Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner mit Webcam

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.09.2012, 10:28   #1
Dimon
 
GVU Trojaner mit Webcam - Standard

GVU Trojaner mit Webcam



Hi,
Ich habe mir auf meinem Laptop den GVU-Trojaner mit Webcam eingefangen. Sobald er an ist blockiert er alles und man kann im Grunde nur noch den Laptop ausschalten (per Knopf am Rechner). Jedoch aktiviert er sich nur wenn man eine Internetverbindung erstellt. Ich gehe nun über einen alten Rechner mit Linux ins Internet.

Win 7 64-bit

Hier OTL-Ergebnis:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.09.2012 10:56:36 - Run 1
OTL by OldTimer - Version 3.2.60.0     Folder = G:\GVU-Viru
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,50 Gb Available Physical Memory | 69,24% Memory free
15,89 Gb Paging File | 13,24 Gb Available in Paging File | 83,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 502,14 Gb Total Space | 184,10 Gb Free Space | 36,66% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 188,67 Gb Free Space | 96,60% Space Free | Partition Type: NTFS
Drive G: | 7,45 Gb Total Space | 6,89 Gb Free Space | 92,50% Space Free | Partition Type: FAT32
 
Computer Name: YEAH-PC | User Name: Hitless | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - G:\GVU-Viru\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Users\Hitless\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Users\Hitless\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\QIP 2012\qip.exe (QIP)
PRC - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Users\Hitless\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4ab35163db89cc1062851c42f90151ef\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b81e3e084d74df5d723dd33d6b9a2dff\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\QIP 2012\Protos\Social\Social.dll ()
MOD - C:\Program Files (x86)\QIP 2012\Protos\MRA\pics.dll ()
MOD - C:\Program Files (x86)\QIP 2012\Protos\MRA\mra.dll ()
MOD - C:\Program Files (x86)\QIP 2012\Protos\InfICQ\inficq.dll ()
MOD - C:\Program Files (x86)\QIP 2012\Plugins\Win7Helper\Win7Helper.dll ()
MOD - C:\Program Files (x86)\QIP 2012\Plugins\cards\cards.dll ()
MOD - C:\Program Files (x86)\QIP 2012\Core\voip.dll ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (Dnscache) -- C:\Windows\SysNative\pouawxp0u.dll (Parental Solutions Inc.)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (DMAgent) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (Red Bend Ltd.)
SRV:64bit: - (WiMAXAppSrv) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (Intel(R) Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Update-Service) -- C:\Windows\SysWOW64\UpdSvc.dll (Joosoft.com GmbH)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (WCMVCAM) -- C:\Windows\SysNative\drivers\wcmvcam64.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (BTWDPAN) -- C:\Windows\SysNative\drivers\btwdpan.sys (Broadcom Corporation.)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (rtsuvc) -- C:\Windows\SysNative\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AVPolDIR) -- C:\Windows\SysNative\drivers\AVPolDIR.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:64bit: - (AVerPola) -- C:\Windows\SysNative\drivers\AVerPola.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (bpenum) -- C:\Windows\SysNative\drivers\bpenum.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=15430
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{26D3E265-8919-495E-815F-448819DD8BF1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=CLM&o=15427&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=LE&apn_dtid=YYYYYYYYDE&apn_uid=60ee8282-04d8-44f6-a465-152e0e5ed252&apn_sauid=BD50D608-5F7B-4D01-BE41-FB4063705327
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hitless\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hitless\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.31 03:09:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.31 03:09:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.12.09 18:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hitless\AppData\Roaming\mozilla\Extensions
[2012.09.04 17:36:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hitless\AppData\Roaming\mozilla\Firefox\Profiles\biur54b3.default\extensions
[2012.09.04 17:36:23 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Hitless\AppData\Roaming\mozilla\Firefox\Profiles\biur54b3.default\extensions\toolbar@ask.com
[2012.09.04 17:36:23 | 000,002,323 | ---- | M] () -- C:\Users\Hitless\AppData\Roaming\Mozilla\Firefox\Profiles\biur54b3.default\searchplugins\askcom.xml
[2012.07.04 10:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.08.27 10:25:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.04 10:48:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.08.31 03:09:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.23 07:34:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 03:09:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.23 07:34:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 07:34:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.23 07:34:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 07:34:33 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\edooipcjkkbjmnogkdcahgmhbniipefp\1.0_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggnidjbcahhbnleinchgobfnabopeioh\3.5_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.42_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjgenbiepgodgfapfnolmenbfncejmjf\1_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje\2.2.2_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmkmihphgjhmeabggdcokmkjhbnmdml\0.5_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.15_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.6.0_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Infium] C:\Program Files (x86)\QIP 2012\qip.exe (QIP)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Hitless\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Hitless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hitless\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\system32\tnnsvqxhl.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{162B4ED2-46CB-40DE-A088-478E14DD0097}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6533412C-6187-47D8-B091-3724CD296A69}: DhcpNameServer = 131.234.137.24 131.234.137.23
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.02.01 16:35:42 | 000,008,192 | ---- | M] (Microsoft) - G:\AutoOff.exe -- [ FAT32 ]
O32 - AutoRun File - [2006.01.03 15:16:48 | 000,000,071 | ---- | M] () - G:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{3ad0eaf7-349f-11e1-82b5-9439e5e48044}\Shell - "" = AutoRun
O33 - MountPoints2\{3ad0eaf7-349f-11e1-82b5-9439e5e48044}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.05 10:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.09.05 10:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.09.05 10:40:08 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2012.09.05 10:36:12 | 000,000,000 | R--D | C] -- C:\Users\Hitless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9
[2012.09.04 23:56:26 | 000,000,000 | ---D | C] -- C:\Users\Hitless\AppData\Roaming\Malwarebytes
[2012.09.04 23:56:10 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.04 23:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.04 23:56:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.04 23:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.04 17:36:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.31 22:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2012.08.31 22:00:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia
[2012.08.31 21:59:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2012.08.24 17:17:25 | 000,000,000 | ---D | C] -- C:\Users\Hitless\AppData\Local\Darksiders
[2012.08.24 17:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2012.08.24 17:16:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2012.08.19 11:10:58 | 000,000,000 | ---D | C] -- C:\Users\Hitless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Harpsoft
[2012.08.15 07:48:07 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.15 07:48:05 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.15 07:48:04 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.15 07:48:04 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.15 07:48:03 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.15 07:48:03 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.15 07:48:03 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.08.15 07:48:01 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.15 07:48:01 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.15 07:48:01 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.15 07:47:50 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.08.15 07:47:50 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.15 07:47:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.15 07:47:49 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.15 07:47:49 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.15 07:47:49 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.15 07:47:49 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.15 07:47:46 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.10 12:15:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity
[2012.08.10 11:53:15 | 000,000,000 | ---D | C] -- C:\Users\Hitless\AppData\Roaming\Audacity
[2012.08.10 11:53:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2012.08.06 11:25:00 | 000,000,000 | ---D | C] -- C:\Users\Hitless\AppData\Local\Mendeley Ltd
[2012.08.06 11:24:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mendeley Desktop
[2012.08.06 11:24:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mendeley Desktop
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.05 10:43:58 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.09.05 10:43:07 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.05 10:43:07 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.05 10:42:06 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.05 10:41:02 | 000,872,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.05 10:41:02 | 000,718,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.05 10:41:02 | 000,146,342 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.05 10:40:08 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2012.09.05 10:35:34 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.05 10:35:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.05 10:35:00 | 2103,332,863 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.05 10:34:11 | 004,503,728 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.05 10:24:08 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4078036523-660427857-514968831-1000UA.job
[2012.09.05 10:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.05 10:23:56 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.04 17:23:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4078036523-660427857-514968831-1000Core.job
[2012.09.04 17:13:09 | 000,001,895 | ---- | M] () -- C:\Users\Hitless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.31 22:00:04 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2012.08.24 17:16:18 | 000,002,105 | ---- | M] () -- C:\Users\Public\Desktop\Darksiders Comic.lnk
[2012.08.24 17:16:18 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\Darksiders SoundTrack.lnk
[2012.08.19 11:10:58 | 000,002,167 | ---- | M] () -- C:\Users\Hitless\Desktop\Bendometer PS.lnk
[2012.08.19 11:07:39 | 000,000,556 | ---- | M] () -- C:\Users\Hitless\Desktop\bendometer.zip
[2012.08.16 18:24:13 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.16 18:24:13 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.15 11:39:54 | 000,306,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.06 11:24:48 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Mendeley Desktop.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.05 10:43:58 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.09.04 23:56:10 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.04 17:13:09 | 004,503,728 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.04 17:13:09 | 000,001,895 | ---- | C] () -- C:\Users\Hitless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.31 22:00:04 | 000,002,089 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2012.08.24 17:16:18 | 000,002,105 | ---- | C] () -- C:\Users\Public\Desktop\Darksiders Comic.lnk
[2012.08.24 17:16:18 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\Darksiders SoundTrack.lnk
[2012.08.19 11:10:58 | 000,002,167 | ---- | C] () -- C:\Users\Hitless\Desktop\Bendometer PS.lnk
[2012.08.19 11:07:38 | 000,000,556 | ---- | C] () -- C:\Users\Hitless\Desktop\bendometer.zip
[2012.08.10 11:53:12 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012.08.06 11:24:48 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\Mendeley Desktop.lnk
[2012.04.20 23:19:25 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012.04.20 23:19:25 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012.04.20 23:19:25 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012.04.20 22:59:06 | 000,039,620 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2012.02.01 19:19:00 | 000,000,749 | ---- | C] () -- C:\Users\Hitless\.recently-used.xbel
[2012.01.07 15:07:37 | 002,086,240 | ---- | C] () -- C:\Windows\SysWow64\LenovoVeriface.Interface.dll
[2012.01.07 15:07:37 | 001,500,512 | ---- | C] () -- C:\Windows\SysWow64\Apblend.dll
[2012.01.07 15:07:37 | 001,171,456 | ---- | C] () -- C:\Windows\SysWow64\PicNotify.dll
[2012.01.07 15:07:37 | 000,472,416 | ---- | C] () -- C:\Windows\SysWow64\Lenovo.VerifaceStub.dll
[2012.01.07 15:07:04 | 001,044,480 | ---- | C] () -- C:\Windows\SysWow64\3DImageRenderer.dll
[2011.12.16 16:14:52 | 000,000,600 | ---- | C] () -- C:\Users\Hitless\AppData\Local\PUTTY.RND
[2011.12.11 13:29:05 | 000,000,017 | ---- | C] () -- C:\Users\Hitless\AppData\Local\resmon.resmoncfg
[2011.12.10 20:59:19 | 000,000,032 | ---- | C] () -- C:\Users\Hitless\.simfy
[2011.12.09 15:23:32 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.12.09 15:18:36 | 000,858,318 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.09 14:59:37 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.12.09 14:59:37 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.12.09 14:59:37 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== LOP Check ==========
 
[2012.03.01 14:04:42 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\.minecraft
[2011.12.10 17:29:12 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Atari
[2012.08.10 12:17:56 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Audacity
[2012.08.01 00:45:45 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\BCGameTime
[2012.08.09 22:23:06 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Bioshock
[2012.08.24 14:56:19 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Bioshock2
[2012.05.06 03:38:11 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\calibre
[2012.09.05 10:46:52 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\DAEMON Tools Lite
[2012.05.01 20:51:36 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\DBC2F6FD-3140-41E0-A2A1-D6BAB77D5E21__F893F7CA-8278-41DF-A76F-CAF0437A90CD__
[2012.04.24 10:02:22 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Dev-Cpp
[2012.09.05 10:36:08 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Dropbox
[2012.07.31 20:07:13 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Foxit Software
[2012.02.01 19:19:00 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\geany
[2011.12.09 23:38:56 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Leadertech
[2012.07.12 21:04:17 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\LolClient
[2012.06.03 14:01:53 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Nokia
[2012.06.03 13:59:03 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Nokia Suite
[2012.01.08 18:34:07 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Notepad++
[2012.01.31 18:58:59 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\OpenOffice.org
[2012.06.03 14:03:27 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\PC Suite
[2011.12.16 16:31:27 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\QIP
[2012.07.09 18:36:12 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\runic games
[2011.12.10 20:59:18 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Simfy
[2012.09.04 17:13:33 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Spotify
[2012.01.21 12:07:05 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\System
[2012.08.01 22:23:43 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\TIPP10
[2012.09.05 10:46:49 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\TS3Client
[2012.02.10 15:48:44 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\WebcamMax
[2012.03.20 11:54:57 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\WinEdt Team
[2012.02.01 19:38:19 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\xm1
[2012.09.03 01:01:42 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD

< End of report >
         
--- --- ---


Hier die Extras:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 05.09.2012 10:56:36 - Run 1
OTL by OldTimer - Version 3.2.60.0     Folder = G:\GVU-Viru
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,50 Gb Available Physical Memory | 69,24% Memory free
15,89 Gb Paging File | 13,24 Gb Available in Paging File | 83,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 502,14 Gb Total Space | 184,10 Gb Free Space | 36,66% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 188,67 Gb Free Space | 96,60% Space Free | Partition Type: NTFS
Drive G: | 7,45 Gb Total Space | 6,89 Gb Free Space | 92,50% Space Free | Partition Type: FAT32
 
