proewildfire 5.0\bin\proe.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\bin\proe.exe |
"UDP Query User{6737470F-2CD5-41DC-99F2-5157C22C5A6F}D:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{6B0B463F-EA65-4C4A-BD5E-7E4BF5300CFE}D:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe" = protocol=17 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe |
"UDP Query User{6F5939AD-B89D-4A7B-8DCF-03A8F39AEB80}C:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe |
"UDP Query User{6F9D5BE8-2822-4858-8BD2-CC955C3C10DD}D:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe" = protocol=17 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe |
"UDP Query User{7215162F-BEE9-4E0D-A618-871A5250CACE}C:\program files (x86)\steam\steamapps\melficeone\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\melficeone\team fortress 2\hl2.exe |
"UDP Query User{787E9419-23B8-4821-9317-951298CBE72B}C:\program files (x86)\steam\steamapps\melficeone\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\melficeone\team fortress 2\hl2.exe |
"UDP Query User{7AF95BCA-3AED-47C6-8816-8AA5718B15DE}C:\program files (x86)\electronic arts\gatling gears\game\gatlinggears\gatlinggears.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\gatling gears\game\gatlinggears\gatlinggears.exe |
"UDP Query User{89FA4536-259A-46B2-B45A-4656D9743CBA}C:\program files\proewildfire 5.0\bin\proe.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\bin\proe.exe |
"UDP Query User{92D91A86-39B4-461A-8E91-C5C408218AE0}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{940012CE-1A38-449F-9E1F-62E6D4FC24A7}D:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe |
"UDP Query User{975FAE45-A115-452B-A13A-7C0548BBCFDF}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{99CEF612-B531-4748-8252-4D79EDC3B372}C:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe |
"UDP Query User{A022DE94-58EB-4764-A2C6-5344030D03D3}D:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe |
"UDP Query User{AA69AF5D-F8D2-48FE-9DFC-149310CBC299}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{BD149A4C-95E7-4501-A407-A2ABBA22F2BC}C:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"UDP Query User{D67E4604-1B9C-4F86-8A0A-5FB4662537D3}C:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe |
"UDP Query User{E2497D91-E396-44CB-A38D-94D4B45787BD}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{E2C0393E-2512-4675-9520-883A9DFB5C8A}D:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe" = protocol=17 | dir=in | app=d:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe |
"UDP Query User{F4A874B7-BC04-4C64-9185-E1E2BA02EE86}C:\users\melfice\appdata\roaming\microsoft\windows\mysql-mxj\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=c:\users\melfice\appdata\roaming\microsoft\windows\mysql-mxj\bin\mysqld-nt.exe |
"UDP Query User{F5E1E014-2323-4337-8B62-915E8962C487}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"UDP Query User{FA487F95-CBC5-4B6B-BEC8-96B8CAA2AC88}C:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{34565B7E-F28D-BEEE-75BB-06E7659FC76F}" = ATI Catalyst Install Manager
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{51BC086E-2946-442C-B01D-37587285E833}" = ProductView Express 9.1
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{617C7445-9152-3B2D-5618-117323D728E0}" = ccc-utility64
"{645C958A-F505-A126-F618-DDF4F9C3FE43}" = WMV9/VC-1 Video Playback
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6FF9A012-0254-41E9-81E2-F538C4B53611}" = TOSHIBA eco Utility
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A8F30C52-D992-4077-8A77-30ED12B6244C}" = Creo Thumbnail Viewer 1.0
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{F9232528-EA5C-4DA0-B8BE-637A70E9E673}" = ProductView Express 9.1
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Creo Elements/Pro Schools Edition Release 5.0 Datecode M080" = Creo Elements/Pro Schools Edition Release 5.0 Datecode M080
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Pro/ENGINEER Release Wildfire 5.0 Datecode M060" = Pro/ENGINEER Release Wildfire 5.0 Datecode M060
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{0315398D-7266-AB1A-D7DB-03B5ECB4B126}" = CCC Help Portuguese
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E66EC48-9DFD-0A60-A391-3A15D2F26696}" = CCC Help Japanese
"{0FF68F26-416C-4954-ACA5-6AD5F9DE99C1}" = Nero Multimedia Suite 10 Essentials
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{113DE365-7DB5-6E66-DC10-CF8A3E5BEC74}" = CCC Help Chinese Traditional
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{12109DE2-D313-3456-4C6D-2F1283554D28}" = CCC Help Danish
"{140347A0-4A0C-44FC-9CA1-C8A3471899B7}" = SdRt4200
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{19540CBA-3D6C-D1BB-F713-FC6B082E4D1F}" = CCC Help Greek
"{19B5CAAF-3E36-40F4-83F2-45E0D258000C}" = 神採りアルケミーマイスター Append02
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B3F8894-DC2F-AE2F-548C-BC7786F199FE}" = CCC Help Czech
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{1FB31D8B-476B-AECB-4831-21D65E28AF7A}" = Catalyst Control Center Graphics Previews Common
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2515EAA9-AE9F-4F0A-8301-B40034838B8A}" = Livestream Procaster
"{2580F3D5-CA0A-2D65-EA68-70F433B85146}" = CCC Help Thai
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 5
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{333AE6EB-2EDC-11D7-AAED-001060294115}" = IQ Marathon
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{36285812-1E91-CA80-B1E6-E305348621FE}" = CCC Help Dutch
"{36B3F8D7-F1C7-4558-A348-7C8171BB6404}" = ガジェット トライアル
"{37A58B85-C98F-11D5-B694-00E07D72A995}" = RM2K Mp3 Patch v1.1
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}" = TOSHIBA ConfigFree
"{394A362F-26A0-4F6E-BCFA-4564FB24E0BC}" = Quarry
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D047C6C-19EE-46E3-C14B-9FA84260DF9B}" = Photo Service - powered by myphotobook
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{41810510-3CE0-425B-BE07-B9793731737F}" = 神採りアルケミーマイスター
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{467CDF2F-AB27-4E91-814A-96AA8FBDC61D}_is1" = Zombpocalypse 0.9.2
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46C3E47E-C1BB-11D7-9E00-0004769EEFEB}" = Building Panic
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E27A271-351E-72DC-BD22-06A46243F2A5}" = CCC Help German
"{4ED9CBC6-14B7-4E2A-BF42-E6DD63E722C9}" = KISSsoft 03-2011
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{5684A50E-D6B1-5593-E292-72EFFF18197F}" = CCC Help Russian
"{5782EF38-8F32-4B9C-9A86-12877A93D8FE}" = Gatling Gears
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58C0E6D2-EA46-4765-A943-126EAF3C9D62}_is1" = Metro 2033 by O22y
"{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}" = TOSHIBA Wireless LAN Indicator
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{663140E6-EB60-11D6-AAED-0004769EEFEB}" = Snake Arena SE
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7EA2ACE0-9281-137B-D513-8B64A846A401}" = CCC Help Turkish
"{800F3931-0773-4BF2-ACF3-DF0A9CF2528D}" = Koihime_Musou
"{8064A378-46F4-4A4E-8AF5-153D0D4018DD}" = Catalyst Control Center - Branding
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8653955E-3E81-DD1E-C159-B9042649EA09}" = CCC Help Norwegian
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92AD9101-1F8A-1A9C-B54C-49EA654FCD03}" = CCC Help Italian
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FF1D21-3C31-C7DD-5201-7F91805706C2}" = CCC Help French
"{93A6108B-997A-FFE1-E304-31204DAAAA7C}" = CCC Help Korean
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{93EC173C-7811-44B6-8760-9515C0893A65}" = Duel 2
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E9C5551-2674-19BD-2BCE-24BF05908E03}" = CCC Help English
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A4ED0A4C-E9E1-78CF-59D8-C42BBB9ACDC5}" = CCC Help Finnish
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}" = Amazon.de
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD9E5D61-0EBB-4472-8DA9-359560FB6988}}_is1" = ƒOƒŠ[ƒtƒVƒ“ƒhƒ[ƒ€ Ver1.10
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2E92CF8-8D2F-4203-B5C4-177174472C9A}" = The Typing of The Dead
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6EDBA96-E5CF-EA2B-BEC1-005592B9358E}" = AMD VISION Engine Control Center
"{C7B5C8A0-CE3F-4645-A0B6-B5515794076D}" = 神採りアルケミーマイスター Ver2.00 Update
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2B30220-BEA5-4834-BD6C-54779C393814}" = ミクキス
"{D3CD7848-5C54-0C58-CB65-9A9B74AA3C2A}" = CCC Help Hungarian
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6DAF6F2-2ABF-83FE-B5C0-7C07711D9AA8}" = CCC Help Polish
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D7A7E557-2EB9-4075-9C0C-D889A7690C36}" = KISSsoft 03-2011-DEMO
"{DA47ABC4-52DF-468D-988D-B9E768A3DF52}" = Pizza Connection 2
"{DC26D0EF-06F7-9DC8-5E1F-AFEF20F8E7FC}" = CCC Help Spanish
"{DD5EF061-240A-DF5B-1B6A-A7E38733216D}" = Catalyst Control Center InstallProxy
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF10A0FC-1508-EF3B-AF9D-943B7AEDB967}" = CCC Help Swedish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E656D89A-8CBB-497F-918F-8361A4071C26}" = Nero Burning ROM 11
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EFE563B0-DDDB-45AF-B49A-C109C93E5F35}" = 神採りアルケミーマイスター Append01
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F73498A2-499B-4423-986E-90F99348609F}" = STEINS;GATE
"{F7506A7D-2FED-07D9-60A6-E0832A42A3DA}" = CCC Help Chinese Standard
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{F9D85C9A-4E99-8115-41DA-9427FD77AFD5}" = Catalyst Control Center Localization All
"{FDE58148-57E7-43BF-879A-29CCE818C078}" = eBay
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF54932F-5852-49B4-A614-5E2DAFA8505E}" = Virtual Playtable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF85AD26-D09A-11D6-AAED-0004769EEFEB}" = Gonzo Heads
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"BIT.TRIP RUNNER" = BIT.TRIP RUNNER (remove only)
"BitTorrent" = BitTorrent
"Blip Blop" = Blip Blop (remove only)
"C64 - Classix GOLD" = C64 - Classix GOLD- Version 1.00
"Catapults" = Catapults
"Cave Story Deluxe" = Cave Story Deluxe
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dark Omen" = Dark Omen
"Desura" = Desura
"don't take it personally, babe, it just ain't your story" = don't take it personally, babe, it just ain't your story 1.1
"Dr. Harrison 3.2D" = Dr. Harrison 3.2D
"Earth Defense Force Insect Armageddon_is1" = Earth Defense Force Insect Armageddon
"English Patch for Gadget Trial" = Gadget Trial English Localisation
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook
"facemoods" = Facemoods Toolbar
"Front Mission Evolved_is1" = Front Mission Evolved
"GOM Player" = GOM Player
"hedgewars" = Hedgewars
"Horo_is1" = Horo
"Icy Tower v1.5_is1" = Icy Tower v1.5
"Igneous_is1" = Igneous
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{19B5CAAF-3E36-40F4-83F2-45E0D258000C}" = 神採りアルケミーマイスター Append02
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{41810510-3CE0-425B-BE07-B9793731737F}" = 神採りアルケミーマイスター
"InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{C7B5C8A0-CE3F-4645-A0B6-B5515794076D}" = 神採りアルケミーマイスター Ver2.00 Update
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{EFE563B0-DDDB-45AF-B49A-C109C93E5F35}" = 神採りアルケミーマイスター Append01
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Katawa Shoujo" = Katawa Shoujo
"Magic Table_is1" = Magic Table 1.7.0.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"ManyCam" = ManyCam 3.0.79 (remove only)
"McAfee Virtual Technician" = McAfee Virtual Technician
"MinecraftCrack1.0" = MinecraftCrack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Neva" = Neva
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"PricePeep" = PricePeep for Internet Explorer
"Rainmeter" = Rainmeter (remove only)
"Retro Classix" = Retro Classix 1.0
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"SecuROM Diagnostic Tool" = SecuROM Diagnostic Tool
"Sheep" = Sheep
"Shira Oka - Second Chances 1.1.2" = Shira Oka - Second Chances 1.1.2
"Steam App 102600" = Orcs Must Die!