Computer Name: YEAH-PC | User Name: Hitless | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D358C5D-CC1D-40B6-9335-CFA0670DAE45}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{1AB575C7-9187-4516-8308-2F36B4D4160C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{1D247054-6B35-4217-9D5F-469B3EB6605A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{1FCABEFF-FCC3-4C38-B75C-805C6D696407}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2876BB16-723E-42EC-85F3-D5EEF8081F04}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3EF4C85A-01F8-489C-9395-47CAF9756A84}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{401B37C6-9FF7-44C2-93E4-2332186FCE02}" = rport=138 | protocol=17 | dir=out | app=system | 
"{40D7F6B3-8882-4787-A2C0-D68B6BBCDE4F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{51001546-3B46-40AF-96B7-E5F3E8F1FC77}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{57270E46-1D0C-47F7-912C-C40B66C1128D}" = lport=57982 | protocol=17 | dir=in | name=pando media booster | 
"{6E95C63D-A6E8-4CB5-B974-7A30EAB3C596}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6EE3989D-AA1F-4197-8386-E552E365C9FF}" = lport=57982 | protocol=6 | dir=in | name=pando media booster | 
"{82C33CAF-A6FE-4718-B000-250EC971A8A2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{896C1C8C-45BB-4F33-9A99-BFCD4D9990E9}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{8F6D71CE-608F-4700-8E6C-DC26AD72ED29}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A078A7BD-C631-4D05-BEC3-FBE3A619172C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A7CB9F79-BCAC-47FB-B6CD-A76D3CF26ED9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C2B6B92D-49B8-4436-939B-04217FF0426A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C3E06C24-5AA5-4D97-AF1D-54AEBEF88AC2}" = lport=57982 | protocol=17 | dir=in | name=pando media booster | 
"{C6CED595-5016-4635-84DA-41C58FDE7EE9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D06B2F05-FEAF-4E5D-B46E-5CC9911575EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E54BB71D-D44C-4A40-BF96-F13266235478}" = lport=57982 | protocol=6 | dir=in | name=pando media booster | 
"{EA3AF9C2-14D9-40E7-9572-E4E76BBD8C3C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{ED26AB76-9EE1-4903-9B87-7B019DF3AB62}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FCDCF2EF-B03B-4E74-AB98-E7E1FA633A26}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B51410-D074-4236-9D11-6EBF29DD28FC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{01739F23-30AC-4D2A-AAF9-25D6BE6ED299}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{033AD2AB-7A69-4638-95A3-73B7D2D6C421}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | 
"{03E97F63-FCFB-4638-AD24-5D58BDE4465F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe | 
"{03F9668B-04BC-4B32-91EB-49C4BDA56941}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\backgammon.exe | 
"{062B17EE-7D63-40E3-9222-AB09589CB14D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe | 
"{07AF4A55-DD03-4E7F-A1B3-0A0A2F66CED4}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{08B8A816-42F7-4E88-9F35-D60CC1978653}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe | 
"{0E95D0A5-22C8-4EEF-8B1F-6D1898EBC1AE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{0F35BF57-E522-47EE-9448-54C793FFBBE5}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | 
"{0F50284D-2924-47CB-AC1C-9251791B72EC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | 
"{11BFBBBC-B47A-45EF-B12F-4D789407AB6C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{1604DF5E-6EA5-4863-B245-225C0CC060D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{1E491B59-41C8-4918-A680-DF31D10609AD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\qube\binaries\win32\qube.exe | 
"{1FC3AD24-A386-40A4-92E4-A4D7A97CB98F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | 
"{1FE50DEF-1315-4B49-89AB-500DA8595169}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{20CA73D4-212E-44BE-AE33-A59ECD7FC440}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | 
"{226A316D-CF21-49B9-8926-EABCD79B6EFC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{22CEC629-A1ED-42BD-80CB-DA73B191249D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\edge\edge.exe | 
"{2AF73B29-5618-4F59-ADFF-5CC0483DFB61}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\uplink\uplink.exe | 
"{2D066E23-A493-4537-831F-EF5589789331}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{2D4D8236-C437-4BA4-9431-85D2D0538F26}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock\builds\release\bioshock.exe | 
"{2F2FE770-E765-4936-BABC-1EC49E1F79FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{31B71B5F-0BBE-4B5E-AA2D-A62275D208A7}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{33261CB5-0648-4B71-882F-FAF66C475E43}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{332F9631-CBFE-491B-BAC9-E5F29444B57F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blocks that matter\btm_launcher_win.exe | 
"{333A090F-87A0-412A-8234-FBC64888BB8C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe | 
"{3718D0BA-3C2A-4812-8378-04D0133DCCE8}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{384ADC0D-1191-4C48-9F82-2EC69FB39C16}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe | 
"{3A2312CD-008C-45A7-A385-7D8FFC8DC6A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe | 
"{3D10B83B-FFDB-49A5-85DD-3C0471B4FC2B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3EEB3E91-D71E-4B7B-A4D4-E95E25584DF1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{42E9B8CB-9CA7-490C-9037-10B70E006934}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | 
"{47C8C3EF-E1A9-4ED9-86AD-4EAF46FF74A0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{48FFB2B4-74F6-4EE7-B3AA-6574DDD94CC2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{4A85C6CE-3748-438F-B315-8EDCC963F752}" = protocol=6 | dir=in | app=c:\users\hitless\appdata\roaming\dropbox\bin\dropbox.exe | 
"{4B1C74F4-A77C-43D0-842A-0C58A4675224}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{4BE1DFE3-54FA-4124-9091-93D36A13D234}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe | 
"{4C9DB66E-9B5F-4510-858F-D0C40F678892}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{545E702C-D3B6-4955-AD72-EA13998DE600}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{54F1179E-D487-482F-973F-9BD7A3C7DC79}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe | 
"{556A2B43-5C5D-4960-B961-27B4624110B1}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{595D2F41-3F59-41CE-B893-2C3FED48F6A2}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | 
"{5A330B39-8EB5-4DD1-8D43-B7CA39CE03AC}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{5B545615-61AF-41B3-92D7-562255459176}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{5D99D727-2F9B-422E-950F-FB37CA76C18D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\augmentededitioncontent\launch.bat | 
"{5EAF93C8-6036-4CF1-9F58-DEDAA5A3C988}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{5FE6DADD-B5FC-42B8-92B4-9C4E7A63FC4F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe | 
"{6461A4DB-4E9B-4456-8D58-31E767E42EF7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{649B8717-C64D-4B69-BABA-541FE1EA091E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\uplink\uplink.exe | 
"{6614DF9D-C9C8-4EC9-88E3-11D8BAF7F61C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blocks that matter\btm_launcher_win.exe | 
"{67804E89-D57E-4AC2-93EE-BF1127A19523}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\seabattle.exe | 
"{6964779E-37DC-436C-BCC4-911097145BE7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | 
"{6B674D4E-3E7C-439B-B93B-BEDA5EA234F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row 2\sr2_pc.exe | 
"{6E7E6604-3108-48E6-A4F1-4A62C9B3E600}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{7A3EC496-8112-4BB7-A304-B5CD913537C9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe | 
"{7A489811-5E94-4F14-8C61-5A7FA6767B61}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\critical mass\criticalmass.exe | 
"{82E56316-C825-4D44-B53F-97FFC4DDC428}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bully scholarship edition\bully.exe | 
"{835D99C0-DF9E-4B56-A18C-5A64C3B27196}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe | 
"{849C46B7-E3AE-4031-B30C-FE38A0104EFD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{84FAF68D-8D2D-405D-B34B-61ED843730BD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{85BC3311-D058-47B5-A25D-EE4ABF437896}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{88447ECD-9544-42A6-A61C-FFE152F3ADBF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe | 
"{8A526F67-09E3-4716-B706-C670136A53C5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\runlauncher.bat | 
"{91FD7438-E86C-40BB-A85E-C84858256D0D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{93651123-1171-4352-94E7-12560CAEC696}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe | 
"{95DB32D5-5649-4CD1-84E8-022D8C0E3C02}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{9F8252B8-358B-4150-82A1-731A7E2CC3EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{A0C69B7C-D28B-4B09-BC38-19FE5940B314}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe | 
"{A38021BF-D47B-4362-BFCD-9C9BF931A815}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A41644E7-5B25-496C-A932-598A47058794}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe | 
"{A9004D12-6DA7-47E3-A845-179634861BF6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\critical mass\criticalmass.exe | 
"{ADC708E8-F943-401C-AE1B-68FF43B58C39}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{AFF64957-65BB-4418-AC82-02709B92D5C8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B050340A-13C0-497B-B7D8-1272E5A01A5C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{B06A31F2-C1A6-4AB2-A175-07EA3EAA1F32}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{B384619A-12CD-454A-8577-E96F18EA6F32}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\tictactoe.exe | 
"{B65B7042-D68D-4E63-BC49-9BDEC4B9BFD4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\edge\edge.exe | 
"{B66BAD62-AA2B-4810-A0F4-E5BA20CC6DF1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | 
"{BA59504E-DBDA-444E-8AC1-5FB7D4BAABF8}" = protocol=17 | dir=in | app=c:\users\hitless\appdata\roaming\dropbox\bin\dropbox.exe | 
"{BC768B47-B879-4FCA-896D-DCFF3514F243}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{BEAD6EA2-FD91-4AC5-B07D-8E917C1683AA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe | 
"{BFA6F1E8-E61A-4F38-B1FC-C434B906E0AD}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C079A06B-1F10-4A7E-89AC-986B95EFD7A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{C209DE2A-1B73-4CCF-95DB-0039E5860EF8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\binaries\win32\batmanac.exe | 
"{C6EB1E06-4E74-4415-930E-1FB4480B2AF8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\augmentededitioncontent\launch.bat | 
"{C745A3D7-0E48-47F8-8DA6-6975B8679DF6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darwinia\darwinia.exe | 
"{C7A1F9A0-9E59-4E5E-A80B-2279EB7595FD}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C9424FAF-EDBF-43E0-ABAF-23CCAFB56CDA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{C99E6A27-9B81-44D6-BF42-D9B9930A40FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm | 
"{CC09CD06-0EF7-4E65-B07C-F2F2635EA0EA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\binaries\win32\batmanac.exe | 
"{CC116EB1-6554-450D-B524-ADDD889F6B12}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe | 
"{CE1852DC-63A4-4F48-93A2-CBB8A318653E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe | 
"{CEA80FB4-4E75-4E0F-B7FB-7CB01253FBD1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{CEB526DB-AB5B-4272-BF8C-0B0B0E02F1FA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe | 
"{D2C3D6A7-8477-41A4-BB06-C1FEDDDF21D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\qube\binaries\win32\qube.exe | 
"{D395C5E4-5EEB-4889-A024-E05BC30ACF8C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\runlauncher.bat | 
"{D44DC0FC-AAB9-45A0-9694-105E325887C8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{D51A61AE-9AE6-445C-BF74-45D4D51D0793}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\checkers.exe | 
"{D596F25A-3469-42E7-8D1A-D844394B8888}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darwinia\darwinia.exe | 
"{D6CCC0AB-82F9-47B5-80CD-61B950500AC0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | 
"{D74647B8-6777-4C26-B491-85679E31C137}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | 
"{D87AEB6C-C115-41DD-8825-71007E8CD6EC}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\easychat.exe | 
"{D965D8E2-6EE3-443F-8578-809632EAED7B}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\chess.exe | 
"{D9EE6494-2532-484C-89CB-2AA0F5045FF6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{DE85B1F1-0ED3-4295-98D0-2E9CFBA6D2FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bully scholarship edition\bully.exe | 
"{E38B7691-0A7C-4BCE-8B4B-038AA667FF26}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rush\rush.exe | 
"{E8B3D731-FFBE-4837-9398-6ECA8754E1D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{E9A75C42-B338-4650-9EA5-11B7628B1DB3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row 2\sr2_pc.exe | 
"{EA49896D-444E-42F7-A637-46D2ED9E3C84}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rush\rush.exe | 
"{EA85F952-C19E-4052-89E6-7F0CA54E4F32}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{EB7C2753-33FC-4450-B2C2-CE2A4C273911}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{ED1A69DE-BF69-447E-8916-07D679D01746}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe | 
"{EFC4DE02-F641-4602-BCE8-AD4AB5D9D842}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe | 
"{F59FC9A4-249D-4FFD-9635-35ECE3185392}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm | 
"{F5FC535D-F5D6-429D-90D3-79BBE91EA3D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock\builds\release\bioshock.exe | 
"{F8A37327-C780-4C59-BD6A-9BBD964184BE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{FBE79317-CE86-4B5C-9EB4-8355B2DD16AF}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | 
"{FCD1427D-DE3F-46AC-82B1-1C88AAF5443C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe | 
"{FD2C1381-F9B0-413F-9DA4-A175614F8473}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{FD70CFFC-A6C0-4E06-A0A6-3B7DC21AFB52}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{FDCF9B95-D66F-42C6-8813-959689B801A5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"TCP Query User{06CA6FA1-B89B-45A1-9A54-73E22FD62425}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"TCP Query User{087DF8F3-F320-4751-8C96-A210C2B36501}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{0A55FD90-5C4C-44EF-BE90-74FAB79E4840}C:\programdata\battle.net\agent\agent.913\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | 
"TCP Query User{2C76F166-C16B-44AE-98A2-9522937B2151}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{3DB8FB4A-D136-46E7-B257-B61A311DE20B}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{549D1286-20A6-44D3-8AB3-F7B4769571BD}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{559AF120-6EB6-4EE5-8B36-F5ED6EF5B563}C:\program files (x86)\steam\steamapps\dimahl\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\dimahl\team fortress 2\hl2.exe | 
"TCP Query User{5A49F4A8-3ED4-41BE-8132-BC4EFF3C9EFF}C:\program files\java\jdk1.7.0_02\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_02\bin\java.exe | 
"TCP Query User{73905CBC-99B2-4854-B2DF-7CD7722865A8}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"TCP Query User{73A9392F-021F-421F-B3DE-E9AEFDC1D0B2}C:\users\hitless\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\hitless\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{7E1BB250-BBC2-466E-878C-7BD652C8BED0}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{A0B43921-DC0F-4C07-80D5-59AA8AA27126}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | 
"TCP Query User{C664C897-22B9-4CE4-9E08-8092A7A41D56}C:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"TCP Query User{CFD84D02-9FBD-40E8-BE39-0BF579D5EEAF}C:\program files (x86)\rockstar games\gta2\gta2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\gta2\gta2.exe | 
"TCP Query User{D6377C09-43E1-4E6C-BA20-CDEF082B2780}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"TCP Query User{D6FC7CD9-A90B-4D9A-8313-F164B2AFA318}C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe | 
"TCP Query User{E66D0539-E8C1-4854-9F54-82FD595323F1}C:\program files (x86)\qip 2012\qip.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip 2012\qip.exe | 
"TCP Query User{F56499BE-26AB-4607-A488-36BD79A03985}C:\program files\gta2\gta2.exe" = protocol=6 | dir=in | app=c:\program files\gta2\gta2.exe | 
"UDP Query User{0F487EF8-78BB-4998-9DD0-A6DB999916AA}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | 
"UDP Query User{161386F2-FD0E-40E0-BF2F-5E2ED90AC407}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{3BD6711F-9D0F-4D98-BD83-AE460C52EEC6}C:\program files (x86)\steam\steamapps\dimahl\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\dimahl\team fortress 2\hl2.exe | 
"UDP Query User{58F57729-F8FA-4B63-83A9-48DE5714DAA6}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"UDP Query User{6486E2AC-9CE5-485A-9110-C8B925740A7A}C:\program files (x86)\rockstar games\gta2\gta2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\gta2\gta2.exe | 
"UDP Query User{8C8DDA10-6B12-4030-AE97-743099FEB4AD}C:\program files (x86)\qip 2012\qip.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip 2012\qip.exe | 
"UDP Query User{991E630F-BD95-450F-87C2-80DDF0297637}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{A6FFC4E0-EBA2-4246-8DA6-4BDFA69833A3}C:\program files\java\jdk1.7.0_02\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_02\bin\java.exe | 
"UDP Query User{AC65B03F-DFA9-4E17-B889-DF2E2720060F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{B57DD5EE-5CC2-404F-97A7-C2F1E74C5D78}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"UDP Query User{C435B834-3809-4014-983F-821502BF82F3}C:\users\hitless\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\hitless\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{D4F6B7CE-BCC6-4D57-85E9-B7EA303A3C68}C:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"UDP Query User{DC3110D9-49EA-4837-8E7D-02B1DE3461BF}C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe | 
"UDP Query User{DD1BFD09-E8F0-4B04-8D75-998679A93AE6}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{E4A3C9F5-890A-42CB-A093-C93C1DEBB77C}C:\program files\gta2\gta2.exe" = protocol=17 | dir=in | app=c:\program files\gta2\gta2.exe | 
"UDP Query User{F0765E41-C3CD-49FF-AC6A-0D3872512E20}C:\programdata\battle.net\agent\agent.913\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | 
"UDP Query User{F7B36DAC-D2A2-4B61-A0AE-81CA3459D26A}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"UDP Query User{F932AAF5-8E67-4C6A-BAFE-0A14E0DE2E08}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0D432429-C79C-462D-ABD8-4D82B83A954B}" = Microsoft SQL Server System CLR Types (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{1111706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 (64-bit)
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219
"{2222706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 SDK (64-bit)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416033FF}" = Java(TM) 6 Update 33 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java(TM) 7 Update 2 (64-bit)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2A6823CE-23A8-35B3-8342-162A973CDD5B}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi-Software
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{4FC945A7-D54E-4F00-BE32-90553F80FCE8}" = ActivePerl 5.14.2 Build 1402 (64-bit)
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5ADA62BD-2FC0-4ECE-93AA-C933E69B2AB5}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java(TM) SE Development Kit 7 Update 2 (64-bit)
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++  Compilers 2010 Standard - enu - x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{8476A22A-405F-3DCB-96CA-D98C6418C89B}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E16BB50-E49A-3647-BD4D-4D150DCCBFAE}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E1C1D175-C23E-38F4-9AC1-ABE5167022CF}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBCA6D68-2FBE-4A52-8EAA-856CFEA714C8}" = Intel® PROSet/Wireless WiMAX Software
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)
"Logitech Unifying" = Logitech Unifying-Software 2.00
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"MiKTeX 2.9" = MiKTeX 2.9
"ProInst" = Intel PROSet Wireless
"sp6" = Logitech SetPoint 6.32
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UDK-6eec76be-be83-4f9d-a7e4-de10f07f198c" = My Game Long Name
"UDK-9eea78f8-1016-4817-b8ec-dcd011f7c35c" = My Game Long Name
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{103A5E44-DD5B-46D5-AD1E-9DF2260CA023}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Projekt
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver
"{28CF21CC-3FFF-3610-BA0E-5E5118EE92D5}" = Microsoft Visual Studio 2010 Premium - DEU
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++  Compilers 2010 Standard - enu - x86
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{3B69A712-4CBC-40B1-AE55-0203075FD093}" = Nokia Suite
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5454085C-129F-416C-9C0B-8B1000058301}" = BioShock 2
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{6AFE6FF2-059F-45F4-A2F2-0602C6DEBE0C}" = S60 3rd Edition SDK for Symbian OS, Supporting Feature Pack 2, for C++, Beta
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7390478C-8581-415E-92E9-2997D9306B81}" = PC Connectivity Solution
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{803910CC-3A39-45E3-A594-0D5512A60A86}" = Microsoft Silverlight 4 SDK - Deutsch
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{915C56D7-1EFD-4BF3-9FBE-2B0D39F36525}" = calibre
"{919E5477-D20B-4F64-AE8B-8199469F7817}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B001BC87-1A45-3656-AD07-213ED52F13E2}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B834524D-C302-F626-87D6-5E7352FBE502}" = simfy
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{BB1E119E-CF4B-4183-910E-A8C2B379F2C6}" = Microsoft SQL Server 2008 R2 Transact-SQL-Sprachdienst
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = Lenovo EasyCamera
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E77A53A2-4623-4635-AE7F-702152168EE5}" = Google Drive
"{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0
"AVerMedia A336 MiniCard Hybrid TV Tuner" = AVerMedia A336 MiniCard Hybrid TV Tuner 10.2.64.51
"Avira AntiVir Desktop" = Avira Free Antivirus
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"CSL Arm Toolchain (arm-symbianelf)_is1" = CSL ARM Toolchain (arm-symbianelf) 2005-Q1C
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"Drago_is1" = Drago 4.12
"DVBViewer Pro Demo_is1" = DVBViewer Pro DEMO
"Earthworm Jim_is1" = Earthworm Jim
"Foxit Reader_is1" = Foxit Reader
"GameSpy 3D" = GameSpy 3D
"Geany" = Geany 0.21
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mendeley Desktop" = Mendeley Desktop 1.6
"Microsoft Visual Studio 2010 Premium - DEU" = Microsoft Visual Studio 2010 Premium - DEU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"ProInst" = Intel PROSet Wireless
"Rockstar Games Social Club" = Rockstar Games Social Club
"Simfy" = simfy
"Steam App 105300" = Critical Mass
"Steam App 110800" = L.A. Noire
"Steam App 111800" = Blocks That Matter
"Steam App 113200" = The Binding Of Isaac
"Steam App 12200" = Bully: Scholarship Edition
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 1500" = Darwinia
"Steam App 1510" = Uplink
"Steam App 17410" = Mirror's Edge
"Steam App 17470" = Dead Space
"Steam App 200001" = Saints Row The Third Prima Official Strategy Guide
"Steam App 200900" = Cave Story+
"Steam App 201280" = Deus Ex: Human Revolution - The Missing Link
"Steam App 203730" = Q.U.B.E.
"Steam App 204060" = Superbrothers: Sword & Sworcery EP
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 28110" = Deus Ex Human Revolution Augmented Edition Bonus Content
"Steam App 35140" = Batman: Arkham Asylum GOTY Edition
"Steam App 38720" = RUSH
"Steam App 38740" = EDGE
"Steam App 40800" = Super Meat Boy
"Steam App 41500" = Torchlight
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 50620" = Darksiders
"Steam App 55230" = Saints Row: The Third
"Steam App 570" = Dota 2
"Steam App 57400" = Batman: Arkham City™
"Steam App 620" = Portal 2
"Steam App 63710" = BIT.TRIP RUNNER
"Steam App 6860" = Hitman: Blood Money
"Steam App 7670" = BioShock
"Steam App 8190" = Just Cause 2
"Steam App 8850" = BioShock 2
"Steam App 8980" = Borderlands
"Steam App 9480" = Saints Row 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Texmaker" = Texmaker
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TIPP10_is1" = TIPP10 Version 2.1.0
"Tygem Baduk" = TygemBaduk Remove
"VeriFace" = VeriFace 
"VLC media player" = VLC media player 1.1.11
"WebcamMax" = WebcamMax
"WinEdt 7" = WinEdt 7
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"CGoban 3" = CGoban 3
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"QIP 2012" = QIP 2012 4.0.7210
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.06.2012 06:39:22 | Computer Name = Yeah-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
 stamp: 0x4a5bc3c1  Faulting module name: pouawxp0u.dll_unloaded, version: 0.0.0.0,
 time stamp: 0x4fc94cc8  Exception code: 0xc0000005  Fault offset: 0x00000000754a64e2
Faulting
 process id: 0x4a8  Faulting application start time: 0x01cd44959b28851d  Faulting application
 path: C:\Windows\system32\svchost.exe  Faulting module path: pouawxp0u.dll  Report 
Id: 0add6387-b08d-11e1-a9e6-9439e5e48044
 