"Steam App 107100" = Bastion
"Steam App 107300" = Breath of Death VII
"Steam App 107310" = Cthulhu Saves the World
"Steam App 111800" = Blocks That Matter
"Steam App 113200" = The Binding Of Isaac
"Steam App 1250" = Killing Floor
"Steam App 13000" = Ninja Reflex: Steamworks Edition
"Steam App 18000" = On the Rain-Slick Precipice of Darkness, Episode One
"Steam App 18070" = The Baconing
"Steam App 200130" = Puzzler World 2
"Steam App 200910" = Sequence
"Steam App 201480" = Serious Sam: The Random Encounter
"Steam App 204060" = Superbrothers: Sword & Sworcery EP
"Steam App 209370" = Analogue: A Hate Story
"Steam App 209830" = Lone Survivor
"Steam App 211740" = Thief 2
"Steam App 22610" = Alien Breed: Impact
"Steam App 2450" = Bloody Good Time
"Steam App 26800" = Braid
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 31270" = Puzzle Agent
"Steam App 34270" = SEGA Genesis & Mega Drive Classics
"Steam App 35700" = Trine
"Steam App 3830" = Psychonauts
"Steam App 39800" = Nation Red
"Steam App 40800" = Super Meat Boy
"Steam App 41000" = Serious Sam HD: The First Encounter
"Steam App 41010" = Serious Sam HD: The Second Encounter
"Steam App 41070" = Serious Sam 3: BFE
"Steam App 43110" = Metro 2033
"Steam App 48000" = LIMBO
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 61700" = Might and Magic: Clash of Heroes
"Steam App 620" = Portal 2
"Steam App 630" = Alien Swarm
"Steam App 63800" = Delve Deeper
"Steam App 65800" = Dungeon Defenders
"Steam App 6910" = Deus Ex: Game of the Year Edition
"Steam App 6980" = Thief: Deadly Shadows
"Steam App 70400" = Recettear: An Item Shop's Tale
"Steam App 70420" = Chantelise
"Steam App 7500" = UFO: Afterlight
"Steam App 7650" = X-COM: Terror from the Deep
"Steam App 7760" = X-COM: UFO Defense
"Steam App 7770" = X-COM: Enforcer
"Steam App 91200" = Anomaly Warzone Earth
"Steam App 91600" = Sanctum
"Steam App 98800" = Dungeons of Dredmor
"Steam App 99810" = Bulletstorm
"Steamless Left4Dead2 Pack" = Steamless Left4Dead2 Pack
"Turok 2" = Turok 2: Seeds of Evil
"Utawarerumono English" = Utawarerumono English v1.1
"webmmf" = WebM Media Foundation Components
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"WTA-33136f14-14d5-4ebb-981f-08769c59bc06" = Plants vs. Zombies - Game of the Year
"WTA-374b417a-7ab2-4208-b04b-b02671fdb430" = Chicken Invaders 3 - Revenge of the Yolk
"WTA-41fcabba-9a7c-4d0c-a98f-4329bafed165" = Zuma Deluxe
"WTA-59d9f67f-d8bc-44bd-b780-f38fc7e94292" = Final Drive: Nitro
"WTA-6f151802-11ed-45da-9651-6ab9139150b1" = Penguins!
"WTA-726c3834-2637-4929-a672-e61956d4594e" = Wedding Dash 2 - Rings Around the World
"WTA-9b2342f1-6586-40ff-92da-58d81ac97fed" = Polar Bowler
"WTA-9fb812a3-ceb4-4c33-b4b1-42974266670d" = Bejeweled 3
"WTA-be61410d-7566-49cf-8d8c-69b79428f30b" = Insaniquarium Deluxe
"WTA-cff1b0c3-8ffa-4a6c-8e20-55e049ec7984" = Diner Dash 2 Restaurant Rescue
"WTA-d53a5529-9cbe-4f77-8d3c-6a459faffb68" = Chuzzle Deluxe
"WTA-d5ede00c-bc16-4fe2-a6f0-3fde9f818086" = Bejeweled 2 Deluxe
"WTA-d9642135-b49a-48b4-81ad-b6c7d9307155" = FATE
"WTA-fb3fe861-3c7d-4ab0-8459-27d6fefa707f" = Slingo Deluxe
"X-Force_is1" = X-Force: Fight For Destiny V0.915b03
"Xuse 永遠のアセリア - この大地の果てで -" = Xuse 永遠のアセリア - この大地の果てで - (Remove Only)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ダイバージェンス・メーター スクリーンセーバー" = ダイバージェンス・メーター スクリーンセーバー
"ダブルスポイラー_is1" = ダブルスポイラー ver 1.00a
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Castlevania - The Bloodletting V.1.3 BETA" = Castlevania - The Bloodletting V.1.3 BETA
"Dropbox" = Dropbox
"Hornado_is1" = Hornado 2.0
"InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"UnityWebPlayer" = Unity Web Player
"Wajam" = Wajam
"YSF_WIN" = YsF
"Yume Nikki 0.10 English" = Yume Nikki 0.10 English
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.05.2012 04:09:29 | Computer Name = Brongaa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WLXPhotoGallery.exe, Version: 15.4.3538.513,
Zeitstempel: 0x4dcdb214 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001faa0 ID des fehlerhaften
Prozesses: 0x2b2c Startzeit der fehlerhaften Anwendung: 0x01cd3ca934258eac Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 720e21a5-a89c-11e1-a0b3-e89a8f8efd81
Error - 28.05.2012 14:34:35 | Computer Name = Brongaa | Source = WinMgmt | ID = 10
Description =
Error - 28.05.2012 16:15:33 | Computer Name = Brongaa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mpc-hc.exe, Version: 1.5.3.3514,
Zeitstempel: 0x4e3453bc Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e211319 Ausnahmecode: 0xe06d7363 Fehleroffset: 0x0000b9bc ID des fehlerhaften
Prozesses: 0x1f7c Startzeit der fehlerhaften Anwendung: 0x01cd3d0e30e99edd Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: e054b603-a901-11e1-885d-e89a8f8efd81
Error - 29.05.2012 21:32:53 | Computer Name = Brongaa | Source = WinMgmt | ID = 10
Description =
Error - 30.05.2012 11:37:26 | Computer Name = Brongaa | Source = WinMgmt | ID = 10
Description =
Error - 31.05.2012 10:44:08 | Computer Name = Brongaa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421,
Zeitstempel: 0x4d76255d Name des fehlerhaften Moduls: Flash32_11_2_202_235.ocx,
Version: 11.2.202.235, Zeitstempel: 0x4f9af5a5 Ausnahmecode: 0xc0000005 Fehleroffset:
0x00420569 ID des fehlerhaften Prozesses: 0x1d78 Startzeit der fehlerhaften Anwendung:
0x01cd3f34a1e29fb7 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_2_202_235.ocx
Berichtskennung:
130b95e4-ab2f-11e1-bc9a-e89a8f8efd81
Error - 31.05.2012 14:44:44 | Computer Name = Brongaa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Dungeons of Dredmor.exe, Version:
0.0.0.0, Zeitstempel: 0x4f7bc61d Name des fehlerhaften Moduls: ntdll.dll, Version:
6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002dfe4
ID
des fehlerhaften Prozesses: 0x217c Startzeit der fehlerhaften Anwendung: 0x01cd3f5a9ebc6bf8
Pfad
der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\common\dungeons
of dredmor\Dungeons of Dredmor.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
b00b7d42-ab50-11e1-bc9a-e89a8f8efd81
Error - 01.06.2012 17:39:52 | Computer Name = Brongaa | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
Windows ausgefuhrt werden und wurde beendet. Uberprufen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: cd0 Startzeit: 01cd3e7a76f265c1 Endzeit: 83 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: 4b4da3a6-ac32-11e1-bc9a-e89a8f8efd81
Error - 01.06.2012 22:28:52 | Computer Name = Brongaa | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
Windows ausgefuhrt werden und wurde beendet. Uberprufen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 2b9c Startzeit: 01cd406763bff551 Endzeit: 35 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:
Error - 02.06.2012 07:19:15 | Computer Name = Brongaa | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
Windows ausgefuhrt werden und wurde beendet. Uberprufen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 6020 Startzeit: 01cd406df899ee44 Endzeit: 184 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:
Error - 02.06.2012 10:32:03 | Computer Name = Brongaa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cmd.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce78e2b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000cea18 ID des fehlerhaften
Prozesses: 0x5848 Startzeit der fehlerhaften Anwendung: 0x01cd40cc7699be54 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\cmd.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: b7d2c13a-acbf-11e1-bc9a-e89a8f8efd81
Error - 02.06.2012 15:32:58 | Computer Name = Brongaa | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
Windows ausgefuhrt werden und wurde beendet. Uberprufen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 3fd0 Startzeit: 01cd4040df8b96a2 Endzeit: 1986 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:
Error - 02.06.2012 16:25:08 | Computer Name = Brongaa | Source = WinMgmt | ID = 10
Description =
Error - 03.06.2012 06:09:22 | Computer Name = Brongaa | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: pglclock.exe, Version: 0.0.0.0, Zeitstempel:
0x4c745d5f Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000533dd ID des fehlerhaften
Prozesses: 0x20f0 Startzeit der fehlerhaften Anwendung: 0x01cd4170f1ea2352 Pfad der
fehlerhaften Anwendung: C:\Program Files\proeWildfire 5.0\x86e_win64\obj\pglclock.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 305ccfe1-ad64-11e1-afde-e89a8f8efd81
Error - 03.06.2012 06:11:38 | Computer Name = Brongaa | Source = Application Hang | ID = 1002
Description = Programm xtop.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgefuhrt
werden und wurde beendet. Uberprufen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1734 Startzeit:
01cd4170db3daaf4 Endzeit: 85 Anwendungspfad: C:\Program Files\proeWildfire 5.0\x86e_win64\obj\xtop.exe
Berichts-ID:
7c0a7a8f-ad64-11e1-afde-e89a8f8efd81
Error - 03.06.2012 10:15:33 | Computer Name = Brongaa | Source = WinMgmt | ID = 10
Description =
Error - 03.06.2012 18:00:29 | Computer Name = Brongaa | Source = WinMgmt | ID = 10
Description =
Error - 03.06.2012 18:05:39 | Computer Name = Brongaa | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 12.0.0.4493 kann nicht mehr unter Windows
ausgefuhrt werden und wurde beendet. Uberprufen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c20 Startzeit:
01cd41d4be2b025b Endzeit: 34 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
Error - 03.06.2012 18:11:45 | Computer Name = Brongaa | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
Windows ausgefuhrt werden und wurde beendet. Uberprufen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 40c Startzeit: 01cd41d4470bacde Endzeit: 44 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: 15c98220-adc9-11e1-9231-e89a8f8efd81
[ System Events ]
Error - 30.06.2012 18:29:29 | Computer Name = Brongaa | Source = bowser | ID = 8003
Description =
Error - 30.06.2012 18:56:15 | Computer Name = Brongaa | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst
abhangig: MfeFire. Dieser Dienst ist eventuell nicht installiert.