Error - 07.06.2012 09:46:59 | Computer Name = Yeah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 07.06.2012 09:46:59 | Computer Name = Yeah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 07.06.2012 09:46:59 | Computer Name = Yeah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 07.06.2012 09:46:59 | Computer Name = Yeah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 07.06.2012 09:46:59 | Computer Name = Yeah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 07.06.2012 09:47:00 | Computer Name = Yeah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 07.06.2012 09:47:00 | Computer Name = Yeah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 07.06.2012 09:47:00 | Computer Name = Yeah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 07.06.2012 09:47:00 | Computer Name = Yeah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
[ System Events ]
Error - 05.09.2012 04:25:12 | Computer Name = Yeah-PC | Source = Service Control Manager | ID = 7023
Description = The DNS Client service terminated with the following error:   %%5
 
Error - 05.09.2012 04:25:12 | Computer Name = Yeah-PC | Source = Service Control Manager | ID = 7023
Description = The DNS Client service terminated with the following error:   %%5
 
Error - 05.09.2012 04:25:12 | Computer Name = Yeah-PC | Source = Service Control Manager | ID = 7023
Description = The DNS Client service terminated with the following error:   %%5
 
Error - 05.09.2012 04:25:12 | Computer Name = Yeah-PC | Source = Service Control Manager | ID = 7023
Description = The DNS Client service terminated with the following error:   %%5
 
Error - 05.09.2012 04:25:27 | Computer Name = Yeah-PC | Source = Service Control Manager | ID = 7023
Description = The DNS Client service terminated with the following error:   %%5
 
Error - 05.09.2012 04:25:27 | Computer Name = Yeah-PC | Source = Service Control Manager | ID = 7023
Description = The DNS Client service terminated with the following error:   %%5
 
Error - 05.09.2012 04:25:27 | Computer Name = Yeah-PC | Source = Service Control Manager | ID = 7023
Description = The DNS Client service terminated with the following error:   %%5
 
Error - 05.09.2012 04:25:27 | Computer Name = Yeah-PC | Source = Service Control Manager | ID = 7023
Description = The DNS Client service terminated with the following error:   %%5
 
Error - 05.09.2012 04:25:39 | Computer Name = Yeah-PC | Source = Service Control Manager | ID = 7023
Description = The DNS Client service terminated with the following error:   %%5
 
Error - 05.09.2012 04:35:08 | Computer Name = Yeah-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:34:21 on ?05.?09.?2012 was unexpected.
 
 
< End of report >
         
--- --- ---

Geändert von Dimon (05.09.2012 um 10:34 Uhr)

Alt 05.09.2012, 13:35   #2
Psychotic
/// Malwareteam
 
GVU Trojaner mit Webcam - Standard

GVU Trojaner mit Webcam





Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.



Schritt 1: aswMBR


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.



Schritt 2: Scan mit TDSS-Killer



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Klicke Change parameters, wähle Detect TDLFS file system, klicke OK.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.



Schritt 3: custom Scan mit OTL


Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers /S
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters /S
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters /S
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com /S
%SystemRoot%\system32\*.tsp
C:\Windows\system32\*.dll /360
C:\Windows\SysNative\*.dll /360
C:\Windows\SysWOW64\*.dll /360
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 05.09.2012, 15:28   #3
Dimon
 
GVU Trojaner mit Webcam - Standard

GVU Trojaner mit Webcam



Hi,

Bei Schritt 1 stürzt avast! Antirootkit bei "AVAST engine scan" ab. Habe es schon mehrmals versucht, aber es passiert immer wieder und immer bei der gleichen Datei "C:\Windows\assembly\GAC_MSIL\Microsoft.TeamFoundation.WorkItemTracking.[...](mehr kann man nicht lesen)".

Grüße
Dimon
__________________

Alt 05.09.2012, 15:53   #4
Psychotic
/// Malwareteam
 
GVU Trojaner mit Webcam - Standard

GVU Trojaner mit Webcam



Hast du das Programm per Rechtsklick-->Als Administrator starten ausgeführt?
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 05.09.2012, 16:42   #5
Dimon
 
GVU Trojaner mit Webcam - Standard

GVU Trojaner mit Webcam



Ja habe ich.

Hatte vor meinen letzten Beitrag zu editieren, ging aber nicht da es schon länger her ist.
Was ich mitteilen will:

Bin mir ziemlich sicher, dass ich es vorher auch als Admin gestartet habe.
Hab es noch mal ausprobiert und diesmal hat es funktioniert.

Hier die Ergebnisse.

aswMBR:
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-05 18:09:37
-----------------------------
18:09:37.980    OS Version: Windows x64 6.1.7601 Service Pack 1
18:09:37.980    Number of processors: 8 586 0x2A07
18:09:37.980    ComputerName: YEAH-PC  UserName: Hitless
18:09:39.088    Initialize success
18:09:45.172    AVAST engine defs: 12090501
18:09:48.026    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:09:48.026    Disk 0 Vendor: WDC_WD75 03.0 Size: 715404MB BusType: 3
18:09:48.073    Disk 0 MBR read successfully
18:09:48.073    Disk 0 MBR scan
18:09:48.073    Disk 0 Windows 7 default MBR code
18:09:48.073    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
18:09:48.089    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       514194 MB offset 206848
18:09:48.089    Disk 0 Partition - 00     0F Extended LBA            200001 MB offset 1053276160
18:09:48.120    Disk 0 Partition 3 00     12  Compaq diag NTFS         1108 MB offset 1462878272
18:09:48.151    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       200000 MB offset 1053278208
18:09:48.151    Disk 0 scanning C:\Windows\system32\drivers
18:09:58.478    Service scanning
18:10:31.238    Modules scanning
18:10:31.238    Disk 0 trace - called modules:
18:10:31.285    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
18:10:31.285    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80096a6790]
18:10:31.285    3 CLASSPNP.SYS[fffff88001bcc43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007887050]
18:10:32.954    AVAST engine scan C:\Windows
18:10:35.638    AVAST engine scan C:\Windows\system32
18:14:11.306    AVAST engine scan C:\Windows\system32\drivers
18:14:23.411    AVAST engine scan C:\Users\Hitless
18:19:07.956    AVAST engine scan C:\ProgramData
18:19:58.625    Scan finished successfully
18:20:34.973    Disk 0 MBR has been saved successfully to "C:\Users\Hitless\Desktop\MBR.dat"
18:20:34.988    The log file has been saved successfully to "C:\Users\Hitless\Desktop\aswMBR.txt"
         
tdsskiller:

Code:
ATTFilter
18:21:39.0462 1124  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:21:39.0478 1124  ============================================================
18:21:39.0478 1124  Current date / time: 2012/09/05 18:21:39.0478
18:21:39.0478 1124  SystemInfo:
18:21:39.0478 1124  
18:21:39.0478 1124  OS Version: 6.1.7601 ServicePack: 1.0
18:21:39.0478 1124  Product type: Workstation
18:21:39.0478 1124  ComputerName: YEAH-PC
18:21:39.0478 1124  UserName: Hitless
18:21:39.0478 1124  Windows directory: C:\Windows
18:21:39.0478 1124  System windows directory: C:\Windows
18:21:39.0478 1124  Running under WOW64
18:21:39.0478 1124  Processor architecture: Intel x64
18:21:39.0478 1124  Number of processors: 8
18:21:39.0478 1124  Page size: 0x1000
18:21:39.0478 1124  Boot type: Normal boot
18:21:39.0478 1124  ============================================================
18:21:39.0915 1124  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:21:39.0930 1124  ============================================================
18:21:39.0930 1124  \Device\Harddisk0\DR0:
18:21:39.0930 1124  MBR partitions:
18:21:39.0930 1124  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:21:39.0930 1124  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3EC49000
18:21:39.0962 1124  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3EC7C000, BlocksNum 0x186A0000
18:21:39.0962 1124  ============================================================
18:21:40.0008 1124  C: <-> \Device\Harddisk0\DR0\Partition2
18:21:40.0055 1124  D: <-> \Device\Harddisk0\DR0\Partition3
18:21:40.0055 1124  ============================================================
18:21:40.0055 1124  Initialize success
18:21:40.0055 1124  ============================================================
18:22:16.0840 4780  ============================================================
18:22:16.0840 4780  Scan started
18:22:16.0840 4780  Mode: Manual; TDLFS; 
18:22:16.0840 4780  ============================================================
18:22:17.0168 4780  ================ Scan system memory ========================
18:22:17.0168 4780  System memory - ok
18:22:17.0168 4780  ================ Scan services =============================
18:22:17.0370 4780  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:22:17.0386 4780  1394ohci - ok
18:22:17.0417 4780  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:22:17.0433 4780  ACPI - ok
18:22:17.0464 4780  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:22:17.0464 4780  AcpiPmi - ok
18:22:17.0511 4780  [ 5BBFF8B826EC38D32C26334E079C7EFC ] ACPIVPC         C:\Windows\system32\DRIVERS\AcpiVpc.sys
18:22:17.0511 4780  ACPIVPC - ok
18:22:17.0698 4780  [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:22:17.0698 4780  AdobeFlashPlayerUpdateSvc - ok
18:22:17.0745 4780  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
18:22:17.0760 4780  adp94xx - ok
18:22:17.0776 4780  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
18:22:17.0776 4780  adpahci - ok
18:22:17.0792 4780  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
18:22:17.0792 4780  adpu320 - ok
18:22:17.0823 4780  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:22:17.0823 4780  AeLookupSvc - ok
18:22:17.0854 4780  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
18:22:17.0870 4780  AFD - ok
18:22:17.0916 4780  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:22:17.0916 4780  agp440 - ok
18:22:17.0916 4780  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
18:22:17.0916 4780  ALG - ok
18:22:17.0932 4780  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:22:17.0932 4780  aliide - ok
18:22:17.0948 4780  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
18:22:17.0948 4780  amdide - ok
18:22:17.0963 4780  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
18:22:17.0963 4780  AmdK8 - ok
18:22:17.0979 4780  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:22:17.0979 4780  AmdPPM - ok
18:22:18.0010 4780  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:22:18.0010 4780  amdsata - ok
18:22:18.0041 4780  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
18:22:18.0041 4780  amdsbs - ok
18:22:18.0057 4780  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:22:18.0057 4780  amdxata - ok
18:22:18.0150 4780  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:22:18.0150 4780  AntiVirSchedulerService - ok
18:22:18.0197 4780  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:22:18.0197 4780  AntiVirService - ok
18:22:18.0228 4780  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
18:22:18.0244 4780  AppID - ok
18:22:18.0260 4780  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:22:18.0260 4780  AppIDSvc - ok
18:22:18.0275 4780  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
18:22:18.0291 4780  Appinfo - ok
18:22:18.0338 4780  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
18:22:18.0338 4780  AppMgmt - ok
18:22:18.0353 4780  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
18:22:18.0353 4780  arc - ok
18:22:18.0369 4780  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
18:22:18.0369 4780  arcsas - ok
18:22:18.0478 4780  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:22:18.0478 4780  aspnet_state - ok
18:22:18.0509 4780  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:22:18.0509 4780  AsyncMac - ok
18:22:18.0572 4780  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
18:22:18.0572 4780  atapi - ok
18:22:18.0618 4780  [ 64F07381335E37C142F6D176705FFCA6 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
18:22:18.0634 4780  atksgt - ok
18:22:18.0681 4780  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:22:18.0681 4780  AudioEndpointBuilder - ok
18:22:18.0696 4780  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:22:18.0696 4780  AudioSrv - ok
18:22:18.0743 4780  [ 3016E1ABE80000A260FF690A0375823D ] AVerPola        C:\Windows\system32\DRIVERS\AVerPola.sys
18:22:18.0743 4780  AVerPola - ok
18:22:18.0774 4780  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
18:22:18.0774 4780  avgntflt - ok
18:22:18.0790 4780  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
18:22:18.0790 4780  avipbb - ok
18:22:18.0806 4780  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
18:22:18.0806 4780  avkmgr - ok
18:22:18.0821 4780  [ 47CD6343EC5859882A4A1353956B8933 ] AVPolDIR        C:\Windows\system32\DRIVERS\AVPolDIR.sys
18:22:18.0821 4780  AVPolDIR - ok
18:22:18.0852 4780  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:22:18.0852 4780  AxInstSV - ok
18:22:18.0899 4780  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
18:22:18.0899 4780  b06bdrv - ok
18:22:18.0946 4780  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:22:18.0946 4780  b57nd60a - ok
18:22:19.0071 4780  [ B5D54119CE0BB77872C33A717CB76386 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
18:22:19.0086 4780  BCM43XX - ok
18:22:19.0180 4780  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:22:19.0196 4780  BDESVC - ok
18:22:19.0211 4780  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:22:19.0211 4780  Beep - ok
18:22:19.0258 4780  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
18:22:19.0258 4780  BFE - ok
18:22:19.0289 4780  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
18:22:19.0305 4780  BITS - ok
18:22:19.0320 4780  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:22:19.0320 4780  blbdrive - ok
18:22:19.0336 4780  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:22:19.0352 4780  bowser - ok
18:22:19.0383 4780  [ B19ABB2DC3B769EC55B3B722AA40244E ] bpenum          C:\Windows\system32\DRIVERS\bpenum.sys
18:22:19.0383 4780  bpenum - ok
18:22:19.0414 4780  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:22:19.0414 4780  BrFiltLo - ok
18:22:19.0414 4780  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:22:19.0414 4780  BrFiltUp - ok
18:22:19.0476 4780  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
18:22:19.0476 4780  Browser - ok
18:22:19.0492 4780  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:22:19.0492 4780  Brserid - ok
18:22:19.0508 4780  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:22:19.0508 4780  BrSerWdm - ok
18:22:19.0508 4780  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:22:19.0508 4780  BrUsbMdm - ok
18:22:19.0508 4780  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:22:19.0508 4780  BrUsbSer - ok
18:22:19.0554 4780  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
18:22:19.0554 4780  BthEnum - ok
18:22:19.0554 4780  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
18:22:19.0554 4780  BTHMODEM - ok
18:22:19.0601 4780  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
18:22:19.0601 4780  BthPan - ok
18:22:19.0648 4780  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
18:22:19.0664 4780  BTHPORT - ok
18:22:19.0695 4780  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
18:22:19.0695 4780  bthserv - ok
18:22:19.0742 4780  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
18:22:19.0742 4780  BTHUSB - ok
18:22:19.0773 4780  [ F8CFAFBD5BF8B3DDB0D3C2943A5AF8CE ] BTWAMPFL        C:\Windows\system32\DRIVERS\btwampfl.sys
18:22:19.0773 4780  BTWAMPFL - ok
18:22:19.0788 4780  [ 44770A3C07EBD5D6D7CD7DBA915B49BC ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
18:22:19.0788 4780  btwaudio - ok
18:22:19.0804 4780  [ 75B59923087AE6EB064D13D8F58A02B6 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
18:22:19.0820 4780  btwavdt - ok
18:22:19.0882 4780  [ E1C1BCC8211E3AE2B524DEEF071FAF2A ] btwdins         C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
18:22:19.0882 4780  btwdins - ok
18:22:19.0898 4780  [ E06FE51893B481A200214760C0DE2621 ] BTWDPAN         C:\Windows\system32\DRIVERS\btwdpan.sys
18:22:19.0898 4780  BTWDPAN - ok
18:22:19.0913 4780  [ B9354F9F111C64F2495B60F1E24CB453 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
18:22:19.0913 4780  btwl2cap - ok
18:22:19.0929 4780  [ 9555E15F828760341751E9183BD34E60 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
18:22:19.0929 4780  btwrchid - ok
18:22:19.0960 4780  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:22:19.0960 4780  cdfs - ok
18:22:20.0022 4780  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
18:22:20.0022 4780  cdrom - ok
18:22:20.0054 4780  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
18:22:20.0054 4780  CertPropSvc - ok
18:22:20.0085 4780  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
18:22:20.0085 4780  circlass - ok
18:22:20.0116 4780  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
18:22:20.0116 4780  CLFS - ok
18:22:20.0178 4780  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:22:20.0178 4780  clr_optimization_v2.0.50727_32 - ok
18:22:20.0210 4780  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:22:20.0225 4780  clr_optimization_v2.0.50727_64 - ok
18:22:20.0303 4780  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:22:20.0303 4780  clr_optimization_v4.0.30319_32 - ok
18:22:20.0334 4780  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:22:20.0334 4780  clr_optimization_v4.0.30319_64 - ok
18:22:20.0366 4780  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:22:20.0366 4780  CmBatt - ok
18:22:20.0397 4780  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:22:20.0397 4780  cmdide - ok
18:22:20.0444 4780  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
18:22:20.0444 4780  CNG - ok
18:22:20.0459 4780  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:22:20.0475 4780  Compbatt - ok
18:22:20.0506 4780  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
18:22:20.0522 4780  CompositeBus - ok
18:22:20.0522 4780  COMSysApp - ok
18:22:20.0600 4780  [ C08063F052308B6F5882482615387F30 ] cpuz135         C:\Windows\system32\drivers\cpuz135_x64.sys
18:22:20.0600 4780  cpuz135 - ok
18:22:20.0615 4780  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
18:22:20.0615 4780  crcdisk - ok
18:22:20.0662 4780  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:22:20.0662 4780  CryptSvc - ok
18:22:20.0693 4780  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
18:22:20.0709 4780  CSC - ok
18:22:20.0740 4780  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
18:22:20.0756 4780  CscService - ok
18:22:20.0787 4780  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:22:20.0787 4780  DcomLaunch - ok
18:22:20.0818 4780  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
18:22:20.0818 4780  defragsvc - ok
18:22:20.0849 4780  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:22:20.0849 4780  DfsC - ok
18:22:20.0880 4780  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:22:20.0880 4780  Dhcp - ok
18:22:20.0912 4780  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
18:22:20.0912 4780  discache - ok
18:22:20.0943 4780  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
18:22:20.0943 4780  Disk - ok
18:22:20.0990 4780  [ E0CC5023D01DE5304C6D3CF5262D9B10 ] DMAgent         C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
18:22:21.0005 4780  DMAgent - ok
18:22:21.0052 4780  [ BA3CCE7BC1A0D81065617EBEC4845F5B ] Dnscache        C:\Windows\System32\pouawxp0u.dll
18:22:21.0052 4780  Dnscache - ok
18:22:21.0083 4780  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:22:21.0083 4780  dot3svc - ok
18:22:21.0114 4780  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
18:22:21.0114 4780  DPS - ok
18:22:21.0146 4780  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:22:21.0146 4780  drmkaud - ok
18:22:21.0192 4780  [ 400582B09E0BB557D0EC28A945150EEB ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:22:21.0192 4780  dtsoftbus01 - ok
18:22:21.0224 4780  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:22:21.0239 4780  DXGKrnl - ok
18:22:21.0270 4780  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
18:22:21.0270 4780  EapHost - ok
18:22:21.0348 4780  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
18:22:21.0395 4780  ebdrv - ok
18:22:21.0442 4780  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
18:22:21.0442 4780  EFS - ok
18:22:21.0504 4780  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:22:21.0520 4780  ehRecvr - ok
18:22:21.0536 4780  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
18:22:21.0536 4780  ehSched - ok
18:22:21.0567 4780  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
18:22:21.0582 4780  elxstor - ok
18:22:21.0598 4780  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:22:21.0598 4780  ErrDev - ok
18:22:21.0629 4780  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
18:22:21.0629 4780  EventSystem - ok
18:22:21.0707 4780  [ 54FC81B0162478A72A93DBBEAFB35671 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:22:21.0738 4780  EvtEng - ok
18:22:21.0770 4780  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
18:22:21.0770 4780  exfat - ok
18:22:21.0785 4780  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:22:21.0785 4780  fastfat - ok
18:22:21.0832 4780  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
18:22:21.0848 4780  Fax - ok
18:22:21.0848 4780  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:22:21.0848 4780  fdc - ok
18:22:21.0863 4780  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:22:21.0863 4780  fdPHost - ok
18:22:21.0879 4780  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:22:21.0879 4780  FDResPub - ok
18:22:21.0894 4780  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:22:21.0894 4780  FileInfo - ok
18:22:21.0910 4780  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:22:21.0910 4780  Filetrace - ok
18:22:21.0910 4780  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:22:21.0910 4780  flpydisk - ok
18:22:21.0926 4780  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:22:21.0926 4780  FltMgr - ok
18:22:21.0972 4780  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
18:22:21.0988 4780  FontCache - ok
18:22:22.0035 4780  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:22:22.0035 4780  FontCache3.0.0.0 - ok
18:22:22.0066 4780  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:22:22.0066 4780  FsDepends - ok
18:22:22.0097 4780  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:22:22.0097 4780  Fs_Rec - ok
18:22:22.0175 4780  [ 0D015D3584704EC814A58276232F143B ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
18:22:22.0175 4780  Futuremark SystemInfo Service - ok
18:22:22.0191 4780  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:22:22.0191 4780  fvevol - ok
18:22:22.0222 4780  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
18:22:22.0222 4780  gagp30kx - ok
18:22:22.0238 4780  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
18:22:22.0253 4780  gpsvc - ok
18:22:22.0456 4780  GPU-Z - ok
18:22:22.0565 4780  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:22:22.0565 4780  gupdate - ok
18:22:22.0612 4780  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:22:22.0612 4780  gupdatem - ok
18:22:22.0752 4780  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
18:22:22.0752 4780  hamachi - ok
18:22:22.0784 4780  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:22:22.0784 4780  hcw85cir - ok
18:22:22.0846 4780  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:22:22.0846 4780  HdAudAddService - ok
18:22:22.0877 4780  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
18:22:22.0893 4780  HDAudBus - ok
18:22:22.0893 4780  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
18:22:22.0893 4780  HidBatt - ok
18:22:22.0908 4780  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
18:22:22.0908 4780  HidBth - ok
18:22:22.0924 4780  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
18:22:22.0924 4780  HidIr - ok
18:22:22.0955 4780  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
18:22:22.0955 4780  hidserv - ok
18:22:23.0002 4780  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:22:23.0002 4780  HidUsb - ok
18:22:23.0033 4780  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:22:23.0033 4780  hkmsvc - ok
18:22:23.0064 4780  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:22:23.0064 4780  HomeGroupListener - ok
18:22:23.0096 4780  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:22:23.0096 4780  HomeGroupProvider - ok
18:22:23.0127 4780  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:22:23.0127 4780  HpSAMD - ok
18:22:23.0174 4780  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:22:23.0189 4780  HTTP - ok
18:22:23.0205 4780  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:22:23.0205 4780  hwpolicy - ok
18:22:23.0252 4780  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
18:22:23.0252 4780  i8042prt - ok
18:22:23.0283 4780  [ D469B77687E12FE43E344806740B624D ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
18:22:23.0283 4780  iaStor - ok
18:22:23.0361 4780  [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:22:23.0376 4780  IAStorDataMgrSvc - ok
18:22:23.0408 4780  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:22:23.0423 4780  iaStorV - ok
18:22:23.0501 4780  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:22:23.0517 4780  idsvc - ok
18:22:23.0735 4780  [ 795C99DC4F574C97C03D0BB39CF099EE ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
18:22:23.0938 4780  igfx - ok
18:22:23.0969 4780  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
18:22:23.0969 4780  iirsp - ok
18:22:24.0000 4780  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
18:22:24.0016 4780  IKEEXT - ok
18:22:24.0078 4780  [ 1CE438B31551746AB450D8FFA403BDB5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:22:24.0094 4780  IntcAzAudAddService - ok
18:22:24.0141 4780  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
18:22:24.0156 4780  IntcDAud - ok
18:22:24.0188 4780  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
18:22:24.0188 4780  intelide - ok
18:22:24.0219 4780  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:22:24.0219 4780  intelppm - ok
18:22:24.0250 4780  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:22:24.0250 4780  IPBusEnum - ok
18:22:24.0281 4780  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:22:24.0281 4780  IpFilterDriver - ok
18:22:24.0328 4780  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:22:24.0344 4780  iphlpsvc - ok
18:22:24.0375 4780  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:22:24.0375 4780  IPMIDRV - ok
18:22:24.0406 4780  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:22:24.0406 4780  IPNAT - ok
18:22:24.0437 4780  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:22:24.0437 4780  IRENUM - ok
18:22:24.0484 4780  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:22:24.0484 4780  isapnp - ok
18:22:24.0515 4780  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:22:24.0531 4780  iScsiPrt - ok
18:22:24.0578 4780  [ E56417C56B6A7316B6F527C890A1860D ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
18:22:24.0578 4780  JMCR - ok
18:22:24.0593 4780  [ 455B75C19BF3F1F2EE3AC10E1169826C ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
18:22:24.0609 4780  k57nd60a - ok
18:22:24.0624 4780  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:22:24.0624 4780  kbdclass - ok
18:22:24.0640 4780  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:22:24.0640 4780  kbdhid - ok
18:22:24.0671 4780  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
18:22:24.0671 4780  KeyIso - ok
18:22:24.0702 4780  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:22:24.0702 4780  KSecDD - ok
18:22:24.0749 4780  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:22:24.0749 4780  KSecPkg - ok
18:22:24.0765 4780  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:22:24.0765 4780  ksthunk - ok
18:22:24.0796 4780  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:22:24.0796 4780  KtmRm - ok
18:22:24.0843 4780  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:22:24.0843 4780  LanmanServer - ok
18:22:24.0874 4780  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:22:24.0874 4780  LanmanWorkstation - ok
18:22:24.0999 4780  [ 7772DFAB22611050B79504E671B06E6E ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
18:22:24.0999 4780  LBTServ - ok
18:22:25.0046 4780  [ ED7EC050CD6C20E1A93A4DAFB7EFD14D ] LEqdUsb         C:\Windows\system32\DRIVERS\LEqdUsb.Sys
18:22:25.0046 4780  LEqdUsb - ok
18:22:25.0077 4780  [ BE166935083F9C38EDFDC21B9A7A679B ] LHDmgr          C:\Windows\system32\DRIVERS\LhdX64.sys
18:22:25.0077 4780  LHDmgr - ok
18:22:25.0092 4780  [ 3267BC698E29474A8381E68904EB0390 ] LHidEqd         C:\Windows\system32\DRIVERS\LHidEqd.Sys
18:22:25.0092 4780  LHidEqd - ok
18:22:25.0108 4780  [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:22:25.0108 4780  LHidFilt - ok
18:22:25.0155 4780  [ 83BA097ACAAD0B00505634A62D90F93A ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
18:22:25.0155 4780  lirsgt - ok
18:22:25.0170 4780  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:22:25.0170 4780  lltdio - ok
18:22:25.0202 4780  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:22:25.0202 4780  lltdsvc - ok
18:22:25.0233 4780  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:22:25.0233 4780  lmhosts - ok
18:22:25.0264 4780  [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:22:25.0264 4780  LMouFilt - ok
18:22:25.0295 4780  [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:22:25.0295 4780  LMS - ok
18:22:25.0342 4780  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
18:22:25.0342 4780  LSI_FC - ok
18:22:25.0358 4780  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
18:22:25.0358 4780  LSI_SAS - ok
18:22:25.0358 4780  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:22:25.0373 4780  LSI_SAS2 - ok
18:22:25.0389 4780  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:22:25.0389 4780  LSI_SCSI - ok
18:22:25.0404 4780  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
18:22:25.0404 4780  luafv - ok
18:22:25.0482 4780  [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
18:22:25.0482 4780  MBAMProtector - ok
18:22:25.0545 4780  [ 43683E970F008C93C9429EF428147A54 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:22:25.0545 4780  MBAMService - ok
18:22:25.0576 4780  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:22:25.0576 4780  Mcx2Svc - ok
18:22:25.0607 4780  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
18:22:25.0607 4780  megasas - ok
18:22:25.0638 4780  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
18:22:25.0638 4780  MegaSR - ok
18:22:25.0670 4780  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
18:22:25.0670 4780  MEIx64 - ok
18:22:25.0701 4780  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
18:22:25.0701 4780  MMCSS - ok
18:22:25.0716 4780  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
18:22:25.0716 4780  Modem - ok
18:22:25.0732 4780  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:22:25.0732 4780  monitor - ok
18:22:25.0779 4780  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:22:25.0779 4780  mouclass - ok
18:22:25.0794 4780  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:22:25.0794 4780  mouhid - ok
18:22:25.0826 4780  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:22:25.0826 4780  mountmgr - ok
18:22:25.0919 4780  [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:22:25.0919 4780  MozillaMaintenance - ok
18:22:25.0966 4780  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:22:25.0966 4780  mpio - ok
18:22:25.0966 4780  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:22:25.0966 4780  mpsdrv - ok
18:22:26.0013 4780  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:22:26.0013 4780  MpsSvc - ok
18:22:26.0044 4780  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:22:26.0060 4780  MRxDAV - ok
18:22:26.0091 4780  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:22:26.0091 4780  mrxsmb - ok
18:22:26.0122 4780  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:22:26.0122 4780  mrxsmb10 - ok
18:22:26.0138 4780  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:22:26.0138 4780  mrxsmb20 - ok
18:22:26.0169 4780  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:22:26.0184 4780  msahci - ok
18:22:26.0200 4780  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:22:26.0200 4780  msdsm - ok
18:22:26.0216 4780  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
18:22:26.0216 4780  MSDTC - ok
18:22:26.0247 4780  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:22:26.0247 4780  Msfs - ok
18:22:26.0262 4780  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:22:26.0262 4780  mshidkmdf - ok
18:22:26.0278 4780  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:22:26.0278 4780  msisadrv - ok
18:22:26.0309 4780  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:22:26.0309 4780  MSiSCSI - ok
18:22:26.0309 4780  msiserver - ok
18:22:26.0340 4780  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:22:26.0340 4780  MSKSSRV - ok
18:22:26.0356 4780  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:22:26.0356 4780  MSPCLOCK - ok
18:22:26.0372 4780  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:22:26.0372 4780  MSPQM - ok
18:22:26.0403 4780  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:22:26.0403 4780  MsRPC - ok
18:22:26.0450 4780  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
18:22:26.0450 4780  mssmbios - ok
18:22:26.0512 4780  MSSQL$SQLEXPRESS - ok
18:22:26.0590 4780  [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
18:22:26.0590 4780  MSSQLServerADHelper100 - ok
18:22:26.0606 4780  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:22:26.0606 4780  MSTEE - ok
18:22:26.0606 4780  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
18:22:26.0606 4780  MTConfig - ok
18:22:26.0621 4780  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:22:26.0621 4780  Mup - ok
18:22:26.0668 4780  [ 4BBB9D9C4DF259FAE2D172C5BB25DDD0 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
18:22:26.0684 4780  MyWiFiDHCPDNS - ok