Error - 30.06.2012 18:56:15 | Computer Name = Brongaa | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Anti-Spam Service" ist von folgendem Dienst abhangig:
MfeFire. Dieser Dienst ist eventuell nicht installiert.
Error - 30.06.2012 18:57:15 | Computer Name = Brongaa | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.
Error - 30.06.2012 18:57:15 | Computer Name = Brongaa | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0"
wurde aufgrund folgenden Fehlers nicht gestartet: %%1053
Error - 30.06.2012 18:59:36 | Computer Name = Brongaa | Source = bowser | ID = 8003
Description =
Error - 30.06.2012 19:03:11 | Computer Name = Brongaa | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error - 30.06.2012 20:44:42 | Computer Name = Brongaa | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst
abhangig: MfeFire. Dieser Dienst ist eventuell nicht installiert.
Error - 30.06.2012 20:44:42 | Computer Name = Brongaa | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Anti-Spam Service" ist von folgendem Dienst abhangig:
MfeFire. Dieser Dienst ist eventuell nicht installiert.
Error - 30.06.2012 20:47:46 | Computer Name = Brongaa | Source = bowser | ID = 8003
Description =
< End of report >
Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.29.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Melfice :: BRONGAA [administrator] 01.07.2012 00:57:56 mbam-log-2012-07-01 (02-40-56).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 568456 Time elapsed: 1 hour(s), 42 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Melfice\LOCALS~1\Temp\msvyhbka.scr -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Danke vorab für Hilfe. |
|
01.07.2012, 11:54
| #2 |
| /// Malware-holic   | Ransom Trojan wird nicht durch Malwarebytes gelöscht hi
__________________wer illegale oder halb legale streams guckt, muss sich über malware nicht wundern, zumal deinem system einige updates fehlen, gefundenes fressen für solche leute, die angeblich kostenloses zeug zum angucken anbieten, aber umsonst ist nun mal nichts, was normalerweise geld kostet. schaun wir mal dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
F3:64bit: - HKCU WinNT: Load - (C:\Users\Melfice\LOCALS~1\Temp\msvyhbka.scr) - File not found
F3 - HKCU WinNT: Load - (C:\Users\Melfice\LOCALS~1\Temp\msvyhbka.scr) - File not found
:Files
:Commands
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
__________________ |
|
01.07.2012, 13:35
| #3 |
| | Ransom Trojan wird nicht durch Malwarebytes gelöscht Naja, solange hier niemand die Rechte dran hat is das alles i-wie Grauzone... aber das isteine andere Geschchte.
__________________Fix wie befohlen ausgeführt, Textdokument gibt aus Code:
ATTFilter ========== OTL ==========
64bit-Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Melfice\LOCALS~1\Temp\msvyhbka.scr scheduled to be deleted on reboot.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Melfice\LOCALS~1\Temp\msvyhbka.scr deleted successfully.
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.53.0 log created on 07012012_142755
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
64bit-Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Melfice\LOCALS~1\Temp\msvyhbka.scr deleted successfully.
Ich bedanke mich im Vornhinein für die Hilfe und entschuldige mich für entstandende unannehmlichkeiten |
|
01.07.2012, 13:50
| #4 |
| /// Malware-holic | Ransom Trojan wird nicht durch Malwarebytes gelöscht das ins netz stellen urheberrechtlich geschtützter werke ist strafbar. das ansehen ist evtl. in einer grauzone, aber denkst du wirklich diese leute verdienen nicht mit euch, da gehts um hunderte millionen durch werbung + die malware die noch verteilt wird hi für eine weitere analyse benötige ich mal folgendes. c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte Trojaner-Board Upload Channel
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.07.2012, 14:07
| #5 |
| | Ransom Trojan wird nicht durch Malwarebytes gelöscht okay, ist hochgeladen. warte nun auf weitere Anweisungen |
|
01.07.2012, 16:13
| #6 | |
| /// Malware-holic | Ransom Trojan wird nicht durch Malwarebytes gelöschtCombofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Ransom Trojan wird nicht durch Malwarebytes gelöscht |
|
01.07.2012, 16:28
| #7 |
| | Ransom Trojan wird nicht durch Malwarebytes gelöscht der bösartige Registry wert in MBAM nicht mehr angezeigt (grade nockmal einen quick scan drüberlaufen lassen) trotzdem Combofix ausführen? Combofix sagt Code:
ATTFilter ComboFix 12-07-01.03 - Melfice 01.07.2012 17:49:58.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1031.18.7655.5468 [GMT 2:00]
Running from: c:\users\Melfice\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\2wDbJkVL.exe_
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4346.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM450D.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM453D.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM45BC.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM45DD.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM45FF.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4610.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4631.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4A58.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4A79.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4A8B.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4AAC.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4BB7.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4BD9.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4BEA.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4C69.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4CE8.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4D28.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4E43.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4E64.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4F9E.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM4FBF.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM500F.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM515A.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM51E8.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM52D4.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM5594.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM56CE.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM57BA.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM582A.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM5889.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM5A7E.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM5E86.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM5F05.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM6196.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM62C0.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM638D.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM6766.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM6842.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM693E.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM6BB0.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM6FB8.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM7150.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM72E8.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM7605.tmp
c:\users\Melfice\AppData\Local\Temp\XTMP1MC3VE\DEM7636.tmp
c:\users\Melfice\AppData\Local\Temp\YTMP7MC8AA\TAA84C3.tmp
c:\users\Melfice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kitre0.exe.lnk
c:\windows\apppatch\AppLoc.exe
c:\windows\IsUn0407.exe
c:\windows\ƒ_ƒCƒo[ƒWƒFƒ“ƒXEƒ[ƒ^[ ƒXƒNƒŠ[ƒ“ƒZ[ƒo[.scr
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-01 to 2012-07-01 )))))))))))))))))))))))))))))))
.
.