18:22:26.0715 4780  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
18:22:26.0730 4780  napagent - ok
18:22:26.0762 4780  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:22:26.0762 4780  NativeWifiP - ok
18:22:26.0793 4780  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:22:26.0793 4780  NDIS - ok
18:22:26.0808 4780  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:22:26.0808 4780  NdisCap - ok
18:22:26.0824 4780  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:22:26.0824 4780  NdisTapi - ok
18:22:26.0855 4780  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:22:26.0855 4780  Ndisuio - ok
18:22:26.0871 4780  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:22:26.0886 4780  NdisWan - ok
18:22:26.0902 4780  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:22:26.0902 4780  NDProxy - ok
18:22:26.0918 4780  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:22:26.0918 4780  NetBIOS - ok
18:22:26.0933 4780  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:22:26.0949 4780  NetBT - ok
18:22:26.0980 4780  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
18:22:26.0980 4780  Netlogon - ok
18:22:27.0011 4780  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
18:22:27.0011 4780  Netman - ok
18:22:27.0089 4780  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:22:27.0089 4780  NetMsmqActivator - ok
18:22:27.0089 4780  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:22:27.0089 4780  NetPipeActivator - ok
18:22:27.0105 4780  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
18:22:27.0105 4780  netprofm - ok
18:22:27.0105 4780  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:22:27.0105 4780  NetTcpActivator - ok
18:22:27.0105 4780  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:22:27.0105 4780  NetTcpPortSharing - ok
18:22:27.0136 4780  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
18:22:27.0136 4780  nfrd960 - ok
18:22:27.0183 4780  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:22:27.0198 4780  NlaSvc - ok
18:22:27.0261 4780  [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd           C:\Windows\system32\drivers\ccdcmbx64.sys
18:22:27.0261 4780  nmwcd - ok
18:22:27.0308 4780  [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc          C:\Windows\system32\drivers\ccdcmbox64.sys
18:22:27.0308 4780  nmwcdc - ok
18:22:27.0323 4780  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:22:27.0323 4780  Npfs - ok
18:22:27.0354 4780  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
18:22:27.0354 4780  nsi - ok
18:22:27.0370 4780  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:22:27.0370 4780  nsiproxy - ok
18:22:27.0432 4780  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:22:27.0464 4780  Ntfs - ok
18:22:27.0479 4780  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
18:22:27.0479 4780  Null - ok
18:22:27.0510 4780  [ A7127E86F9FFE2A53E271B56B2C4CEDF ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
18:22:27.0510 4780  nusb3hub - ok
18:22:27.0526 4780  [ 49BBEC6F48D5F9284B03ABF3A959B19B ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:22:27.0526 4780  nusb3xhc - ok
18:22:27.0791 4780  [ CBF698ABE989D60EC0D0B6B81AD82930 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:22:27.0869 4780  nvlddmkm - ok
18:22:27.0885 4780  [ 15A5E8C29FAA7BB15C6B625D44F5EA7F ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
18:22:27.0885 4780  nvpciflt - ok
18:22:27.0932 4780  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:22:27.0932 4780  nvraid - ok
18:22:27.0963 4780  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:22:27.0963 4780  nvstor - ok
18:22:28.0025 4780  [ CCE27B95D1AE8128A7E0CEE0FC9AE535 ] NVSvc           C:\Windows\system32\nvvsvc.exe
18:22:28.0056 4780  NVSvc - ok
18:22:28.0134 4780  [ D4F624D918686491E1B1AFAF1901F457 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
18:22:28.0150 4780  nvUpdatusService - ok
18:22:28.0197 4780  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:22:28.0212 4780  nv_agp - ok
18:22:28.0244 4780  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:22:28.0244 4780  ohci1394 - ok
18:22:28.0275 4780  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:22:28.0275 4780  p2pimsvc - ok
18:22:28.0306 4780  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:22:28.0322 4780  p2psvc - ok
18:22:28.0353 4780  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:22:28.0353 4780  Parport - ok
18:22:28.0368 4780  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:22:28.0384 4780  partmgr - ok
18:22:28.0400 4780  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:22:28.0400 4780  PcaSvc - ok
18:22:28.0446 4780  [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
18:22:28.0446 4780  pccsmcfd - ok
18:22:28.0493 4780  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
18:22:28.0493 4780  pci - ok
18:22:28.0524 4780  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
18:22:28.0524 4780  pciide - ok
18:22:28.0556 4780  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
18:22:28.0556 4780  pcmcia - ok
18:22:28.0571 4780  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:22:28.0571 4780  pcw - ok
18:22:28.0602 4780  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:22:28.0602 4780  PEAUTH - ok
18:22:28.0680 4780  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
18:22:28.0712 4780  PeerDistSvc - ok
18:22:28.0852 4780  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:22:28.0868 4780  PerfHost - ok
18:22:28.0914 4780  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
18:22:28.0946 4780  pla - ok
18:22:28.0992 4780  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:22:29.0008 4780  PlugPlay - ok
18:22:29.0024 4780  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:22:29.0024 4780  PNRPAutoReg - ok
18:22:29.0039 4780  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:22:29.0039 4780  PNRPsvc - ok
18:22:29.0055 4780  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:22:29.0070 4780  PolicyAgent - ok
18:22:29.0102 4780  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
18:22:29.0102 4780  Power - ok
18:22:29.0148 4780  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:22:29.0148 4780  PptpMiniport - ok
18:22:29.0180 4780  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
18:22:29.0180 4780  Processor - ok
18:22:29.0211 4780  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:22:29.0211 4780  ProfSvc - ok
18:22:29.0211 4780  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:22:29.0211 4780  ProtectedStorage - ok
18:22:29.0242 4780  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:22:29.0258 4780  Psched - ok
18:22:29.0289 4780  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
18:22:29.0336 4780  ql2300 - ok
18:22:29.0351 4780  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
18:22:29.0351 4780  ql40xx - ok
18:22:29.0367 4780  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
18:22:29.0367 4780  QWAVE - ok
18:22:29.0398 4780  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:22:29.0398 4780  QWAVEdrv - ok
18:22:29.0414 4780  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:22:29.0414 4780  RasAcd - ok
18:22:29.0445 4780  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:22:29.0445 4780  RasAgileVpn - ok
18:22:29.0460 4780  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
18:22:29.0460 4780  RasAuto - ok
18:22:29.0492 4780  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:22:29.0492 4780  Rasl2tp - ok
18:22:29.0507 4780  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
18:22:29.0523 4780  RasMan - ok
18:22:29.0538 4780  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:22:29.0538 4780  RasPppoe - ok
18:22:29.0554 4780  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:22:29.0554 4780  RasSstp - ok
18:22:29.0570 4780  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:22:29.0585 4780  rdbss - ok
18:22:29.0585 4780  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:22:29.0585 4780  rdpbus - ok
18:22:29.0616 4780  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:22:29.0616 4780  RDPCDD - ok
18:22:29.0648 4780  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
18:22:29.0648 4780  RDPDR - ok
18:22:29.0679 4780  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:22:29.0679 4780  RDPENCDD - ok
18:22:29.0679 4780  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:22:29.0679 4780  RDPREFMP - ok
18:22:29.0710 4780  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:22:29.0710 4780  RDPWD - ok
18:22:29.0757 4780  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:22:29.0757 4780  rdyboost - ok
18:22:29.0819 4780  [ A436F5E7D80BBDBB0826D0F176D5BEA8 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:22:29.0819 4780  RegSrvc - ok
18:22:29.0835 4780  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:22:29.0850 4780  RemoteAccess - ok
18:22:29.0882 4780  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:22:29.0882 4780  RemoteRegistry - ok
18:22:29.0913 4780  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
18:22:29.0913 4780  RFCOMM - ok
18:22:29.0928 4780  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:22:29.0944 4780  RpcEptMapper - ok
18:22:29.0960 4780  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
18:22:29.0960 4780  RpcLocator - ok
18:22:29.0991 4780  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
18:22:30.0006 4780  RpcSs - ok
18:22:30.0100 4780  [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103        C:\Windows\system32\DRIVERS\RsFx0103.sys
18:22:30.0100 4780  RsFx0103 - ok
18:22:30.0131 4780  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:22:30.0147 4780  rspndr - ok
18:22:30.0303 4780  [ 558B39BE7C496AC49E27DEDCFAB13A54 ] rtsuvc          C:\Windows\system32\DRIVERS\rtsuvc.sys
18:22:30.0350 4780  rtsuvc - ok
18:22:30.0396 4780  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
18:22:30.0396 4780  s3cap - ok
18:22:30.0412 4780  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
18:22:30.0412 4780  SamSs - ok
18:22:30.0443 4780  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:22:30.0443 4780  sbp2port - ok
18:22:30.0474 4780  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:22:30.0474 4780  SCardSvr - ok
18:22:30.0506 4780  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:22:30.0506 4780  scfilter - ok
18:22:30.0537 4780  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
18:22:30.0568 4780  Schedule - ok
18:22:30.0584 4780  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:22:30.0584 4780  SCPolicySvc - ok
18:22:30.0646 4780  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
18:22:30.0646 4780  sdbus - ok
18:22:30.0662 4780  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:22:30.0677 4780  SDRSVC - ok
18:22:30.0708 4780  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:22:30.0708 4780  secdrv - ok
18:22:30.0740 4780  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
18:22:30.0755 4780  seclogon - ok
18:22:30.0771 4780  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
18:22:30.0771 4780  SENS - ok
18:22:30.0786 4780  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:22:30.0786 4780  SensrSvc - ok
18:22:30.0802 4780  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:22:30.0802 4780  Serenum - ok
18:22:30.0833 4780  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:22:30.0833 4780  Serial - ok
18:22:30.0880 4780  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
18:22:30.0880 4780  sermouse - ok
18:22:30.0958 4780  [ E90CE237E99C5D26CB3872318A7799D0 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
18:22:30.0958 4780  ServiceLayer - ok
18:22:30.0989 4780  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:22:30.0989 4780  SessionEnv - ok
18:22:31.0020 4780  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:22:31.0020 4780  sffdisk - ok
18:22:31.0036 4780  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:22:31.0036 4780  sffp_mmc - ok
18:22:31.0067 4780  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:22:31.0067 4780  sffp_sd - ok
18:22:31.0083 4780  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
18:22:31.0083 4780  sfloppy - ok
18:22:31.0130 4780  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:22:31.0130 4780  SharedAccess - ok
18:22:31.0161 4780  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:22:31.0176 4780  ShellHWDetection - ok
18:22:31.0192 4780  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:22:31.0192 4780  SiSRaid2 - ok
18:22:31.0223 4780  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
18:22:31.0223 4780  SiSRaid4 - ok
18:22:31.0410 4780  [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18:22:31.0457 4780  Skype C2C Service - ok
18:22:31.0535 4780  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
18:22:31.0535 4780  SkypeUpdate - ok
18:22:31.0582 4780  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:22:31.0582 4780  Smb - ok
18:22:31.0629 4780  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:22:31.0629 4780  SNMPTRAP - ok
18:22:31.0644 4780  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:22:31.0644 4780  spldr - ok
18:22:31.0676 4780  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
18:22:31.0691 4780  Spooler - ok
18:22:31.0769 4780  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
18:22:31.0785 4780  sppsvc - ok
18:22:31.0800 4780  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:22:31.0816 4780  sppuinotify - ok
18:22:31.0894 4780  [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
18:22:31.0910 4780  SQLAgent$SQLEXPRESS - ok
18:22:31.0956 4780  [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser      c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:22:31.0956 4780  SQLBrowser - ok
18:22:31.0988 4780  [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:22:31.0988 4780  SQLWriter - ok
18:22:32.0019 4780  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:22:32.0019 4780  srv - ok
18:22:32.0034 4780  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:22:32.0034 4780  srv2 - ok
18:22:32.0050 4780  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:22:32.0066 4780  srvnet - ok
18:22:32.0081 4780  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:22:32.0081 4780  SSDPSRV - ok
18:22:32.0112 4780  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:22:32.0112 4780  SstpSvc - ok
18:22:32.0159 4780  Steam Client Service - ok
18:22:32.0190 4780  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
18:22:32.0190 4780  stexstor - ok
18:22:32.0237 4780  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
18:22:32.0253 4780  stisvc - ok
18:22:32.0284 4780  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
18:22:32.0284 4780  storflt - ok
18:22:32.0315 4780  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
18:22:32.0315 4780  StorSvc - ok
18:22:32.0331 4780  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
18:22:32.0331 4780  storvsc - ok
18:22:32.0362 4780  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
18:22:32.0378 4780  swenum - ok
18:22:32.0409 4780  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
18:22:32.0409 4780  swprv - ok
18:22:32.0456 4780  [ 0CF653915EF33C2B6A98C7EF2F231D56 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
18:22:32.0471 4780  SynTP - ok
18:22:32.0518 4780  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
18:22:32.0549 4780  SysMain - ok
18:22:32.0565 4780  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:22:32.0565 4780  TabletInputService - ok
18:22:32.0580 4780  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:22:32.0580 4780  TapiSrv - ok
18:22:32.0612 4780  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
18:22:32.0612 4780  TBS - ok
18:22:32.0674 4780  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:22:32.0705 4780  Tcpip - ok
18:22:32.0752 4780  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:22:32.0768 4780  TCPIP6 - ok
18:22:32.0799 4780  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:22:32.0799 4780  tcpipreg - ok
18:22:32.0814 4780  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:22:32.0830 4780  TDPIPE - ok
18:22:32.0846 4780  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:22:32.0861 4780  TDTCP - ok
18:22:32.0877 4780  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:22:32.0877 4780  tdx - ok
18:22:32.0924 4780  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
18:22:32.0924 4780  TermDD - ok
18:22:32.0955 4780  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
18:22:32.0955 4780  TermService - ok
18:22:32.0986 4780  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
18:22:32.0986 4780  Themes - ok
18:22:33.0033 4780  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
18:22:33.0033 4780  THREADORDER - ok
18:22:33.0048 4780  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
18:22:33.0048 4780  TrkWks - ok
18:22:33.0095 4780  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:22:33.0095 4780  TrustedInstaller - ok
18:22:33.0111 4780  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:22:33.0111 4780  tssecsrv - ok
18:22:33.0142 4780  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:22:33.0142 4780  TsUsbFlt - ok
18:22:33.0173 4780  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:22:33.0173 4780  tunnel - ok
18:22:33.0204 4780  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
18:22:33.0204 4780  uagp35 - ok
18:22:33.0220 4780  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:22:33.0220 4780  udfs - ok
18:22:33.0267 4780  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:22:33.0267 4780  UI0Detect - ok
18:22:33.0282 4780  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:22:33.0298 4780  uliagpkx - ok
18:22:33.0345 4780  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
18:22:33.0345 4780  umbus - ok
18:22:33.0360 4780  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
18:22:33.0360 4780  UmPass - ok
18:22:33.0392 4780  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
18:22:33.0392 4780  UmRdpService - ok
18:22:33.0485 4780  [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:22:33.0501 4780  UNS - ok
18:22:33.0516 4780  Update-Service - ok
18:22:33.0548 4780  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
18:22:33.0548 4780  upnphost - ok
18:22:33.0610 4780  [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
18:22:33.0610 4780  upperdev - ok
18:22:33.0657 4780  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:22:33.0657 4780  usbccgp - ok
18:22:33.0704 4780  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:22:33.0704 4780  usbcir - ok
18:22:33.0719 4780  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
18:22:33.0719 4780  usbehci - ok
18:22:33.0750 4780  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:22:33.0766 4780  usbhub - ok
18:22:33.0813 4780  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:22:33.0813 4780  usbohci - ok
18:22:33.0844 4780  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:22:33.0844 4780  usbprint - ok
18:22:33.0891 4780  [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser          C:\Windows\system32\drivers\usbser.sys
18:22:33.0891 4780  usbser - ok
18:22:33.0906 4780  [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
18:22:33.0906 4780  UsbserFilt - ok
18:22:33.0906 4780  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:22:33.0906 4780  USBSTOR - ok
18:22:33.0922 4780  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:22:33.0922 4780  usbuhci - ok
18:22:33.0984 4780  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
18:22:33.0984 4780  usbvideo - ok
18:22:34.0016 4780  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
18:22:34.0016 4780  UxSms - ok
18:22:34.0031 4780  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
18:22:34.0031 4780  VaultSvc - ok
18:22:34.0062 4780  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:22:34.0062 4780  vdrvroot - ok
18:22:34.0094 4780  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
18:22:34.0109 4780  vds - ok
18:22:34.0125 4780  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:22:34.0125 4780  vga - ok
18:22:34.0140 4780  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:22:34.0140 4780  VgaSave - ok
18:22:34.0156 4780  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:22:34.0172 4780  vhdmp - ok
18:22:34.0203 4780  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:22:34.0203 4780  viaide - ok
18:22:34.0218 4780  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
18:22:34.0218 4780  vmbus - ok
18:22:34.0234 4780  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
18:22:34.0234 4780  VMBusHID - ok
18:22:34.0265 4780  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:22:34.0265 4780  volmgr - ok
18:22:34.0296 4780  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:22:34.0296 4780  volmgrx - ok
18:22:34.0312 4780  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:22:34.0312 4780  volsnap - ok
18:22:34.0359 4780  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
18:22:34.0359 4780  vsmraid - ok
18:22:34.0468 4780  [ CA64A8838B4674D14BDF88ABA2F253EA ] VSPerfDrv100    C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
18:22:34.0484 4780  VSPerfDrv100 - ok
18:22:34.0530 4780  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
18:22:34.0577 4780  VSS - ok
18:22:34.0577 4780  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
18:22:34.0577 4780  vwifibus - ok
18:22:34.0608 4780  [ 6A3D66263414FF0D6FA754C646612F3F ] VWiFiFlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:22:34.0608 4780  VWiFiFlt - ok
18:22:34.0624 4780  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
18:22:34.0624 4780  vwifimp - ok
18:22:34.0655 4780  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
18:22:34.0655 4780  W32Time - ok
18:22:34.0686 4780  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
18:22:34.0686 4780  WacomPen - ok
18:22:34.0718 4780  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:22:34.0718 4780  WANARP - ok
18:22:34.0718 4780  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:22:34.0718 4780  Wanarpv6 - ok
18:22:34.0764 4780  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
18:22:34.0811 4780  wbengine - ok
18:22:34.0811 4780  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:22:34.0827 4780  WbioSrvc - ok
18:22:34.0874 4780  [ 3A2D452C40162823B79867040B46D4A8 ] WCMVCAM         C:\Windows\system32\DRIVERS\wcmvcam64.sys
18:22:34.0889 4780  WCMVCAM - ok
18:22:34.0920 4780  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:22:34.0920 4780  wcncsvc - ok
18:22:34.0936 4780  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:22:34.0936 4780  WcsPlugInService - ok
18:22:34.0967 4780  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
18:22:34.0967 4780  Wd - ok
18:22:34.0983 4780  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:22:34.0998 4780  Wdf01000 - ok
18:22:35.0014 4780  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:22:35.0014 4780  WdiServiceHost - ok
18:22:35.0014 4780  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:22:35.0014 4780  WdiSystemHost - ok
18:22:35.0045 4780  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
18:22:35.0045 4780  WebClient - ok
18:22:35.0061 4780  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:22:35.0061 4780  Wecsvc - ok
18:22:35.0076 4780  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:22:35.0076 4780  wercplsupport - ok
18:22:35.0108 4780  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:22:35.0108 4780  WerSvc - ok
18:22:35.0139 4780  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:22:35.0139 4780  WfpLwf - ok
18:22:35.0201 4780  [ D7BFEF07EA8EA829EC2615E50890F7BB ] WiMAXAppSrv     C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
18:22:35.0201 4780  WiMAXAppSrv - ok
18:22:35.0217 4780  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:22:35.0217 4780  WIMMount - ok
18:22:35.0232 4780  WinDefend - ok
18:22:35.0232 4780  WinHttpAutoProxySvc - ok
18:22:35.0279 4780  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:22:35.0279 4780  Winmgmt - ok
18:22:35.0342 4780  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
18:22:35.0388 4780  WinRM - ok
18:22:35.0466 4780  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
18:22:35.0466 4780  WinUsb - ok
18:22:35.0498 4780  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:22:35.0513 4780  Wlansvc - ok
18:22:35.0622 4780  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:22:35.0654 4780  wlidsvc - ok
18:22:35.0700 4780  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:22:35.0700 4780  WmiAcpi - ok
18:22:35.0732 4780  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:22:35.0732 4780  wmiApSrv - ok
18:22:35.0732 4780  WMPNetworkSvc - ok
18:22:35.0763 4780  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:22:35.0763 4780  WPCSvc - ok
18:22:35.0778 4780  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:22:35.0778 4780  WPDBusEnum - ok
18:22:35.0810 4780  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:22:35.0810 4780  ws2ifsl - ok
18:22:35.0825 4780  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
18:22:35.0825 4780  wscsvc - ok
18:22:35.0841 4780  WSearch - ok
18:22:35.0872 4780  [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd            C:\Windows\system32\DRIVERS\wsvd.sys
18:22:35.0872 4780  wsvd - ok
18:22:35.0934 4780  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:22:35.0981 4780  wuauserv - ok
18:22:36.0028 4780  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:22:36.0028 4780  WudfPf - ok
18:22:36.0059 4780  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:22:36.0059 4780  WUDFRd - ok
18:22:36.0090 4780  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:22:36.0090 4780  wudfsvc - ok
18:22:36.0137 4780  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:22:36.0137 4780  WwanSvc - ok
18:22:36.0184 4780  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
18:22:36.0184 4780  xusb21 - ok
18:22:36.0278 4780  [ 1CACFEF9E5DD866C5B79A135EE729E18 ] {B154377D-700F-42cc-9474-23858FBDF4BD} C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
18:22:36.0278 4780  {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
18:22:36.0278 4780  ================ Scan global ===============================
18:22:36.0309 4780  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:22:36.0324 4780  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:22:36.0340 4780  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:22:36.0356 4780  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:22:36.0387 4780  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:22:36.0387 4780  [Global] - ok
18:22:36.0387 4780  ================ Scan MBR ==================================
18:22:36.0402 4780  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:22:36.0870 4780  \Device\Harddisk0\DR0 - ok
18:22:36.0870 4780  ================ Scan VBR ==================================
18:22:36.0870 4780  [ A74C52D8A4ECC86205401F76A87FCC39 ] \Device\Harddisk0\DR0\Partition1
18:22:36.0870 4780  \Device\Harddisk0\DR0\Partition1 - ok
18:22:36.0902 4780  [ 08505ACB2366A14ECB6826671A80DD67 ] \Device\Harddisk0\DR0\Partition2
18:22:36.0917 4780  \Device\Harddisk0\DR0\Partition2 - ok
18:22:36.0933 4780  [ 70B4215DDC87872815FE41A70D8A07EB ] \Device\Harddisk0\DR0\Partition3
18:22:36.0948 4780  \Device\Harddisk0\DR0\Partition3 - ok
18:22:36.0948 4780  ============================================================
18:22:36.0948 4780  Scan finished
18:22:36.0948 4780  ============================================================
18:22:36.0948 5560  Detected object count: 0
18:22:36.0948 5560  Actual detected object count: 0
18:22:48.0290 4404  Deinitialize success
         


Alt 05.09.2012, 17:53   #6
Dimon
 
GVU Trojaner mit Webcam - Standard

GVU Trojaner mit Webcam



Entschuldigt den Doppelpost, aber der Originalbeitrag überschritt die maximale Länge.

OTL:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.09.2012 18:28:09 - Run 2
OTL by OldTimer - Version 3.2.60.0     Folder = C:\Users\Hitless\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,83 Gb Available Physical Memory | 73,41% Memory free
15,89 Gb Paging File | 13,39 Gb Available in Paging File | 84,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 502,14 Gb Total Space | 178,77 Gb Free Space | 35,60% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 188,67 Gb Free Space | 96,60% Space Free | Partition Type: NTFS
 
Computer Name: YEAH-PC | User Name: Hitless | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Hitless\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Hitless\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Hitless\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4ab35163db89cc1062851c42f90151ef\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b81e3e084d74df5d723dd33d6b9a2dff\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (Dnscache) -- C:\Windows\SysNative\pouawxp0u.dll (Parental Solutions Inc.)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (DMAgent) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (Red Bend Ltd.)
SRV:64bit: - (WiMAXAppSrv) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (Intel(R) Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Update-Service) -- C:\Windows\SysWOW64\UpdSvc.dll (Joosoft.com GmbH)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (WCMVCAM) -- C:\Windows\SysNative\drivers\wcmvcam64.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (BTWDPAN) -- C:\Windows\SysNative\drivers\btwdpan.sys (Broadcom Corporation.)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (rtsuvc) -- C:\Windows\SysNative\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AVPolDIR) -- C:\Windows\SysNative\drivers\AVPolDIR.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:64bit: - (AVerPola) -- C:\Windows\SysNative\drivers\AVerPola.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (bpenum) -- C:\Windows\SysNative\drivers\bpenum.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=15430
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{26D3E265-8919-495E-815F-448819DD8BF1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=CLM&o=15427&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=LE&apn_dtid=YYYYYYYYDE&apn_uid=60ee8282-04d8-44f6-a465-152e0e5ed252&apn_sauid=BD50D608-5F7B-4D01-BE41-FB4063705327
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hitless\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hitless\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.31 03:09:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.31 03:09:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.12.09 18:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hitless\AppData\Roaming\mozilla\Extensions
[2012.09.04 17:36:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hitless\AppData\Roaming\mozilla\Firefox\Profiles\biur54b3.default\extensions
[2012.09.04 17:36:23 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Hitless\AppData\Roaming\mozilla\Firefox\Profiles\biur54b3.default\extensions\toolbar@ask.com
[2012.09.04 17:36:23 | 000,002,323 | ---- | M] () -- C:\Users\Hitless\AppData\Roaming\Mozilla\Firefox\Profiles\biur54b3.default\searchplugins\askcom.xml
[2012.07.04 10:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.08.27 10:25:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.04 10:48:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.08.31 03:09:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.23 07:34:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 03:09:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.23 07:34:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 07:34:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.23 07:34:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 07:34:33 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\edooipcjkkbjmnogkdcahgmhbniipefp\1.0_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggnidjbcahhbnleinchgobfnabopeioh\3.5_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.42_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjgenbiepgodgfapfnolmenbfncejmjf\1_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje\2.2.2_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmkmihphgjhmeabggdcokmkjhbnmdml\0.5_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.15_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.6.0_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Infium] C:\Program Files (x86)\QIP 2012\qip.exe (QIP)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Hitless\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Hitless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hitless\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\system32\tnnsvqxhl.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{162B4ED2-46CB-40DE-A088-478E14DD0097}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6533412C-6187-47D8-B091-3724CD296A69}: DhcpNameServer = 131.234.137.24 131.234.137.23
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3ad0eaf7-349f-11e1-82b5-9439e5e48044}\Shell - "" = AutoRun
O33 - MountPoints2\{3ad0eaf7-349f-11e1-82b5-9439e5e48044}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^Users^Hitless^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig:64bit - StartUpReg: ApnUpdater - hkey= - key= - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: Energy Management - hkey= - key= - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
MsConfig:64bit - StartUpReg: EnergyUtility - hkey= - key= - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
MsConfig:64bit - StartUpReg: GoogleDriveSync - hkey= - key= - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
MsConfig:64bit - StartUpReg: Logitech Download Assistant - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: VeriFaceManager - hkey= - key= - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
MsConfig:64bit - StartUpReg: WebcamMaxAutoRun - hkey= - key= - C:\Program Files (x86)\WebcamMax\wcmmon.exe ()
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT


Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.05 16:31:58 | 000,000,000 | R--D | C] -- C:\Users\Hitless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9
[2012.09.05 16:08:11 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Hitless\Desktop\aswMBR.exe
[2012.09.05 16:03:53 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Hitless\Desktop\tdsskiller.exe
[2012.09.05 13:59:48 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Hitless\Desktop\OTL.exe
[2012.09.05 10:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.09.05 10:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.09.04 23:56:26 | 000,000,000 | ---D | C] -- C:\Users\Hitless\AppData\Roaming\Malwarebytes
[2012.09.04 23:56:10 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.04 23:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.04 23:56:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.04 23:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.04 17:36:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.31 22:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2012.08.31 22:00:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia
[2012.08.31 21:59:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2012.08.24 17:17:25 | 000,000,000 | ---D | C] -- C:\Users\Hitless\AppData\Local\Darksiders
[2012.08.24 17:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2012.08.24 17:16:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2012.08.19 11:10:58 | 000,000,000 | ---D | C] -- C:\Users\Hitless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Harpsoft
[2012.08.10 12:15:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity
[2012.08.10 11:53:15 | 000,000,000 | ---D | C] -- C:\Users\Hitless\AppData\Roaming\Audacity
[2012.08.10 11:53:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.05 18:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.05 18:23:10 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4078036523-660427857-514968831-1000UA.job
[2012.09.05 18:20:34 | 000,000,512 | ---- | M] () -- C:\Users\Hitless\Desktop\MBR.dat
[2012.09.05 18:03:11 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.05 17:23:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4078036523-660427857-514968831-1000Core.job
[2012.09.05 17:03:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.05 16:38:29 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.05 16:38:29 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.05 16:36:58 | 000,872,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.05 16:36:58 | 000,718,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.05 16:36:58 | 000,146,342 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.05 16:30:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.05 16:30:00 | 2103,332,863 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.05 16:05:32 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Hitless\Desktop\aswMBR.exe
[2012.09.05 16:00:56 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Hitless\Desktop\tdsskiller.exe
[2012.09.05 13:55:38 | 000,511,265 | ---- | M] () -- C:\Users\Hitless\Desktop\adwcleaner.exe
[2012.09.05 10:43:58 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.09.05 10:42:06 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.05 10:34:11 | 004,503,728 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.04 18:14:48 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Hitless\Desktop\OTL.exe
[2012.09.04 17:13:09 | 000,001,895 | ---- | M] () -- C:\Users\Hitless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.31 22:00:04 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2012.08.24 17:16:18 | 000,002,105 | ---- | M] () -- C:\Users\Public\Desktop\Darksiders Comic.lnk
[2012.08.24 17:16:18 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\Darksiders SoundTrack.lnk
[2012.08.19 11:10:58 | 000,002,167 | ---- | M] () -- C:\Users\Hitless\Desktop\Bendometer PS.lnk
[2012.08.19 11:07:39 | 000,000,556 | ---- | M] () -- C:\Users\Hitless\Desktop\bendometer.zip
[2012.08.15 11:39:54 | 000,306,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.05 18:20:34 | 000,000,512 | ---- | C] () -- C:\Users\Hitless\Desktop\MBR.dat
[2012.09.05 13:59:48 | 000,511,265 | ---- | C] () -- C:\Users\Hitless\Desktop\adwcleaner.exe
[2012.09.05 10:43:58 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.09.04 23:56:10 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.04 17:13:09 | 004,503,728 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.04 17:13:09 | 000,001,895 | ---- | C] () -- C:\Users\Hitless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.31 22:00:04 | 000,002,089 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2012.08.24 17:16:18 | 000,002,105 | ---- | C] () -- C:\Users\Public\Desktop\Darksiders Comic.lnk
[2012.08.24 17:16:18 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\Darksiders SoundTrack.lnk
[2012.08.19 11:10:58 | 000,002,167 | ---- | C] () -- C:\Users\Hitless\Desktop\Bendometer PS.lnk
[2012.08.19 11:07:38 | 000,000,556 | ---- | C] () -- C:\Users\Hitless\Desktop\bendometer.zip
[2012.08.10 11:53:12 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012.04.20 23:19:25 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012.04.20 23:19:25 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012.04.20 23:19:25 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012.04.20 22:59:06 | 000,039,620 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2012.02.01 19:19:00 | 000,000,749 | ---- | C] () -- C:\Users\Hitless\.recently-used.xbel
[2012.01.07 15:07:37 | 002,086,240 | ---- | C] () -- C:\Windows\SysWow64\LenovoVeriface.Interface.dll
[2012.01.07 15:07:37 | 001,500,512 | ---- | C] () -- C:\Windows\SysWow64\Apblend.dll
[2012.01.07 15:07:37 | 001,171,456 | ---- | C] () -- C:\Windows\SysWow64\PicNotify.dll
[2012.01.07 15:07:37 | 000,472,416 | ---- | C] () -- C:\Windows\SysWow64\Lenovo.VerifaceStub.dll
[2012.01.07 15:07:04 | 001,044,480 | ---- | C] () -- C:\Windows\SysWow64\3DImageRenderer.dll
[2011.12.16 16:14:52 | 000,000,600 | ---- | C] () -- C:\Users\Hitless\AppData\Local\PUTTY.RND
[2011.12.11 13:29:05 | 000,000,017 | ---- | C] () -- C:\Users\Hitless\AppData\Local\resmon.resmoncfg
[2011.12.10 20:59:19 | 000,000,032 | ---- | C] () -- C:\Users\Hitless\.simfy
[2011.12.09 15:23:32 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.12.09 15:18:36 | 000,858,318 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.09 14:59:37 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.12.09 14:59:37 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.12.09 14:59:37 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== LOP Check ==========
 
[2012.03.01 14:04:42 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\.minecraft
[2011.12.10 17:29:12 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Atari
[2012.08.10 12:17:56 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Audacity
[2012.08.01 00:45:45 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\BCGameTime
[2012.08.09 22:23:06 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Bioshock
[2012.08.24 14:56:19 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Bioshock2
[2012.05.06 03:38:11 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\calibre
[2012.09.05 10:46:52 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\DAEMON Tools Lite
[2012.05.01 20:51:36 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\DBC2F6FD-3140-41E0-A2A1-D6BAB77D5E21__F893F7CA-8278-41DF-A76F-CAF0437A90CD__
[2012.04.24 10:02:22 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Dev-Cpp
[2012.09.05 10:36:08 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Dropbox
[2012.07.31 20:07:13 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Foxit Software
[2012.02.01 19:19:00 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\geany
[2011.12.09 23:38:56 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Leadertech
[2012.07.12 21:04:17 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\LolClient
[2012.06.03 14:01:53 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Nokia
[2012.06.03 13:59:03 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Nokia Suite
[2012.01.08 18:34:07 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Notepad++
[2012.01.31 18:58:59 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\OpenOffice.org
[2012.06.03 14:03:27 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\PC Suite
[2011.12.16 16:31:27 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\QIP
[2012.07.09 18:36:12 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\runic games
[2011.12.10 20:59:18 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Simfy
[2012.09.04 17:13:33 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\Spotify
[2012.01.21 12:07:05 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\System
[2012.08.01 22:23:43 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\TIPP10
[2012.09.05 10:46:49 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\TS3Client
[2012.02.10 15:48:44 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\WebcamMax
[2012.03.20 11:54:57 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\WinEdt Team
[2012.02.01 19:38:19 | 000,000,000 | ---D | M] -- C:\Users\Hitless\AppData\Roaming\xm1
[2012.09.03 01:01:42 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.

 >
[2011.12.09 14:50:39 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.01.10 11:38:57 | 000,000,000 | ---D | M] -- C:\3661386edfc9c93935863af5488ad6
[2012.09.04 17:36:22 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2012.04.24 09:28:44 | 000,000,000 | ---D | M] -- C:\Dev-Cpp
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.01.07 15:06:59 | 000,000,000 | ---D | M] -- C:\Drivers
[2011.12.09 14:59:05 | 000,000,000 | ---D | M] -- C:\Intel
[2011.12.10 18:45:05 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.04.23 17:26:25 | 000,000,000 | ---D | M] -- C:\Perl64
[2012.09.05 10:43:58 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.09.04 23:56:10 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.09.04 23:56:10 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.12.09 14:50:21 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.07.12 18:26:46 | 000,000,000 | ---D | M] -- C:\Riot Games
[2012.04.23 17:27:46 | 000,000,000 | ---D | M] -- C:\Symbian
[2012.09.05 18:29:39 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.12.30 15:19:58 | 000,000,000 | ---D | M] -- C:\Temp
[2011.12.09 15:50:24 | 000,000,000 | -HSD | M] -- C:\UserGuidePDF
[2012.04.23 18:18:00 | 000,000,000 | R--D | M] -- C:\Users
[2012.09.05 16:31:37 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe

 >
 
< %LOCALAPPDATA%\*.exe
 >
 
< %systemroot%\*. /mp /s
 >
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
 >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

 >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

 >
 
< HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers /S

 >
"ProviderID0" = 1
"ProviderID1" = 2
"ProviderID2" = 3
"ProviderID3" = 4
"NextProviderID" = 5
"ProviderFileName0" = unimdm.tsp -- [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation)
"ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation)
"ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation)
"ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation)
"NumProviders" = 4
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters /S
 >
"ServiceDll" = %SystemRoot%\System32\wkssvc.dll
"ServiceDllUnloadOnStop" = 1
"EnablePlainTextPassword" = 0
"EnableSecuritySignature" = 1
"RequireSecuritySignature" = 0
"OtherDomains" =  [binary data]
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters /S
 >
"ServiceDll" = %SystemRoot%\System32\pouawxp0u.dll
"ServiceDllUnloadOnStop" = 1
"extension" = %SystemRoot%\System32\dnsext.dll
"ServiceMain" = SetAccessPolicy
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\DnsCache]
"ShutdownOnIdle" = 0
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com /S