2012-07-01 16:01 . 2012-07-01 16:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-01 16:01 . 2012-07-01 16:01 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-01 15:05 . 2012-06-28 12:52 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-01 15:05 . 2012-06-28 12:52 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-01 15:05 . 2012-06-28 12:52 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-01 15:05 . 2012-06-28 12:52 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-01 15:05 . 2012-06-28 12:52 958912 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-01 15:05 . 2012-06-28 12:52 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-01 15:05 . 2012-06-28 12:51 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-01 15:04 . 2012-06-28 12:52 41224 ----a-w- c:\windows\avastSS.scr
2012-07-01 15:04 . 2012-06-28 12:51 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-01 15:04 . 2012-07-01 15:04 -------- d-----w- c:\programdata\AVAST Software
2012-07-01 15:04 . 2012-07-01 15:04 -------- d-----w- c:\program files\AVAST Software
2012-07-01 12:27 . 2012-07-01 12:27 -------- d-----w- C:\_OTL
2012-07-01 09:32 . 2012-07-01 09:32 -------- d-----w- c:\users\Administrator\AppData\Roaming\Media Player Classic
2012-06-30 22:39 . 2012-06-30 22:39 -------- d-----w- c:\program files (x86)\Oracle
2012-06-30 22:20 . 2012-06-30 22:20 -------- d-----w- c:\users\Melfice\AppData\Roaming\GRETECH
2012-06-30 22:18 . 2012-06-30 22:18 -------- d-----w- c:\program files (x86)\GRETECH
2012-06-29 23:26 . 2012-06-29 23:29 -------- d-----w- c:\users\Melfice\AppData\Local\ManyCam
2012-06-29 23:26 . 2012-06-29 23:26 -------- d-----w- c:\programdata\ManyCam
2012-06-29 23:26 . 2012-06-29 23:29 -------- d-----w- c:\users\Melfice\AppData\Roaming\ManyCam
2012-06-29 23:26 . 2012-06-29 23:26 -------- d-----w- c:\program files (x86)\Ask.com
2012-06-29 23:26 . 2012-06-29 23:27 -------- d-----w- c:\program files (x86)\ManyCam
2012-06-29 23:25 . 2012-06-29 23:25 -------- d-----w- c:\programdata\Ask
2012-06-29 19:10 . 2012-07-01 09:32 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack
2012-06-29 08:01 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F4DBAC46-B623-4206-89E3-BEEE0BC7A80E}\mpengine.dll
2012-06-23 12:25 . 2012-06-23 12:25 -------- d-----w- c:\users\Melfice\AppData\Local\Macromedia
2012-06-21 22:55 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 22:55 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 22:55 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 22:55 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 22:54 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 22:54 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 22:54 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 22:53 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 22:53 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 12:49 . 2012-06-19 12:49 69632 ----a-w- c:\users\Melfice\AppData\Roaming\Microsoft\Windows\mysql-mxj\c-mxj-utils\kill.exe
2012-06-19 12:27 . 2012-06-19 12:27 5750784 ----a-w- c:\users\Melfice\AppData\Roaming\Microsoft\Windows\mysql-mxj\bin\mysqld-nt.exe
2012-06-15 01:00 . 2012-05-18 01:56 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-06-14 03:26 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 03:26 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 03:26 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 03:26 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-12 17:35 . 2012-06-12 17:35 -------- d-----w- c:\users\Melfice\AppData\Roaming\LoneSurvivor
2012-06-12 13:54 . 2012-06-12 13:54 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-12 13:53 . 2012-05-04 17:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-12 13:52 . 2012-06-12 13:53 -------- d-----w- c:\users\Melfice\AppData\Roaming\Braid
2012-06-10 21:57 . 2012-06-10 21:57 -------- d-----w- c:\windows\de
2012-06-10 21:55 . 2012-06-10 21:55 -------- d-----w- c:\windows\fr
2012-06-10 21:55 . 2012-06-10 21:55 -------- d-----w- c:\windows\en
2012-06-10 21:55 . 2012-06-10 21:55 -------- d-----w- c:\windows\it
2012-06-10 21:55 . 2012-06-10 21:55 -------- d-----w- c:\windows\nl
2012-06-10 21:46 . 2012-06-10 21:46 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7812e4371cd475202\MeshBetaRemover.exe
2012-06-10 21:46 . 2012-06-10 21:46 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\77ba62ab1cd475201\DSETUP.dll
2012-06-10 21:46 . 2012-06-10 21:46 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\77ba62ab1cd475201\DXSETUP.exe
2012-06-10 21:46 . 2012-06-10 21:46 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\77ba62ab1cd475201\dsetup32.dll
2012-06-05 17:23 . 2012-06-05 17:23 -------- d-----w- c:\users\Melfice\AppData\Roaming\InstallShield Installation Information
2012-06-05 17:23 . 2008-07-12 06:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-06-05 17:23 . 2008-07-12 06:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-06-05 17:23 . 2008-07-12 06:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-06-04 16:53 . 2012-06-04 16:53 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2012-06-04 16:53 . 2012-06-04 18:04 -------- d-----w- c:\users\Melfice\AppData\Local\Procaster
2012-06-04 16:53 . 2012-06-04 16:53 -------- d-----w- c:\program files (x86)\Livestream Procaster
2012-06-02 20:28 . 2012-06-02 20:28 -------- d-----w- c:\users\Melfice\AppData\Roaming\LolClient2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-27 22:11 . 2012-03-29 06:34 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-27 22:11 . 2011-09-26 18:39 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 17:29 . 2011-06-14 08:01 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-19 07:21 . 2012-04-19 07:21 130048 ----a-w- c:\programdata\2wDbJkVL.exe
2012-04-04 13:56 . 2012-02-12 13:11 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-06 19:33 1519304 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}]
2012-02-02 23:58 924488 ----a-w- c:\program files (x86)\PricePeep\pricepeep.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Melfice\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Melfice\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Melfice\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-26 3077528]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-06-05 6380440]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-02-22 6591800]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-01-02 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"ManyCam"="c:\program files (x86)\ManyCam\Bin\ManyCam.exe" [2012-06-06 2160536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-01-07 1406248]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-06 1564872]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-06-28 4273976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\Melfice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Melfice\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Rainmeter.lnk - c:\program files (x86)\Rainmeter\Rainmeter.exe [2006-1-21 118784]
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-6-14 1470848]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-01 136176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-02-21 131912]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-01 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-01 129976]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2010-11-30 307304]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-04-05 828336]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-29 270912]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-25 204288]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-06-28 71064]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2012-01-13 103440]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-04-07 294328]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S2 UCManSvc;UCManSvc;c:\program files (x86)\SoftDenchi\UCManSvc.exe [2010-03-12 241808]
S2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [2012-02-10 109064]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-05-25 9263104]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-05-25 300544]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-02-09 77424]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-08 38096]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2009-06-15 12800]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-04 1109096]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-01 13:58]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-01 13:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-06-28 12:51 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Melfice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Melfice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Melfice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Melfice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2011-06-14 150992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.fakku.net/viewforum.php?f=105
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Zu TOSHIBA Bulletin Board hinzufugen - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Melfice\AppData\Roaming\Mozilla\Firefox\Profiles\g039wqu1.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
Toolbar-Locked - (no file)
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
AddRemove-Blip Blop - d:\program files (x86)\Blip Blop\uninstall.exe
AddRemove-Catapults - d:\program files (x86)\Catapults\uninstall.exe
AddRemove-Dark Omen - c:\windows\IsUn0407.exe
AddRemove-don't take it personally, babe, it just ain't your story - c:\program files (x86)\don't take it personally
AddRemove-Dr. Harrison 3.2D - d:\program files (x86)\XLM Software\Doc Harrison\SXUNINST.EXE
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe
AddRemove-Igneous_is1 - c:\program files (x86)\Igneous\unins000.exe
AddRemove-MinecraftCrack1.0 - c:\minecraftcrack\uninstall.exe
AddRemove-Sheep - c:\windows\IsUn0407.exe
AddRemove-Turok 2 - c:\windows\IsUn0407.exe
AddRemove-Castlevania - The Bloodletting V.1.3 BETA - c:\program files (x86)\Castlevania - The Bloodletting V.1.3 BETA\Uninstall.exe
AddRemove-Hornado_is1 - d:\hornado\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\À0¤0Ð0ü0¸0§0ó0¹0û0á0ü0¿0ü0 *¹0¯0ê0ü0ó0»0ü0Ð0ü0]
"UninstallString"="c:\\Windows\\ƒ_ƒCƒo[ƒWƒFƒ“ƒXEƒ[ƒ^[ ƒXƒNƒŠ[ƒ“ƒZ[ƒo[Uninst.exe"
"DisplayName"="ƒ_ƒCƒo[ƒWƒFƒ“ƒXEƒ[ƒ^[ ƒXƒNƒŠ[ƒ“ƒZ[ƒo["
"DisplayIcon"="c:\\Windows\\ƒ_ƒCƒo[ƒWƒFƒ“ƒXEƒ[ƒ^[ ƒXƒNƒŠ[ƒ“ƒZ[ƒo[Uninst.exe,0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
.
**************************************************************************
.
Completion time: 2012-07-01 18:13:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-01 16:13
.
Pre-Run: 21 Verzeichnis(se), 15.793.565.696 Bytes frei
Post-Run: 23 Verzeichnis(se), 18.569.375.744 Bytes frei
.
- - End Of File - - BBC484703CBFF40B0DBB9AE274CF1248
|
|
02.07.2012, 13:24
| #8 |
| /// Malware-holic | Ransom Trojan wird nicht durch Malwarebytes gelöscht hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.07.2012, 15:31
| #9 |
| | Ransom Trojan wird nicht durch Malwarebytes gelöscht TDSS Killer sagt: Code:
ATTFilter 16:28:26.0712 15592 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
16:28:26.0960 15592 ============================================================
16:28:26.0960 15592 Current date / time: 2012/07/02 16:28:26.0960
16:28:26.0960 15592 SystemInfo:
16:28:26.0960 15592
16:28:26.0960 15592 OS Version: 6.1.7601 ServicePack: 1.0
16:28:26.0960 15592 Product type: Workstation
16:28:26.0960 15592 ComputerName: BRONGAA
16:28:26.0960 15592 UserName: Melfice
16:28:26.0960 15592 Windows directory: C:\Windows
16:28:26.0960 15592 System windows directory: C:\Windows
16:28:26.0960 15592 Running under WOW64
16:28:26.0960 15592 Processor architecture: Intel x64
16:28:26.0960 15592 Number of processors: 2
16:28:26.0960 15592 Page size: 0x1000
16:28:26.0960 15592 Boot type: Normal boot
16:28:26.0960 15592 ============================================================
16:28:28.0452 15592 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:28:28.0520 15592 ============================================================
16:28:28.0520 15592 \Device\Harddisk0\DR0:
16:28:28.0529 15592 MBR partitions:
16:28:28.0529 15592 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC8000, BlocksNum 0x25369000
16:28:28.0529 15592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x25431000, BlocksNum 0x25427000
16:28:28.0529 15592 ============================================================