 >
 
< %SystemRoot%\system32\*.tsp

 >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
 
< C:\Windows\system32\*.dll /360

 >
[2012.01.07 15:07:04 | 001,044,480 | ---- | M] () -- C:\Windows\system32\3DImageRenderer.dll
[2012.01.07 15:07:37 | 001,500,512 | ---- | M] () -- C:\Windows\system32\Apblend.dll
[2012.01.07 15:07:37 | 000,011,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\biologon.dll
[2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browcli.dll
[2012.01.07 15:07:37 | 001,025,376 | ---- | M] (Lenovo) -- C:\Windows\system32\CamOpEx.dll
[2012.06.06 07:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdosys.dll
[2011.12.09 19:29:32 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\system32\CmdLineExt_x64.dll
[2012.04.24 06:36:42 | 001,158,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll
[2012.04.24 06:36:42 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll
[2012.04.24 06:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll
[2012.01.07 15:07:04 | 003,727,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3dx9_35.dll
[2012.05.04 19:29:16 | 000,687,504 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\deployJava1.dll
[2012.01.07 15:07:04 | 000,876,032 | ---- | M] (Abysmal Software) -- C:\Windows\system32\DevIL.dll
[2012.03.03 07:31:19 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DWrite.dll
[2011.10.15 07:38:59 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\EncDec.dll
[2012.06.27 07:50:43 | 011,020,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll
[2012.06.27 07:50:44 | 002,073,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll
[2012.06.27 07:50:44 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll
[2012.01.07 15:07:04 | 000,077,824 | ---- | M] (Abysmal Software) -- C:\Windows\system32\ILU.dll
[2012.01.07 15:07:04 | 000,032,768 | ---- | M] (Abysmal Software) -- C:\Windows\system32\ILUT.dll
[2012.03.01 07:33:23 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll
[2012.01.07 15:07:37 | 001,394,016 | ---- | M] (Lenovo) -- C:\Windows\system32\Imagereog.dll
[2012.06.16 06:26:37 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll
[2012.06.27 07:50:54 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll
[2012.01.07 15:07:37 | 000,025,952 | ---- | M] (Lenovo) -- C:\Windows\system32\Lenovo.Veriface.dll
[2012.01.07 15:07:37 | 000,472,416 | ---- | M] () -- C:\Windows\system32\Lenovo.VerifaceStub.dll
[2012.01.07 15:07:37 | 002,086,240 | ---- | M] () -- C:\Windows\system32\LenovoVeriface.Interface.dll
[2012.02.02 00:17:21 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msclmd.dll
[2012.06.27 07:51:29 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll
[2012.06.27 07:51:30 | 006,027,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll
[2012.06.27 07:51:30 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll
[2012.04.07 13:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msi.dll
[2012.05.20 20:26:58 | 000,505,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcp71.dll
[2012.05.20 20:26:58 | 000,353,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcr71.dll
[2011.12.16 09:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcrt.dll
[2012.06.06 07:05:52 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll
[2012.05.20 20:26:58 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3a.dll
[2012.06.06 07:05:52 | 001,390,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll
[2012.06.02 06:39:10 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncrypt.dll
[2012.07.04 23:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll
[2012.05.04 19:29:22 | 000,772,504 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\npDeployJava1.dll
[2011.11.17 07:38:39 | 001,292,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntdll.dll
[2012.01.04 10:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntshrui.dll
[2011.11.08 05:51:00 | 002,458,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvapi.dll
[2011.11.08 05:51:00 | 017,248,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcompiler.dll
[2011.11.08 05:51:00 | 005,578,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcuda.dll
[2011.11.08 05:51:00 | 002,099,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcuvenc.dll
[2011.11.08 05:51:00 | 002,401,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcuvid.dll
[2011.11.08 05:51:00 | 013,205,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvd3dum.dll
[2011.11.08 05:51:00 | 000,301,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvdecodemft.dll
[2011.11.08 05:51:00 | 000,203,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvinit.dll
[2011.11.08 05:51:00 | 018,871,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvoglv32.dll
[2011.11.08 05:51:00 | 000,330,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvoptimusmft.dll
[2011.11.08 05:51:00 | 000,716,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvumdshim.dll
[2011.11.08 05:51:00 | 007,042,880 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvwgf2um.dll
[2011.11.08 05:51:00 | 000,484,160 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\oemdspif.dll
[2012.06.20 13:53:19 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\system32\OpenAL32.dll
[2011.11.08 05:51:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\system32\OpenCL.dll
[2011.11.19 16:01:00 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\packager.dll
[2012.01.07 15:07:37 | 001,171,456 | ---- | M] () -- C:\Windows\system32\PicNotify.dll
[2011.10.26 06:32:11 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qdvd.dll
[2011.10.26 06:32:11 | 001,328,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\quartz.dll
[2012.02.17 07:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcore.dll
[2012.06.02 06:40:39 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll
[2012.06.02 06:40:42 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secur32.dll
[2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll
[2012.04.20 23:19:25 | 000,012,067 | ---- | M] () -- C:\Windows\system32\SIntf16.dll
[2012.04.20 23:19:25 | 000,017,212 | ---- | M] () -- C:\Windows\system32\SIntf32.dll
[2012.04.20 23:19:25 | 000,021,840 | ---- | M] () -- C:\Windows\system32\SIntfNT.dll
[2012.05.05 09:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\srclient.dll
[2012.06.02 06:34:09 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspicli.dll
[2012.01.07 15:07:37 | 002,278,752 | ---- | M] (TODO: <Company name>) -- C:\Windows\system32\TakeSnpshot.dll
[2011.11.05 06:26:03 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll
[2011.12.11 17:11:48 | 000,114,000 | ---- | M] (Joosoft.com GmbH) -- C:\Windows\system32\UpdSvc.dll
[2012.06.27 07:53:05 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll
[2012.06.27 07:53:05 | 001,231,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll
[2012.06.16 06:26:57 | 000,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll
[2011.11.17 07:35:02 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webio.dll
[2012.02.11 07:43:49 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32spl.dll
[2012.06.27 07:53:07 | 000,981,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll
[2012.03.01 07:37:41 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll
[2012.03.01 07:29:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmi.dll
[2012.06.20 13:53:19 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\system32\wrap_oal.dll
[2011.09.28 18:45:42 | 015,453,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\xlive.dll
[2011.09.28 18:45:42 | 013,642,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\xlivefnt.dll
 
< C:\Windows\SysNative\*.dll /360
 >
[2012.01.07 15:07:36 | 001,510,752 | ---- | M] () -- C:\Windows\SysNative\Apblend64.dll
[2012.07.05 00:13:27 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.07.05 00:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browser.dll
[2012.01.09 17:28:20 | 000,166,912 | ---- | M] (Nokia) -- C:\Windows\SysNative\ccdcmbwux64.dll
[2012.06.06 08:02:54 | 001,133,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.04.24 07:37:36 | 001,462,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.04.24 07:37:37 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.04.24 07:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsvc.dll
[2011.10.26 07:21:20 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011.11.08 20:40:34 | 000,660,368 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.03.03 08:35:38 | 001,544,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.11.08 05:51:00 | 000,837,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\easyUpdatusAPIU64.dll
[2011.10.15 08:31:56 | 000,723,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012.01.07 15:07:36 | 000,783,712 | ---- | M] () -- C:\Windows\SysNative\EncIcons.dll
[2012.01.07 15:07:36 | 001,508,192 | ---- | M] () -- C:\Windows\SysNative\IcnOvrly.dll
[2012.06.27 09:02:40 | 012,297,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieframe.dll
[2012.06.27 09:02:41 | 002,453,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2012.06.27 09:02:41 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.03.01 08:33:50 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.01.07 15:07:36 | 001,769,312 | ---- | M] (Lenovo) -- C:\Windows\SysNative\imagereog.dll
[2012.06.16 07:15:56 | 000,911,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.06.27 09:02:52 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2012.07.15 18:58:23 | 000,031,232 | ---- | M] (neo-layout.org) -- C:\Windows\SysNative\kbdneo2.dll
[2012.01.07 15:07:37 | 000,562,016 | ---- | M] () -- C:\Windows\SysNative\Lenovo.VerifaceStub.dll
[2011.12.09 15:47:25 | 000,279,968 | ---- | M] (Lenovo) -- C:\Windows\SysNative\LenovoSdk.OKTDLL.dll
[2011.12.09 15:45:21 | 000,019,872 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Windows\SysNative\LenovoSDKEmSubSystem.dll
[2012.01.07 15:07:37 | 002,432,352 | ---- | M] () -- C:\Windows\SysNative\LenovoVeriface.Interface.dll
[2012.05.14 07:26:34 | 000,956,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2011.11.17 08:35:19 | 001,447,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.02.02 00:17:21 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2012.06.27 09:03:29 | 000,735,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.06.27 09:03:32 | 009,059,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2012.06.27 09:03:32 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.04.07 14:31:40 | 003,216,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2011.12.16 10:46:06 | 000,634,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012.06.06 08:06:16 | 001,881,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3.dll
[2012.06.06 08:06:16 | 002,004,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6.dll
[2012.06.02 07:44:21 | 000,307,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.05 00:16:43 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.01.09 17:28:20 | 000,057,856 | ---- | M] (Nokia) -- C:\Windows\SysNative\nmwcdclsX64.dll
[2012.01.09 17:28:20 | 000,640,000 | ---- | M] (Nokia) -- C:\Windows\SysNative\nmwcdcoclsx64.dll
[2011.11.08 20:40:40 | 000,750,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2011.11.17 08:41:18 | 001,731,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012.01.04 12:44:20 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2011.11.08 05:51:00 | 001,349,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshext.dll
[2011.11.08 05:51:00 | 000,055,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshextr.dll
[2011.11.08 05:51:00 | 002,808,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2011.11.08 05:51:00 | 024,796,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011.11.08 05:51:00 | 010,406,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2011.11.08 05:51:00 | 007,581,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011.11.08 05:51:00 | 002,232,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011.11.08 05:51:00 | 002,542,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011.11.08 05:51:00 | 015,693,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2011.11.08 05:51:00 | 000,364,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2011.11.08 05:51:00 | 001,543,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2011.11.08 05:51:00 | 001,454,400 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2011.11.08 05:51:00 | 000,241,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2011.11.08 05:51:00 | 000,222,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2011.11.08 05:51:00 | 024,742,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011.11.08 05:51:00 | 000,371,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoptimusmft.dll
[2011.11.08 05:51:00 | 000,137,536 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2011.11.08 05:51:00 | 005,067,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2011.11.08 05:51:00 | 003,074,368 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2011.11.08 05:51:00 | 000,860,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2011.11.08 05:51:00 | 008,792,384 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.06.20 13:53:19 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2011.11.08 05:51:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011.11.19 16:58:00 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012.06.03 00:36:32 | 000,354,304 | ---- | M] (Parental Solutions Inc.) -- C:\Windows\SysNative\pouawxp0u.dll
[2012.05.01 07:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\profsvc.dll
[2011.10.26 07:25:15 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2011.10.26 07:25:16 | 001,572,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012.02.17 08:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.04.26 07:41:55 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.04.26 07:41:56 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.02 07:45:31 | 000,340,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\schannel.dll
[2011.11.17 08:35:25 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shell32.dll
[2012.01.07 15:07:36 | 000,628,064 | ---- | M] () -- C:\Windows\SysNative\SimpleExt.dll
[2012.01.07 15:07:37 | 000,628,064 | ---- | M] () -- C:\Windows\SysNative\SimpleExt64.dll
[2012.05.05 10:36:55 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2011.11.17 08:35:26 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2011.11.17 08:35:26 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012.01.07 15:07:37 | 002,822,496 | ---- | M] (TODO: <Company name>) -- C:\Windows\SysNative\TakeSnpshot.dll
[2011.11.05 07:32:50 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tzres.dll
[2012.06.27 09:06:35 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.06.27 09:06:36 | 001,494,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon.dll
[2012.06.16 07:16:04 | 000,609,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.01.09 17:28:26 | 001,721,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wdfcoinstaller01009.dll
[2011.11.17 08:35:28 | 000,395,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012.02.11 08:43:47 | 000,751,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.06.27 09:06:53 | 001,188,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2012.03.01 08:38:27 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.03.01 08:28:47 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmi.dll
[2012.06.20 13:53:19 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.06.03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.03 00:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuaueng.dll
[2012.06.03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.04.22 13:51:40 | 002,152,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFUpdate_01009.dll
[2012.06.03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
 
< C:\Windows\SysWOW64\*.dll /360

 >
[2012.01.07 15:07:04 | 001,044,480 | ---- | M] () -- C:\Windows\SysWOW64\3DImageRenderer.dll
[2012.01.07 15:07:37 | 001,500,512 | ---- | M] () -- C:\Windows\SysWOW64\Apblend.dll
[2012.01.07 15:07:37 | 000,011,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\biologon.dll
[2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\browcli.dll
[2012.01.07 15:07:37 | 001,025,376 | ---- | M] (Lenovo) -- C:\Windows\SysWOW64\CamOpEx.dll
[2012.06.06 07:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cdosys.dll
[2011.12.09 19:29:32 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWOW64\CmdLineExt_x64.dll
[2012.04.24 06:36:42 | 001,158,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll
[2012.04.24 06:36:42 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptnet.dll
[2012.04.24 06:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsvc.dll
[2012.01.07 15:07:04 | 003,727,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3dx9_35.dll
[2012.05.04 19:29:16 | 000,687,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWOW64\deployJava1.dll
[2012.01.07 15:07:04 | 000,876,032 | ---- | M] (Abysmal Software) -- C:\Windows\SysWOW64\DevIL.dll
[2012.03.03 07:31:19 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll
[2011.10.15 07:38:59 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EncDec.dll
[2012.06.27 07:50:43 | 011,020,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll
[2012.06.27 07:50:44 | 002,073,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll
[2012.06.27 07:50:44 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieui.dll
[2012.01.07 15:07:04 | 000,077,824 | ---- | M] (Abysmal Software) -- C:\Windows\SysWOW64\ILU.dll
[2012.01.07 15:07:04 | 000,032,768 | ---- | M] (Abysmal Software) -- C:\Windows\SysWOW64\ILUT.dll
[2012.03.01 07:33:23 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
[2012.01.07 15:07:37 | 001,394,016 | ---- | M] (Lenovo) -- C:\Windows\SysWOW64\Imagereog.dll
[2012.06.16 06:26:37 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jscript.dll
[2012.06.27 07:50:54 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jsproxy.dll
[2012.01.07 15:07:37 | 000,025,952 | ---- | M] (Lenovo) -- C:\Windows\SysWOW64\Lenovo.Veriface.dll
[2012.01.07 15:07:37 | 000,472,416 | ---- | M] () -- C:\Windows\SysWOW64\Lenovo.VerifaceStub.dll
[2012.01.07 15:07:37 | 002,086,240 | ---- | M] () -- C:\Windows\SysWOW64\LenovoVeriface.Interface.dll
[2012.02.02 00:17:21 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msclmd.dll
[2012.06.27 07:51:29 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msfeeds.dll
[2012.06.27 07:51:30 | 006,027,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtml.dll
[2012.06.27 07:51:30 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtmled.dll
[2012.04.07 13:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
[2012.05.20 20:26:58 | 000,505,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcp71.dll
[2012.05.20 20:26:58 | 000,353,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr71.dll
[2011.12.16 09:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll
[2012.06.06 07:05:52 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml3.dll
[2012.05.20 20:26:58 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml3a.dll
[2012.06.06 07:05:52 | 001,390,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml6.dll
[2012.06.02 06:39:10 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncrypt.dll
[2012.07.04 23:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netapi32.dll
[2012.05.04 19:29:22 | 000,772,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWOW64\npDeployJava1.dll
[2011.11.17 07:38:39 | 001,292,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll
[2012.01.04 10:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll
[2011.11.08 05:51:00 | 002,458,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvapi.dll
[2011.11.08 05:51:00 | 017,248,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvcompiler.dll
[2011.11.08 05:51:00 | 005,578,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvcuda.dll
[2011.11.08 05:51:00 | 002,099,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvcuvenc.dll
[2011.11.08 05:51:00 | 002,401,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvcuvid.dll
[2011.11.08 05:51:00 | 013,205,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvd3dum.dll
[2011.11.08 05:51:00 | 000,301,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvdecodemft.dll
[2011.11.08 05:51:00 | 000,203,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvinit.dll
[2011.11.08 05:51:00 | 018,871,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvoglv32.dll
[2011.11.08 05:51:00 | 000,330,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvoptimusmft.dll
[2011.11.08 05:51:00 | 000,716,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvumdshim.dll
[2011.11.08 05:51:00 | 007,042,880 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvwgf2um.dll
[2011.11.08 05:51:00 | 000,484,160 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\oemdspif.dll
[2012.06.20 13:53:19 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWOW64\OpenAL32.dll
[2011.11.08 05:51:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWOW64\OpenCL.dll
[2011.11.19 16:01:00 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\packager.dll
[2012.01.07 15:07:37 | 001,171,456 | ---- | M] () -- C:\Windows\SysWOW64\PicNotify.dll
[2011.10.26 06:32:11 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\qdvd.dll
[2011.10.26 06:32:11 | 001,328,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\quartz.dll
[2012.02.17 07:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rdpcore.dll
[2012.06.02 06:40:39 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll
[2012.06.02 06:40:42 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll
[2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll
[2012.04.20 23:19:25 | 000,012,067 | ---- | M] () -- C:\Windows\SysWOW64\SIntf16.dll
[2012.04.20 23:19:25 | 000,017,212 | ---- | M] () -- C:\Windows\SysWOW64\SIntf32.dll
[2012.04.20 23:19:25 | 000,021,840 | ---- | M] () -- C:\Windows\SysWOW64\SIntfNT.dll
[2012.05.05 09:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
[2012.06.02 06:34:09 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll
[2012.01.07 15:07:37 | 002,278,752 | ---- | M] (TODO: <Company name>) -- C:\Windows\SysWOW64\TakeSnpshot.dll
[2011.11.05 06:26:03 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\tzres.dll
[2011.12.11 17:11:48 | 000,114,000 | ---- | M] (Joosoft.com GmbH) -- C:\Windows\SysWOW64\UpdSvc.dll
[2012.06.27 07:53:05 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\url.dll
[2012.06.27 07:53:05 | 001,231,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll
[2012.06.16 06:26:57 | 000,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vbscript.dll
[2011.11.17 07:35:02 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\webio.dll
[2012.02.11 07:43:49 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\win32spl.dll
[2012.06.27 07:53:07 | 000,981,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll
[2012.03.01 07:37:41 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
[2012.03.01 07:29:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wmi.dll
[2012.06.20 13:53:19 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWOW64\wrap_oal.dll
[2011.09.28 18:45:42 | 015,453,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xlive.dll
[2011.09.28 18:45:42 | 013,642,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xlivefnt.dll
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD

< End of report >
         
--- --- ---

[/CODE]

Extras habe ich nicht gefunden. Sollten sie im selben Ordner wie die OTL.txt sein(bei mir auf dem Desktop)?

Alt 06.09.2012, 07:26   #7
Psychotic
/// Malwareteam
 
GVU Trojaner mit Webcam - Standard

GVU Trojaner mit Webcam



Hallo Dimon,

du bist mit einem speziellen Trojaner infiziert, deshalb berate ich mich mit anderen Helfern über die Vorgehensweise, um dir die bestmögliche Hilfe zukommen lassen zu können. Bitte hab noch ein paar Stunden Geduld!