16:28:28.0570 15592 C: <-> \Device\Harddisk0\DR0\Partition0
16:28:28.0630 15592 D: <-> \Device\Harddisk0\DR0\Partition1
16:28:28.0630 15592 ============================================================
16:28:28.0630 15592 Initialize success
16:28:28.0630 15592 ============================================================
16:28:56.0928 3256 ============================================================
16:28:56.0928 3256 Scan started
16:28:56.0928 3256 Mode: Manual; SigCheck; TDLFS;
16:28:56.0928 3256 ============================================================
16:29:00.0095 3256 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:29:00.0203 3256 1394ohci - ok
16:29:00.0249 3256 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:29:00.0270 3256 ACPI - ok
16:29:00.0308 3256 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:29:00.0341 3256 AcpiPmi - ok
16:29:00.0439 3256 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
16:29:00.0470 3256 adp94xx - ok
16:29:00.0513 3256 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
16:29:00.0540 3256 adpahci - ok
16:29:00.0583 3256 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
16:29:00.0601 3256 adpu320 - ok
16:29:00.0627 3256 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:29:00.0690 3256 AeLookupSvc - ok
16:29:00.0767 3256 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:29:00.0812 3256 AFD - ok
16:29:00.0854 3256 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:29:00.0872 3256 agp440 - ok
16:29:00.0903 3256 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:29:00.0946 3256 ALG - ok
16:29:00.0959 3256 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:29:00.0974 3256 aliide - ok
16:29:01.0040 3256 AMD External Events Utility (833d43cfbac21365d36cf797377457d9) C:\Windows\system32\atiesrxx.exe
16:29:01.0098 3256 AMD External Events Utility - ok
16:29:01.0120 3256 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:29:01.0135 3256 amdide - ok
16:29:01.0169 3256 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
16:29:01.0209 3256 AmdK8 - ok
16:29:01.0733 3256 amdkmdag (fad670b417adccd9c99bc3aa3d754958) C:\Windows\system32\DRIVERS\atikmdag.sys
16:29:02.0039 3256 amdkmdag - ok
16:29:02.0201 3256 amdkmdap (f0b63dead17f760dbc85ccd7bf978c05) C:\Windows\system32\DRIVERS\atikmpag.sys
16:29:02.0251 3256 amdkmdap - ok
16:29:02.0298 3256 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:29:02.0339 3256 AmdPPM - ok
16:29:02.0373 3256 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:29:02.0399 3256 amdsata - ok
16:29:02.0422 3256 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
16:29:02.0440 3256 amdsbs - ok
16:29:02.0444 3256 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:29:02.0458 3256 amdxata - ok
16:29:02.0490 3256 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:29:02.0567 3256 AppID - ok
16:29:02.0607 3256 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:29:02.0691 3256 AppIDSvc - ok
16:29:02.0720 3256 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:29:02.0781 3256 Appinfo - ok
16:29:02.0861 3256 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
16:29:02.0892 3256 arc - ok
16:29:02.0902 3256 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
16:29:02.0920 3256 arcsas - ok
16:29:03.0009 3256 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:29:03.0032 3256 aspnet_state - ok
16:29:03.0080 3256 aswFsBlk (5d0fcd12a43e92409eb2ac88c6cf7d48) C:\Windows\system32\drivers\aswFsBlk.sys
16:29:03.0102 3256 aswFsBlk - ok
16:29:03.0170 3256 aswMonFlt (d51d963c2357b02a862f99bc0802aabb) C:\Windows\system32\drivers\aswMonFlt.sys
16:29:03.0194 3256 aswMonFlt - ok
16:29:03.0220 3256 aswRdr (f2a846c15ea4e35d0a8e53891abdf528) C:\Windows\System32\Drivers\aswrdr2.sys
16:29:03.0234 3256 aswRdr - ok
16:29:03.0316 3256 aswSnx (87542057e699eed8d1a545c75cef4547) C:\Windows\system32\drivers\aswSnx.sys
16:29:03.0351 3256 aswSnx - ok
16:29:03.0406 3256 aswSP (58143f82d886e10bafe33dc57eee53f9) C:\Windows\system32\drivers\aswSP.sys
16:29:03.0427 3256 aswSP - ok
16:29:03.0468 3256 aswTdi (c944767bd5e69bf3f49a6562abd4eaea) C:\Windows\system32\drivers\aswTdi.sys
16:29:03.0484 3256 aswTdi - ok
16:29:03.0539 3256 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:29:03.0611 3256 AsyncMac - ok
16:29:03.0631 3256 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:29:03.0645 3256 atapi - ok
16:29:03.0718 3256 AtiHDAudioService (e02b26650acc2f4901342d4a66774ad7) C:\Windows\system32\drivers\AtihdW76.sys
16:29:03.0748 3256 AtiHDAudioService - ok
16:29:03.0820 3256 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:29:03.0902 3256 AudioEndpointBuilder - ok
16:29:03.0911 3256 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:29:03.0958 3256 AudioSrv - ok
16:29:04.0085 3256 avast! Antivirus (b31f785751157aa8e2a33ea1cb4dc5be) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:29:04.0111 3256 avast! Antivirus - ok
16:29:04.0169 3256 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:29:04.0231 3256 AxInstSV - ok
16:29:04.0283 3256 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
16:29:04.0325 3256 b06bdrv - ok
16:29:04.0370 3256 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:29:04.0425 3256 b57nd60a - ok
16:29:04.0520 3256 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
16:29:04.0546 3256 BBSvc - ok
16:29:04.0568 3256 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:29:04.0599 3256 BDESVC - ok
16:29:04.0640 3256 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:29:04.0683 3256 Beep - ok
16:29:04.0757 3256 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:29:04.0842 3256 BFE - ok
16:29:04.0913 3256 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
16:29:05.0054 3256 BITS - ok
16:29:05.0224 3256 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
16:29:05.0282 3256 blbdrive - ok
16:29:05.0305 3256 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:29:05.0341 3256 bowser - ok
16:29:05.0367 3256 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
16:29:05.0411 3256 BrFiltLo - ok
16:29:05.0433 3256 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
16:29:05.0452 3256 BrFiltUp - ok
16:29:05.0529 3256 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:29:05.0602 3256 BridgeMP - ok
16:29:05.0645 3256 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:29:05.0737 3256 Browser - ok
16:29:05.0779 3256 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:29:05.0828 3256 Brserid - ok
16:29:05.0835 3256 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:29:05.0864 3256 BrSerWdm - ok
16:29:05.0869 3256 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:29:05.0891 3256 BrUsbMdm - ok
16:29:05.0895 3256 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:29:05.0922 3256 BrUsbSer - ok
16:29:05.0946 3256 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
16:29:05.0987 3256 BTHMODEM - ok
16:29:06.0022 3256 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:29:06.0084 3256 bthserv - ok
16:29:06.0113 3256 catchme - ok
16:29:06.0164 3256 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:29:06.0248 3256 cdfs - ok
16:29:06.0296 3256 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:29:06.0315 3256 cdrom - ok
16:29:06.0367 3256 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:29:06.0468 3256 CertPropSvc - ok
16:29:06.0589 3256 cfWiMAXService (41e7c4fa6491747402cfca77cc1c7aab) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
16:29:06.0617 3256 cfWiMAXService - ok
16:29:06.0670 3256 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
16:29:06.0730 3256 circlass - ok
16:29:06.0781 3256 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:29:06.0813 3256 CLFS - ok
16:29:06.0868 3256 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:29:06.0897 3256 clr_optimization_v2.0.50727_32 - ok
16:29:06.0946 3256 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:29:06.0960 3256 clr_optimization_v2.0.50727_64 - ok
16:29:07.0061 3256 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:29:07.0086 3256 clr_optimization_v4.0.30319_32 - ok
16:29:07.0137 3256 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:29:07.0176 3256 clr_optimization_v4.0.30319_64 - ok
16:29:07.0206 3256 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
16:29:07.0252 3256 CmBatt - ok
16:29:07.0295 3256 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:29:07.0314 3256 cmdide - ok
16:29:07.0364 3256 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:29:07.0395 3256 CNG - ok
16:29:07.0517 3256 CnxtHdAudService (66847c979893a11cfcc2280e772d7ea1) C:\Windows\system32\drivers\CHDRT64.sys
16:29:07.0557 3256 CnxtHdAudService - ok
16:29:07.0680 3256 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
16:29:07.0709 3256 Compbatt - ok
16:29:07.0730 3256 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:29:07.0768 3256 CompositeBus - ok
16:29:07.0783 3256 COMSysApp - ok
16:29:07.0874 3256 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
16:29:07.0897 3256 ConfigFree Service - ok
16:29:07.0923 3256 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
16:29:07.0948 3256 crcdisk - ok
16:29:08.0019 3256 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
16:29:08.0051 3256 CryptSvc - ok
16:29:08.0123 3256 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:29:08.0203 3256 DcomLaunch - ok
16:29:08.0250 3256 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:29:08.0312 3256 defragsvc - ok
16:29:08.0406 3256 Desura Install Service (2b9a817dc1bdad9ce5495099b6a7136a) C:\Program Files (x86)\Common Files\Desura\desura_service.exe
16:29:08.0429 3256 Desura Install Service - ok
16:29:08.0461 3256 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:29:08.0503 3256 DfsC - ok
16:29:08.0566 3256 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:29:08.0635 3256 Dhcp - ok
16:29:08.0640 3256 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:29:08.0688 3256 discache - ok
16:29:08.0752 3256 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
16:29:08.0772 3256 Disk - ok
16:29:08.0806 3256 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:29:08.0845 3256 Dnscache - ok
16:29:08.0869 3256 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:29:08.0927 3256 dot3svc - ok
16:29:08.0954 3256 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:29:08.0999 3256 DPS - ok
16:29:09.0042 3256 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:29:09.0074 3256 drmkaud - ok
16:29:09.0127 3256 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:29:09.0145 3256 dtsoftbus01 - ok
16:29:09.0227 3256 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:29:09.0261 3256 DXGKrnl - ok
16:29:09.0303 3256 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:29:09.0388 3256 EapHost - ok
16:29:09.0568 3256 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
16:29:09.0636 3256 ebdrv - ok
16:29:09.0719 3256 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:29:09.0768 3256 EFS - ok
16:29:09.0835 3256 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:29:09.0877 3256 ehRecvr - ok
16:29:09.0912 3256 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:29:09.0943 3256 ehSched - ok
16:29:10.0035 3256 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
16:29:10.0071 3256 elxstor - ok
16:29:10.0077 3256 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:29:10.0092 3256 ErrDev - ok
16:29:10.0153 3256 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:29:10.0201 3256 EventSystem - ok
16:29:10.0235 3256 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:29:10.0299 3256 exfat - ok
16:29:10.0327 3256 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:29:10.0396 3256 fastfat - ok
16:29:10.0468 3256 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:29:10.0531 3256 Fax - ok
16:29:10.0571 3256 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
16:29:10.0611 3256 fdc - ok
16:29:10.0639 3256 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:29:10.0683 3256 fdPHost - ok
16:29:10.0704 3256 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:29:10.0763 3256 FDResPub - ok
16:29:10.0787 3256 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:29:10.0802 3256 FileInfo - ok
16:29:10.0813 3256 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:29:10.0872 3256 Filetrace - ok
16:29:10.0896 3256 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
16:29:10.0912 3256 flpydisk - ok
16:29:10.0942 3256 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:29:10.0963 3256 FltMgr - ok
16:29:11.0037 3256 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:29:11.0077 3256 FontCache - ok
16:29:11.0131 3256 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:29:11.0157 3256 FontCache3.0.0.0 - ok
16:29:11.0202 3256 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:29:11.0219 3256 FsDepends - ok
16:29:11.0256 3256 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:29:11.0271 3256 Fs_Rec - ok
16:29:11.0316 3256 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:29:11.0341 3256 fvevol - ok
16:29:11.0376 3256 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
16:29:11.0392 3256 gagp30kx - ok
16:29:11.0495 3256 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
16:29:11.0521 3256 GamesAppService - ok
16:29:11.0574 3256 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:29:11.0637 3256 gpsvc - ok
16:29:11.0725 3256 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:29:11.0747 3256 gupdate - ok
16:29:11.0753 3256 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:29:11.0767 3256 gupdatem - ok
16:29:11.0792 3256 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:29:11.0827 3256 hcw85cir - ok
16:29:11.0857 3256 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:29:11.0896 3256 HdAudAddService - ok
16:29:11.0939 3256 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:29:11.0984 3256 HDAudBus - ok
16:29:12.0004 3256 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
16:29:12.0032 3256 HidBatt - ok
16:29:12.0054 3256 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
16:29:12.0095 3256 HidBth - ok
16:29:12.0100 3256 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
16:29:12.0119 3256 HidIr - ok
16:29:12.0147 3256 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
16:29:12.0225 3256 hidserv - ok
16:29:12.0278 3256 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:29:12.0310 3256 HidUsb - ok
16:29:12.0337 3256 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:29:12.0415 3256 hkmsvc - ok
16:29:12.0442 3256 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:29:12.0493 3256 HomeGroupListener - ok
16:29:12.0527 3256 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:29:12.0561 3256 HomeGroupProvider - ok
16:29:12.0607 3256 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:29:12.0634 3256 HpSAMD - ok
16:29:12.0698 3256 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:29:12.0774 3256 HTTP - ok
16:29:12.0779 3256 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:29:12.0793 3256 hwpolicy - ok
16:29:12.0820 3256 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:29:12.0837 3256 i8042prt - ok
16:29:12.0909 3256 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:29:12.0940 3256 iaStorV - ok
16:29:13.0054 3256 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:29:13.0081 3256 IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:29:13.0081 3256 IDriverT - detected UnsignedFile.Multi.Generic (1)
16:29:13.0190 3256 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:29:13.0226 3256 idsvc - ok
16:29:13.0343 3256 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
16:29:13.0365 3256 iirsp - ok
16:29:13.0431 3256 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:29:13.0503 3256 IKEEXT - ok
16:29:13.0511 3256 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:29:13.0526 3256 intelide - ok
16:29:13.0546 3256 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
16:29:13.0576 3256 intelppm - ok
16:29:13.0599 3256 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:29:13.0665 3256 IPBusEnum - ok
16:29:13.0691 3256 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:29:13.0749 3256 IpFilterDriver - ok
16:29:13.0809 3256 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:29:13.0876 3256 iphlpsvc - ok
16:29:13.0904 3256 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:29:13.0935 3256 IPMIDRV - ok
16:29:13.0942 3256 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:29:13.0991 3256 IPNAT - ok
16:29:14.0020 3256 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:29:14.0041 3256 IRENUM - ok
16:29:14.0045 3256 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:29:14.0060 3256 isapnp - ok
16:29:14.0083 3256 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:29:14.0103 3256 iScsiPrt - ok
16:29:14.0131 3256 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:29:14.0145 3256 kbdclass - ok
16:29:14.0185 3256 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:29:14.0240 3256 kbdhid - ok
16:29:14.0276 3256 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:29:14.0309 3256 KeyIso - ok
16:29:14.0324 3256 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:29:14.0340 3256 KSecDD - ok
16:29:14.0358 3256 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:29:14.0374 3256 KSecPkg - ok
16:29:14.0393 3256 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:29:14.0457 3256 ksthunk - ok
16:29:14.0511 3256 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:29:14.0590 3256 KtmRm - ok
16:29:14.0641 3256 L1C (045fb70bc993b691517ce309045ff02d) C:\Windows\system32\DRIVERS\L1C62x64.sys
16:29:14.0668 3256 L1C - ok
16:29:14.0731 3256 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
16:29:14.0805 3256 LanmanServer - ok
16:29:14.0835 3256 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:29:14.0894 3256 LanmanWorkstation - ok
16:29:14.0939 3256 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:29:14.0981 3256 lltdio - ok
16:29:15.0010 3256 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:29:15.0074 3256 lltdsvc - ok
16:29:15.0097 3256 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:29:15.0160 3256 lmhosts - ok
16:29:15.0209 3256 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
16:29:15.0225 3256 LSI_FC - ok
16:29:15.0511 3256 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
16:29:15.0569 3256 LSI_SAS - ok
16:29:15.0594 3256 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
16:29:15.0609 3256 LSI_SAS2 - ok
16:29:15.0639 3256 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
16:29:15.0655 3256 LSI_SCSI - ok
16:29:15.0675 3256 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:29:15.0736 3256 luafv - ok
16:29:15.0806 3256 ManyCam (922cbac7b992b9614cab7122f4bf9406) C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
16:29:15.0852 3256 ManyCam - ok
16:29:15.0946 3256 McAfee SiteAdvisor Service (be8c524313db75fa26fb2b0c0aaff88e) c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
16:29:15.0975 3256 McAfee SiteAdvisor Service - ok
16:29:16.0014 3256 mcaudrv_simple (34a42dd7cf525d0d2c5232916496e4b8) C:\Windows\system32\drivers\mcaudrv_x64.sys
16:29:16.0028 3256 mcaudrv_simple - ok
16:29:16.0066 3256 McMPFSvc - ok
16:29:16.0095 3256 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:29:16.0115 3256 Mcx2Svc - ok
16:29:16.0142 3256 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
16:29:16.0158 3256 megasas - ok
16:29:16.0173 3256 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
16:29:16.0193 3256 MegaSR - ok
16:29:16.0227 3256 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:29:16.0287 3256 MMCSS - ok
16:29:16.0292 3256 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:29:16.0352 3256 Modem - ok
16:29:16.0399 3256 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:29:16.0437 3256 monitor - ok
16:29:16.0476 3256 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:29:16.0492 3256 mouclass - ok
16:29:16.0508 3256 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:29:16.0549 3256 mouhid - ok
16:29:16.0588 3256 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:29:16.0605 3256 mountmgr - ok
16:29:16.0682 3256 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:29:16.0710 3256 MozillaMaintenance - ok
16:29:16.0732 3256 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:29:16.0749 3256 mpio - ok
16:29:16.0777 3256 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:29:16.0819 3256 mpsdrv - ok
16:29:16.0883 3256 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:29:16.0964 3256 MpsSvc - ok
16:29:16.0990 3256 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:29:17.0032 3256 MRxDAV - ok
16:29:17.0071 3256 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:29:17.0090 3256 mrxsmb - ok
16:29:17.0112 3256 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:29:17.0132 3256 mrxsmb10 - ok
16:29:17.0151 3256 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:29:17.0183 3256 mrxsmb20 - ok
16:29:17.0221 3256 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\DRIVERS\msahci.sys
16:29:17.0249 3256 msahci - ok
16:29:17.0272 3256 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:29:17.0291 3256 msdsm - ok
16:29:17.0322 3256 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:29:17.0361 3256 MSDTC - ok
16:29:17.0380 3256 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:29:17.0442 3256 Msfs - ok
16:29:17.0476 3256 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:29:17.0542 3256 mshidkmdf - ok
16:29:17.0565 3256 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:29:17.0580 3256 msisadrv - ok
16:29:17.0642 3256 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:29:17.0701 3256 MSiSCSI - ok
16:29:17.0705 3256 msiserver - ok
16:29:17.0777 3256 MSK80Service - ok
16:29:17.0844 3256 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:29:17.0902 3256 MSKSSRV - ok
16:29:17.0906 3256 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:29:17.0967 3256 MSPCLOCK - ok
16:29:17.0972 3256 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:29:18.0025 3256 MSPQM - ok
16:29:18.0057 3256 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:29:18.0085 3256 MsRPC - ok
16:29:18.0094 3256 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:29:18.0109 3256 mssmbios - ok
16:29:18.0123 3256 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:29:18.0182 3256 MSTEE - ok
16:29:18.0187 3256 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
16:29:18.0216 3256 MTConfig - ok
16:29:18.0241 3256 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:29:18.0256 3256 Mup - ok
16:29:18.0293 3256 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:29:18.0367 3256 napagent - ok
16:29:18.0427 3256 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:29:18.0471 3256 NativeWifiP - ok
16:29:18.0593 3256 NAUpdate (1bbbf640bc0e0b750537baece8d66c18) c:\Program Files (x86)\Nero\Update\NASvc.exe
16:29:18.0620 3256 NAUpdate - ok
16:29:18.0709 3256 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:29:18.0746 3256 NDIS - ok
16:29:18.0785 3256 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:29:18.0844 3256 NdisCap - ok
16:29:18.0872 3256 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:29:18.0914 3256 NdisTapi - ok
16:29:18.0932 3256 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:29:18.0974 3256 Ndisuio - ok
16:29:19.0000 3256 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:29:19.0057 3256 NdisWan - ok
16:29:19.0063 3256 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:29:19.0107 3256 NDProxy - ok
16:29:19.0118 3256 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:29:19.0174 3256 NetBIOS - ok
16:29:19.0202 3256 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:29:19.0272 3256 NetBT - ok
16:29:19.0309 3256 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:29:19.0327 3256 Netlogon - ok
16:29:19.0388 3256 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:29:19.0453 3256 Netman - ok
16:29:19.0553 3256 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:29:19.0593 3256 NetMsmqActivator - ok
16:29:19.0609 3256 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:29:19.0625 3256 NetPipeActivator - ok
16:29:19.0675 3256 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:29:19.0755 3256 netprofm - ok
16:29:19.0760 3256 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:29:19.0775 3256 NetTcpActivator - ok
16:29:19.0780 3256 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:29:19.0794 3256 NetTcpPortSharing - ok
16:29:19.0858 3256 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
16:29:19.0881 3256 nfrd960 - ok
16:29:19.0952 3256 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:29:20.0008 3256 NlaSvc - ok
16:29:20.0024 3256 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:29:20.0066 3256 Npfs - ok
16:29:20.0079 3256 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:29:20.0140 3256 nsi - ok
16:29:20.0145 3256 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:29:20.0194 3256 nsiproxy - ok
16:29:20.0301 3256 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:29:20.0351 3256 Ntfs - ok
16:29:20.0441 3256 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:29:20.0530 3256 Null - ok
16:29:20.0847 3256 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:29:20.0880 3256 nvraid - ok
16:29:20.0891 3256 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:29:20.0908 3256 nvstor - ok
16:29:20.0943 3256 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:29:20.0960 3256 nv_agp - ok
16:29:20.0966 3256 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:29:21.0002 3256 ohci1394 - ok
16:29:21.0050 3256 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:29:21.0074 3256 p2pimsvc - ok
16:29:21.0102 3256 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:29:21.0125 3256 p2psvc - ok
16:29:21.0143 3256 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
16:29:21.0173 3256 Parport - ok
16:29:21.0202 3256 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:29:21.0218 3256 partmgr - ok
16:29:21.0240 3256 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:29:21.0288 3256 PcaSvc - ok
16:29:21.0318 3256 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:29:21.0338 3256 pci - ok
16:29:21.0358 3256 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
16:29:21.0375 3256 pciide - ok
16:29:21.0405 3256 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
16:29:21.0426 3256 pcmcia - ok
16:29:21.0432 3256 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:29:21.0449 3256 pcw - ok
16:29:21.0500 3256 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:29:21.0575 3256 PEAUTH - ok
16:29:21.0676 3256 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:29:21.0719 3256 PerfHost - ok
16:29:21.0832 3256 PGEffect (91111cebbde8015e822c46120ed9537c) C:\Windows\system32\DRIVERS\pgeffect.sys
16:29:21.0852 3256 PGEffect - ok
16:29:21.0930 3256 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:29:21.0996 3256 pla - ok
16:29:22.0055 3256 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:29:22.0105 3256 PlugPlay - ok
16:29:22.0137 3256 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:29:22.0174 3256 PNRPAutoReg - ok
16:29:22.0191 3256 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:29:22.0213 3256 PNRPsvc - ok
16:29:22.0264 3256 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:29:22.0338 3256 PolicyAgent - ok
16:29:22.0382 3256 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:29:22.0462 3256 Power - ok
16:29:22.0522 3256 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:29:22.0599 3256 PptpMiniport - ok
16:29:22.0619 3256 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
16:29:22.0658 3256 Processor - ok
16:29:22.0716 3256 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
16:29:22.0757 3256 ProfSvc - ok
16:29:22.0788 3256 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:29:22.0804 3256 ProtectedStorage - ok
16:29:22.0871 3256 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:29:22.0961 3256 Psched - ok
16:29:23.0014 3256 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\Windows\system32\drivers\QIOMem.sys
16:29:23.0057 3256 QIOMem - ok
16:29:23.0150 3256 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
16:29:23.0198 3256 ql2300 - ok
16:29:23.0279 3256 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
16:29:23.0308 3256 ql40xx - ok
16:29:23.0342 3256 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:29:23.0369 3256 QWAVE - ok
16:29:23.0382 3256 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:29:23.0427 3256 QWAVEdrv - ok
16:29:23.0451 3256 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:29:23.0504 3256 RasAcd - ok
16:29:23.0543 3256 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:29:23.0607 3256 RasAgileVpn - ok
16:29:23.0638 3256 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:29:23.0697 3256 RasAuto - ok
16:29:23.0719 3256 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:29:23.0780 3256 Rasl2tp - ok
16:29:23.0811 3256 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:29:23.0884 3256 RasMan - ok
16:29:23.0930 3256 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:29:23.0997 3256 RasPppoe - ok
16:29:24.0004 3256 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:29:24.0053 3256 RasSstp - ok
16:29:24.0068 3256 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:29:24.0115 3256 rdbss - ok
16:29:24.0136 3256 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
16:29:24.0172 3256 rdpbus - ok
16:29:24.0196 3256 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:29:24.0236 3256 RDPCDD - ok
16:29:24.0274 3256 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:29:24.0315 3256 RDPENCDD - ok
16:29:24.0327 3256 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:29:24.0383 3256 RDPREFMP - ok
16:29:24.0430 3256 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
16:29:24.0473 3256 RDPWD - ok
16:29:24.0534 3256 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:29:24.0566 3256 rdyboost - ok
16:29:24.0600 3256 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:29:24.0671 3256 RemoteAccess - ok
16:29:24.0711 3256 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:29:24.0774 3256 RemoteRegistry - ok
16:29:24.0808 3256 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:29:24.0854 3256 RpcEptMapper - ok
16:29:24.0878 3256 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:29:24.0896 3256 RpcLocator - ok
16:29:24.0946 3256 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:29:24.0995 3256 RpcSs - ok
16:29:25.0052 3256 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:29:25.0108 3256 rspndr - ok
16:29:25.0171 3256 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\Windows\system32\Drivers\RtsUStor.sys
16:29:25.0190 3256 RSUSBSTOR - ok
16:29:25.0248 3256 RSUSBVSTOR (e54a5586a28d0630a79a68bbab84bfcf) C:\Windows\system32\Drivers\RTSUVSTOR.sys
16:29:25.0268 3256 RSUSBVSTOR - ok
16:29:25.0346 3256 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\Windows\system32\DRIVERS\rtl8192Ce.sys
16:29:25.0380 3256 RTL8192Ce - ok
16:29:25.0410 3256 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:29:25.0426 3256 SamSs - ok
16:29:25.0451 3256 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:29:25.0468 3256 sbp2port - ok
16:29:25.0499 3256 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:29:25.0564 3256 SCardSvr - ok
16:29:25.0584 3256 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:29:25.0637 3256 scfilter - ok
16:29:25.0700 3256 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:29:25.0778 3256 Schedule - ok
16:29:25.0813 3256 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:29:25.0853 3256 SCPolicySvc - ok
16:29:25.0882 3256 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:29:25.0925 3256 SDRSVC - ok
16:29:26.0012 3256 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
16:29:26.0041 3256 SeaPort - ok
16:29:26.0106 3256 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:29:26.0162 3256 secdrv - ok
16:29:26.0187 3256 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:29:26.0229 3256 seclogon - ok
16:29:26.0239 3256 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
16:29:26.0297 3256 SENS - ok
16:29:26.0327 3256 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:29:26.0345 3256 SensrSvc - ok
16:29:26.0377 3256 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
16:29:26.0415 3256 Serenum - ok
16:29:26.0432 3256 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
16:29:26.0461 3256 Serial - ok
16:29:26.0466 3256 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
16:29:26.0496 3256 sermouse - ok
16:29:26.0538 3256 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:29:26.0588 3256 SessionEnv - ok
16:29:26.0592 3256 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:29:26.0642 3256 sffdisk - ok
16:29:26.0680 3256 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:29:26.0712 3256 sffp_mmc - ok
16:29:26.0717 3256 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:29:26.0747 3256 sffp_sd - ok
16:29:26.0752 3256 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
16:29:26.0778 3256 sfloppy - ok
16:29:26.0822 3256 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:29:26.0903 3256 SharedAccess - ok
16:29:26.0954 3256 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:29:27.0023 3256 ShellHWDetection - ok
16:29:27.0061 3256 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
16:29:27.0077 3256 SiSRaid2 - ok
16:29:27.0099 3256 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
16:29:27.0115 3256 SiSRaid4 - ok
16:29:27.0219 3256 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
16:29:27.0234 3256 SkypeUpdate - ok
16:29:27.0267 3256 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:29:27.0327 3256 Smb - ok
16:29:27.0375 3256 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:29:27.0417 3256 SNMPTRAP - ok
16:29:27.0451 3256 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:29:27.0466 3256 spldr - ok
16:29:27.0519 3256 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:29:27.0577 3256 Spooler - ok
16:29:27.0738 3256 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:29:27.0843 3256 sppsvc - ok
16:29:27.0920 3256 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:29:28.0006 3256 sppuinotify - ok
16:29:28.0070 3256 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:29:28.0123 3256 srv - ok
16:29:28.0156 3256 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:29:28.0200 3256 srv2 - ok
16:29:28.0256 3256 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
16:29:28.0279 3256 SrvHsfHDA - ok
16:29:28.0359 3256 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
16:29:28.0423 3256 SrvHsfV92 - ok
16:29:28.0557 3256 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
16:29:28.0606 3256 SrvHsfWinac - ok
16:29:28.0646 3256 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:29:28.0663 3256 srvnet - ok
16:29:28.0710 3256 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:29:28.0771 3256 SSDPSRV - ok
16:29:28.0778 3256 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:29:28.0822 3256 SstpSvc - ok
16:29:28.0892 3256 Steam Client Service - ok
16:29:28.0923 3256 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
16:29:28.0942 3256 stexstor - ok
16:29:29.0019 3256 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:29:29.0058 3256 stisvc - ok
16:29:29.0077 3256 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:29:29.0092 3256 swenum - ok
16:29:29.0166 3256 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:29:29.0238 3256 swprv - ok
16:29:29.0349 3256 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\Windows\system32\DRIVERS\SynTP.sys
16:29:29.0396 3256 SynTP - ok
16:29:29.0542 3256 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:29:29.0616 3256 SysMain - ok
16:29:29.0708 3256 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:29:29.0754 3256 TabletInputService - ok
16:29:29.0780 3256 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:29:29.0846 3256 TapiSrv - ok
16:29:29.0875 3256 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:29:29.0921 3256 TBS - ok
16:29:30.0059 3256 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:29:30.0117 3256 Tcpip - ok
16:29:30.0328 3256 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:29:30.0382 3256 TCPIP6 - ok
16:29:30.0468 3256 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:29:30.0542 3256 tcpipreg - ok
16:29:30.0580 3256 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
16:29:30.0592 3256 tdcmdpst - ok
16:29:30.0607 3256 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:29:30.0634 3256 TDPIPE - ok
16:29:30.0671 3256 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:29:30.0685 3256 TDTCP - ok
16:29:30.0727 3256 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:29:30.0789 3256 tdx - ok
16:29:30.0936 3256 TemproMonitoringService (1b709733a04dcc41a63f9cd1f76a4ebe) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
16:29:31.0017 3256 TemproMonitoringService - ok
16:29:31.0081 3256 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:29:31.0111 3256 TermDD - ok
16:29:31.0164 3256 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:29:31.0244 3256 TermService - ok
16:29:31.0265 3256 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:29:31.0289 3256 Themes - ok
16:29:31.0317 3256 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:29:31.0362 3256 THREADORDER - ok
16:29:31.0456 3256 TMachInfo (83e91963c4452be6899503cf9ebfd3ed) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
16:29:31.0483 3256 TMachInfo - ok
16:29:31.0522 3256 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\Windows\system32\TODDSrv.exe
16:29:31.0540 3256 TODDSrv - ok
16:29:31.0662 3256 TosCoSrv (cdc97fa5c42b07fb0d4600e17c32f582) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
16:29:31.0689 3256 TosCoSrv - ok
16:29:31.0778 3256 TOSHIBA eco Utility Service (2ecc833ea37cece0052d4d9adc184177) C:\Program Files\TOSHIBA\TECO\TecoService.exe
16:29:31.0802 3256 TOSHIBA eco Utility Service - ok
16:29:31.0874 3256 TOSHIBA HDD SSD Alert Service (edb4b432db13ea3d1eb2356310d33263) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
16:29:31.0893 3256 TOSHIBA HDD SSD Alert Service - ok
16:29:31.0973 3256 TPCHSrv (9f8410ccc72b3470c96da415be0cf423) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
16:29:32.0000 3256 TPCHSrv - ok
16:29:32.0113 3256 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:29:32.0197 3256 TrkWks - ok
16:29:32.0243 3256 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:29:32.0313 3256 TrustedInstaller - ok
16:29:32.0362 3256 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:29:32.0417 3256 tssecsrv - ok
16:29:32.0448 3256 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:29:32.0486 3256 TsUsbFlt - ok
16:29:32.0491 3256 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
16:29:32.0517 3256 TsUsbGD - ok
16:29:32.0555 3256 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:29:32.0613 3256 tunnel - ok
16:29:32.0677 3256 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
16:29:32.0701 3256 TVALZ - ok
16:29:32.0739 3256 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\Windows\system32\DRIVERS\TVALZFL.sys
16:29:32.0754 3256 TVALZFL - ok
16:29:32.0775 3256 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
16:29:32.0794 3256 uagp35 - ok
16:29:32.0903 3256 UCManSvc (f7df6654663ad07dab615a7af513d90c) C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
16:29:32.0939 3256 UCManSvc ( UnsignedFile.Multi.Generic ) - warning
16:29:32.0939 3256 UCManSvc - detected UnsignedFile.Multi.Generic (1)
16:29:32.0982 3256 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:29:33.0059 3256 udfs - ok
16:29:33.0094 3256 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:29:33.0113 3256 UI0Detect - ok
16:29:33.0174 3256 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:29:33.0203 3256 uliagpkx - ok
16:29:33.0242 3256 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:29:33.0276 3256 umbus - ok
16:29:33.0282 3256 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
16:29:33.0310 3256 UmPass - ok
16:29:33.0356 3256 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:29:33.0426 3256 upnphost - ok
16:29:33.0458 3256 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:29:33.0493 3256 usbccgp - ok
16:29:33.0538 3256 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:29:33.0578 3256 usbcir - ok
16:29:33.0599 3256 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
16:29:33.0627 3256 usbehci - ok
16:29:33.0651 3256 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
16:29:33.0677 3256 usbhub - ok
16:29:33.0699 3256 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:29:33.0714 3256 usbohci - ok
16:29:33.0736 3256 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
16:29:33.0754 3256 usbprint - ok
16:29:33.0776 3256 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:29:33.0804 3256 USBSTOR - ok
16:29:33.0810 3256 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:29:33.0827 3256 usbuhci - ok
16:29:33.0846 3256 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
16:29:33.0880 3256 usbvideo - ok
16:29:33.0911 3256 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:29:33.0974 3256 UxSms - ok
16:29:34.0011 3256 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:29:34.0029 3256 VaultSvc - ok
16:29:34.0089 3256 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:29:34.0114 3256 vdrvroot - ok
16:29:34.0192 3256 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:29:34.0245 3256 vds - ok
16:29:34.0279 3256 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:29:34.0299 3256 vga - ok
16:29:34.0304 3256 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:29:34.0346 3256 VgaSave - ok
16:29:34.0359 3256 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:29:34.0378 3256 vhdmp - ok
16:29:34.0399 3256 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:29:34.0414 3256 viaide - ok
16:29:34.0431 3256 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:29:34.0446 3256 volmgr - ok
16:29:34.0471 3256 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:29:34.0493 3256 volmgrx - ok
16:29:34.0508 3256 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
16:29:34.0528 3256 volsnap - ok
16:29:34.0569 3256 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
16:29:34.0586 3256 vsmraid - ok
16:29:34.0681 3256 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:29:34.0766 3256 VSS - ok
16:29:34.0858 3256 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:29:34.0891 3256 vwifibus - ok
16:29:34.0909 3256 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:29:34.0938 3256 vwififlt - ok
16:29:34.0985 3256 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:29:35.0055 3256 W32Time - ok
16:29:35.0087 3256 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
16:29:35.0114 3256 WacomPen - ok
16:29:35.0199 3256 WajamUpdater (4aa2cc5979aff984227364f2c23b04f3) C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
16:29:35.0217 3256 WajamUpdater ( UnsignedFile.Multi.Generic ) - warning
16:29:35.0217 3256 WajamUpdater - detected UnsignedFile.Multi.Generic (1)
16:29:35.0262 3256 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:29:35.0320 3256 WANARP - ok
16:29:35.0333 3256 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:29:35.0373 3256 Wanarpv6 - ok
16:29:35.0461 3256 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:29:35.0528 3256 wbengine - ok
16:29:35.0624 3256 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:29:35.0664 3256 WbioSrvc - ok
16:29:35.0694 3256 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:29:35.0759 3256 wcncsvc - ok
16:29:35.0783 3256 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:29:35.0817 3256 WcsPlugInService - ok
16:29:35.0868 3256 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
16:29:35.0884 3256 Wd - ok
16:29:35.0930 3256 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:29:35.0959 3256 Wdf01000 - ok
16:29:35.0985 3256 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:29:36.0033 3256 WdiServiceHost - ok
16:29:36.0038 3256 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:29:36.0063 3256 WdiSystemHost - ok
16:29:36.0126 3256 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:29:36.0179 3256 WebClient - ok
16:29:36.0211 3256 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:29:36.0285 3256 Wecsvc - ok
16:29:36.0314 3256 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:29:36.0361 3256 wercplsupport - ok
16:29:36.0386 3256 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:29:36.0432 3256 WerSvc - ok
16:29:36.0491 3256 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:29:36.0533 3256 WfpLwf - ok
16:29:36.0554 3256 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:29:36.0568 3256 WIMMount - ok
16:29:36.0613 3256 WinDefend - ok
16:29:36.0624 3256 WinHttpAutoProxySvc - ok
16:29:36.0674 3256 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:29:36.0720 3256 Winmgmt - ok
16:29:36.0859 3256 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:29:36.0939 3256 WinRM - ok
16:29:37.0105 3256 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:29:37.0170 3256 Wlansvc - ok
16:29:37.0233 3256 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:29:37.0248 3256 wlcrasvc - ok
16:29:37.0417 3256 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:29:37.0481 3256 wlidsvc - ok
16:29:37.0598 3256 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:29:37.0623 3256 WmiAcpi - ok
16:29:37.0675 3256 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:29:37.0718 3256 wmiApSrv - ok
16:29:37.0779 3256 WMPNetworkSvc - ok
16:29:37.0815 3256 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:29:37.0854 3256 WPCSvc - ok
16:29:37.0873 3256 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:29:37.0894 3256 WPDBusEnum - ok
16:29:37.0926 3256 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:29:38.0000 3256 ws2ifsl - ok
16:29:38.0030 3256 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
16:29:38.0057 3256 wscsvc - ok
16:29:38.0061 3256 WSearch - ok
16:29:38.0197 3256 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
16:29:38.0269 3256 wuauserv - ok
16:29:38.0375 3256 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:29:38.0467 3256 WudfPf - ok
16:29:38.0490 3256 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:29:38.0532 3256 WUDFRd - ok
16:29:38.0564 3256 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:29:38.0608 3256 wudfsvc - ok
16:29:38.0627 3256 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:29:38.0676 3256 WwanSvc - ok
16:29:38.0793 3256 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
16:29:38.0827 3256 YahooAUService - ok
16:29:38.0872 3256 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:29:39.0840 3256 \Device\Harddisk0\DR0 - ok
16:29:39.0875 3256 Boot (0x1200) (ba246afdb5997f5d159fa9fbe04aad32) \Device\Harddisk0\DR0\Partition0
16:29:39.0877 3256 \Device\Harddisk0\DR0\Partition0 - ok
16:29:39.0918 3256 Boot (0x1200) (a2a1edba15eed36aad34e96ebc9cf815) \Device\Harddisk0\DR0\Partition1
16:29:39.0920 3256 \Device\Harddisk0\DR0\Partition1 - ok
16:29:39.0921 3256 ============================================================
16:29:39.0921 3256 Scan finished
16:29:39.0921 3256 ============================================================
16:29:39.0939 2360 Detected object count: 3
16:29:39.0939 2360 Actual detected object count: 3
16:30:15.0151 2360 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:30:15.0151 2360 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:30:15.0154 2360 UCManSvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:30:15.0154 2360 UCManSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:30:15.0155 2360 WajamUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
16:30:15.0155 2360 WajamUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
03.07.2012, 13:59
| #10 |
| /// Malware-holic | Ransom Trojan wird nicht durch Malwarebytes gelöscht tritt das problem immer nach ruhezustand auf?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.07.2012, 14:43
| #11 |
| | Ransom Trojan wird nicht durch Malwarebytes gelöscht nach dem 1. (bzw 2.) hochfahren nach Anwendung von Combofix haben Videos Funktioniert, nach einleiten des Ruhezustandes trat das Problem wieder wie bekannt auf ( Videos funktionieren bis etwa 90% das Startup prozesses, dann schwarz) Wechsle ich den Benutzer (ohne abmelden) habe ich das selbe Problem auf anderen Benutzerkonten, Melde ich mich ab laufen die Videos normal auf anderen Benutzserkonten. Ich habe Combofix seit der ersten Anwendung nicht noch einmal ausgeführt (allg. Warnung zu ComboFix). |
|
04.07.2012, 13:37
| #12 |
| /// Malware-holic | Ransom Trojan wird nicht durch Malwarebytes gelöscht wenn du den pc runterfährst und startest, funktionieren vidios dann oder dann momentan auch nicht?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.07.2012, 17:35
| #13 |
| | Ransom Trojan wird nicht durch Malwarebytes gelöscht die Videos funktionieren während des startens (Also Windows-oberfläche ist da, Autostartprogramme werden geladen und ausgeführt) Währen des Autostarts werden die Videos abrupt schwarz |
|
04.07.2012, 19:08
| #14 |
| /// Malware-holic | Ransom Trojan wird nicht durch Malwarebytes gelöscht und wieso lässt du ihn nicht erst fertig arbeiten befor du etwas startest? macht das nen unterschied bitte mal testen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.07.2012, 21:30
| #15 |
| | Ransom Trojan wird nicht durch Malwarebytes gelöscht weil ich in dem Fall testen wollte ob ein startender Prozess den Fehler verursacht. bzw ob ein neuer Prozess parallel zum Videoausfall auftritt. Macht nebenbei keinen Unterschied, Videos sind immer noch schwarz |
|
| Themen zu Ransom Trojan wird nicht durch Malwarebytes gelöscht |
| anime, autorun, bho, bingbar, diner dash, error, fehler, firefox, flash player, helper, home, iexplore.exe, index, install.exe, installation, jdownloader, mozilla, mp3, neu aufsetzen, ntdll.dll, object, of death, pando media booster, plug-in, pricepeep, problem, programm, realtek, registry, scan, searchscopes, security, siteadvisor, software, storm, svchost.exe, system, tower, trojan, trojan ransom, usb 2.0, wajam, wildtangent games, win64, windows |
Linear-Darstellung