Vielen Dank!

Gruß
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 06.09.2012, 13:13   #8
Psychotic
/// Malwareteam
 
GVU Trojaner mit Webcam - Standard

GVU Trojaner mit Webcam



Ich brauche die Extras.txt!
  • Doppelklick auf die OTL.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 06.09.2012, 14:56   #9
AHT
/// Helfer-Team
 
GVU Trojaner mit Webcam - Standard

GVU Trojaner mit Webcam



Ich werde mich mit um deinen Fall kümmern.
__________________
______________________

MfG

AHT

Alt 06.09.2012, 16:56   #10
Dimon
 
GVU Trojaner mit Webcam - Standard

GVU Trojaner mit Webcam



OTL.txt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.09.2012 17:41:44 - Run 3
OTL by OldTimer - Version 3.2.60.0     Folder = C:\Users\Hitless\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,89 Gb Available Physical Memory | 74,17% Memory free
15,89 Gb Paging File | 13,60 Gb Available in Paging File | 85,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 502,14 Gb Total Space | 176,62 Gb Free Space | 35,17% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 188,67 Gb Free Space | 96,60% Space Free | Partition Type: NTFS
 
Computer Name: YEAH-PC | User Name: Hitless | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Hitless\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Hitless\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Hitless\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4ab35163db89cc1062851c42f90151ef\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b81e3e084d74df5d723dd33d6b9a2dff\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (Dnscache) -- C:\Windows\SysNative\pouawxp0u.dll (Parental Solutions Inc.)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (DMAgent) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (Red Bend Ltd.)
SRV:64bit: - (WiMAXAppSrv) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (Intel(R) Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Update-Service) -- C:\Windows\SysWOW64\UpdSvc.dll (Joosoft.com GmbH)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (WCMVCAM) -- C:\Windows\SysNative\drivers\wcmvcam64.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (BTWDPAN) -- C:\Windows\SysNative\drivers\btwdpan.sys (Broadcom Corporation.)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (rtsuvc) -- C:\Windows\SysNative\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AVPolDIR) -- C:\Windows\SysNative\drivers\AVPolDIR.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:64bit: - (AVerPola) -- C:\Windows\SysNative\drivers\AVerPola.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (bpenum) -- C:\Windows\SysNative\drivers\bpenum.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=15430
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{26D3E265-8919-495E-815F-448819DD8BF1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=CLM&o=15427&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=LE&apn_dtid=YYYYYYYYDE&apn_uid=60ee8282-04d8-44f6-a465-152e0e5ed252&apn_sauid=BD50D608-5F7B-4D01-BE41-FB4063705327
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hitless\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hitless\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.31 03:09:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.31 03:09:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.12.09 18:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hitless\AppData\Roaming\mozilla\Extensions
[2012.09.04 17:36:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hitless\AppData\Roaming\mozilla\Firefox\Profiles\biur54b3.default\extensions
[2012.09.04 17:36:23 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Hitless\AppData\Roaming\mozilla\Firefox\Profiles\biur54b3.default\extensions\toolbar@ask.com
[2012.09.04 17:36:23 | 000,002,323 | ---- | M] () -- C:\Users\Hitless\AppData\Roaming\Mozilla\Firefox\Profiles\biur54b3.default\searchplugins\askcom.xml
[2012.07.04 10:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.08.27 10:25:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.04 10:48:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.08.31 03:09:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.23 07:34:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 03:09:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.23 07:34:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 07:34:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.23 07:34:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 07:34:33 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\edooipcjkkbjmnogkdcahgmhbniipefp\1.0_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggnidjbcahhbnleinchgobfnabopeioh\3.5_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.42_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjgenbiepgodgfapfnolmenbfncejmjf\1_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje\2.2.2_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmkmihphgjhmeabggdcokmkjhbnmdml\0.5_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.15_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.6.0_0\
CHR - Extension: No name found = C:\Users\Hitless\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Infium] C:\Program Files (x86)\QIP 2012\qip.exe (QIP)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Hitless\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Hitless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hitless\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\system32\tnnsvqxhl.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{162B4ED2-46CB-40DE-A088-478E14DD0097}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6533412C-6187-47D8-B091-3724CD296A69}: DhcpNameServer = 131.234.137.24 131.234.137.23
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3ad0eaf7-349f-11e1-82b5-9439e5e48044}\Shell - "" = AutoRun
O33 - MountPoints2\{3ad0eaf7-349f-11e1-82b5-9439e5e48044}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.06 17:36:50 | 000,000,000 | R--D | C] -- C:\Users\Hitless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9
[2012.09.05 16:08:11 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Hitless\Desktop\aswMBR.exe
[2012.09.05 16:03:53 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Hitless\Desktop\tdsskiller.exe
[2012.09.05 13:59:48 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Hitless\Desktop\OTL.exe
[2012.09.05 10:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.09.05 10:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.09.04 23:56:26 | 000,000,000 | ---D | C] -- C:\Users\Hitless\AppData\Roaming\Malwarebytes
[2012.09.04 23:56:10 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.04 23:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.04 23:56:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.04 23:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.04 17:36:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.31 22:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2012.08.31 22:00:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia
[2012.08.31 21:59:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2012.08.24 17:17:25 | 000,000,000 | ---D | C] -- C:\Users\Hitless\AppData\Local\Darksiders
[2012.08.24 17:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2012.08.24 17:16:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2012.08.19 11:10:58 | 000,000,000 | ---D | C] -- C:\Users\Hitless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Harpsoft
[2012.08.15 07:48:07 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.15 07:48:05 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.15 07:48:04 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.15 07:48:04 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.15 07:48:03 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.15 07:48:03 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.15 07:48:03 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.08.15 07:48:01 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.15 07:48:01 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.15 07:48:01 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.15 07:47:50 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.08.15 07:47:50 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.15 07:47:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.15 07:47:49 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.15 07:47:49 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.15 07:47:49 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.15 07:47:49 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.15 07:47:46 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.10 12:15:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity
[2012.08.10 11:53:15 | 000,000,000 | ---D | C] -- C:\Users\Hitless\AppData\Roaming\Audacity
[2012.08.10 11:53:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.06 17:44:51 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.06 17:44:51 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.06 17:41:16 | 000,872,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.06 17:41:16 | 000,718,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.06 17:41:16 | 000,146,342 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.06 17:36:39 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.06 17:36:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.06 17:35:54 | 2103,332,863 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.06 01:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.06 01:23:10 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4078036523-660427857-514968831-1000UA.job
[2012.09.06 01:03:11 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.05 18:20:34 | 000,000,512 | ---- | M] () -- C:\Users\Hitless\Desktop\MBR.dat
[2012.09.05 17:23:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4078036523-660427857-514968831-1000Core.job
[2012.09.05 16:05:32 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Hitless\Desktop\aswMBR.exe
[2012.09.05 16:00:56 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Hitless\Desktop\tdsskiller.exe
[2012.09.05 13:55:38 | 000,511,265 | ---- | M] () -- C:\Users\Hitless\Desktop\adwcleaner.exe
[2012.09.05 10:43:58 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.09.05 10:42:06 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.05 10:40:08 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2012.09.05 10:34:11 | 004,503,728 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.04 18:14:48 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Hitless\Desktop\OTL.exe
[2012.09.04 17:13:09 | 000,001,895 | ---- | M] () -- C:\Users\Hitless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.31 22:00:04 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2012.08.24 17:16:18 | 000,002,105 | ---- | M] () -- C:\Users\Public\Desktop\Darksiders Comic.lnk
[2012.08.24 17:16:18 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\Darksiders SoundTrack.lnk
[2012.08.19 11:10:58 | 000,002,167 | ---- | M] () -- C:\Users\Hitless\Desktop\Bendometer PS.lnk
[2012.08.19 11:07:39 | 000,000,556 | ---- | M] () -- C:\Users\Hitless\Desktop\bendometer.zip
[2012.08.16 18:24:13 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.16 18:24:13 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.15 11:39:54 | 000,306,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.05 18:20:34 | 000,000,512 | ---- | C] () -- C:\Users\Hitless\Desktop\MBR.dat
[2012.09.05 13:59:48 | 000,511,265 | ---- | C] () -- C:\Users\Hitless\Desktop\adwcleaner.exe
[2012.09.05 10:43:58 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.09.04 23:56:10 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.04 17:13:09 | 004,503,728 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.04 17:13:09 | 000,001,895 | ---- | C] () -- C:\Users\Hitless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.31 22:00:04 | 000,002,089 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2012.08.24 17:16:18 | 000,002,105 | ---- | C] () -- C:\Users\Public\Desktop\Darksiders Comic.lnk
[2012.08.24 17:16:18 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\Darksiders SoundTrack.lnk
[2012.08.19 11:10:58 | 000,002,167 | ---- | C] () -- C:\Users\Hitless\Desktop\Bendometer PS.lnk
[2012.08.19 11:07:38 | 000,000,556 | ---- | C] () -- C:\Users\Hitless\Desktop\bendometer.zip
[2012.08.10 11:53:12 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012.04.20 23:19:25 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012.04.20 23:19:25 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012.04.20 23:19:25 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012.04.20 22:59:06 | 000,039,620 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2012.02.01 19:19:00 | 000,000,749 | ---- | C] () -- C:\Users\Hitless\.recently-used.xbel
[2012.01.07 15:07:37 | 002,086,240 | ---- | C] () -- C:\Windows\SysWow64\LenovoVeriface.Interface.dll
[2012.01.07 15:07:37 | 001,500,512 | ---- | C] () -- C:\Windows\SysWow64\Apblend.dll
[2012.01.07 15:07:37 | 001,171,456 | ---- | C] () -- C:\Windows\SysWow64\PicNotify.dll
[2012.01.07 15:07:37 | 000,472,416 | ---- | C] () -- C:\Windows\SysWow64\Lenovo.VerifaceStub.dll
[2012.01.07 15:07:04 | 001,044,480 | ---- | C] () -- C:\Windows\SysWow64\3DImageRenderer.dll
[2011.12.16 16:14:52 | 000,000,600 | ---- | C] () -- C:\Users\Hitless\AppData\Local\PUTTY.RND
[2011.12.11 13:29:05 | 000,000,017 | ---- | C] () -- C:\Users\Hitless\AppData\Local\resmon.resmoncfg
[2011.12.10 20:59:19 | 000,000,032 | ---- | C] () -- C:\Users\Hitless\.simfy
[2011.12.09 15:23:32 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.12.09 15:18:36 | 000,858,318 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.09 14:59:37 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.12.09 14:59:37 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.12.09 14:59:37 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD

< End of report >
         
--- --- ---

[/CODE]

Extra.txt:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 06.09.2012 17:41:44 - Run 3
OTL by OldTimer - Version 3.2.60.0     Folder = C:\Users\Hitless\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,89 Gb Available Physical Memory | 74,17% Memory free
15,89 Gb Paging File | 13,60 Gb Available in Paging File | 85,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 502,14 Gb Total Space | 176,62 Gb Free Space | 35,17% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 188,67 Gb Free Space | 96,60% Space Free | Partition Type: NTFS
 
Computer Name: YEAH-PC | User Name: Hitless | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D358C5D-CC1D-40B6-9335-CFA0670DAE45}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{1AB575C7-9187-4516-8308-2F36B4D4160C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{1D247054-6B35-4217-9D5F-469B3EB6605A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{1FCABEFF-FCC3-4C38-B75C-805C6D696407}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2876BB16-723E-42EC-85F3-D5EEF8081F04}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3EF4C85A-01F8-489C-9395-47CAF9756A84}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{401B37C6-9FF7-44C2-93E4-2332186FCE02}" = rport=138 | protocol=17 | dir=out | app=system | 
"{40D7F6B3-8882-4787-A2C0-D68B6BBCDE4F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{51001546-3B46-40AF-96B7-E5F3E8F1FC77}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{57270E46-1D0C-47F7-912C-C40B66C1128D}" = lport=57982 | protocol=17 | dir=in | name=pando media booster | 
"{6E95C63D-A6E8-4CB5-B974-7A30EAB3C596}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6EE3989D-AA1F-4197-8386-E552E365C9FF}" = lport=57982 | protocol=6 | dir=in | name=pando media booster | 
"{82C33CAF-A6FE-4718-B000-250EC971A8A2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{896C1C8C-45BB-4F33-9A99-BFCD4D9990E9}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{8F6D71CE-608F-4700-8E6C-DC26AD72ED29}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A078A7BD-C631-4D05-BEC3-FBE3A619172C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A7CB9F79-BCAC-47FB-B6CD-A76D3CF26ED9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C2B6B92D-49B8-4436-939B-04217FF0426A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C3E06C24-5AA5-4D97-AF1D-54AEBEF88AC2}" = lport=57982 | protocol=17 | dir=in | name=pando media booster | 
"{C6CED595-5016-4635-84DA-41C58FDE7EE9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D06B2F05-FEAF-4E5D-B46E-5CC9911575EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E54BB71D-D44C-4A40-BF96-F13266235478}" = lport=57982 | protocol=6 | dir=in | name=pando media booster | 
"{EA3AF9C2-14D9-40E7-9572-E4E76BBD8C3C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{ED26AB76-9EE1-4903-9B87-7B019DF3AB62}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FCDCF2EF-B03B-4E74-AB98-E7E1FA633A26}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B51410-D074-4236-9D11-6EBF29DD28FC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{01739F23-30AC-4D2A-AAF9-25D6BE6ED299}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{033AD2AB-7A69-4638-95A3-73B7D2D6C421}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | 
"{03E97F63-FCFB-4638-AD24-5D58BDE4465F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe | 
"{03F9668B-04BC-4B32-91EB-49C4BDA56941}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\backgammon.exe | 
"{062B17EE-7D63-40E3-9222-AB09589CB14D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe | 
"{07AF4A55-DD03-4E7F-A1B3-0A0A2F66CED4}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{08B8A816-42F7-4E88-9F35-D60CC1978653}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe | 
"{0E95D0A5-22C8-4EEF-8B1F-6D1898EBC1AE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{0F35BF57-E522-47EE-9448-54C793FFBBE5}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | 
"{0F50284D-2924-47CB-AC1C-9251791B72EC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | 
"{11BFBBBC-B47A-45EF-B12F-4D789407AB6C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{1604DF5E-6EA5-4863-B245-225C0CC060D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{1E491B59-41C8-4918-A680-DF31D10609AD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\qube\binaries\win32\qube.exe | 
"{1FC3AD24-A386-40A4-92E4-A4D7A97CB98F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | 
"{1FE50DEF-1315-4B49-89AB-500DA8595169}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{20CA73D4-212E-44BE-AE33-A59ECD7FC440}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | 
"{226A316D-CF21-49B9-8926-EABCD79B6EFC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{22CEC629-A1ED-42BD-80CB-DA73B191249D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\edge\edge.exe | 
"{2AF73B29-5618-4F59-ADFF-5CC0483DFB61}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\uplink\uplink.exe | 
"{2D066E23-A493-4537-831F-EF5589789331}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{2D4D8236-C437-4BA4-9431-85D2D0538F26}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock\builds\release\bioshock.exe | 
"{2F2FE770-E765-4936-BABC-1EC49E1F79FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{31B71B5F-0BBE-4B5E-AA2D-A62275D208A7}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{33261CB5-0648-4B71-882F-FAF66C475E43}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{332F9631-CBFE-491B-BAC9-E5F29444B57F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blocks that matter\btm_launcher_win.exe | 
"{333A090F-87A0-412A-8234-FBC64888BB8C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe | 
"{3718D0BA-3C2A-4812-8378-04D0133DCCE8}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{384ADC0D-1191-4C48-9F82-2EC69FB39C16}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe | 
"{3A2312CD-008C-45A7-A385-7D8FFC8DC6A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe | 
"{3D10B83B-FFDB-49A5-85DD-3C0471B4FC2B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3EEB3E91-D71E-4B7B-A4D4-E95E25584DF1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{42E9B8CB-9CA7-490C-9037-10B70E006934}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | 
"{47C8C3EF-E1A9-4ED9-86AD-4EAF46FF74A0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{48FFB2B4-74F6-4EE7-B3AA-6574DDD94CC2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{4A85C6CE-3748-438F-B315-8EDCC963F752}" = protocol=6 | dir=in | app=c:\users\hitless\appdata\roaming\dropbox\bin\dropbox.exe | 
"{4B1C74F4-A77C-43D0-842A-0C58A4675224}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{4BE1DFE3-54FA-4124-9091-93D36A13D234}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe | 
"{4C9DB66E-9B5F-4510-858F-D0C40F678892}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{545E702C-D3B6-4955-AD72-EA13998DE600}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe | 
"{54F1179E-D487-482F-973F-9BD7A3C7DC79}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe | 
"{556A2B43-5C5D-4960-B961-27B4624110B1}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{595D2F41-3F59-41CE-B893-2C3FED48F6A2}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | 
"{5A330B39-8EB5-4DD1-8D43-B7CA39CE03AC}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{5B545615-61AF-41B3-92D7-562255459176}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{5D99D727-2F9B-422E-950F-FB37CA76C18D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\augmentededitioncontent\launch.bat | 
"{5EAF93C8-6036-4CF1-9F58-DEDAA5A3C988}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{5FE6DADD-B5FC-42B8-92B4-9C4E7A63FC4F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe | 
"{6461A4DB-4E9B-4456-8D58-31E767E42EF7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{649B8717-C64D-4B69-BABA-541FE1EA091E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\uplink\uplink.exe | 
"{6614DF9D-C9C8-4EC9-88E3-11D8BAF7F61C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blocks that matter\btm_launcher_win.exe | 
"{67804E89-D57E-4AC2-93EE-BF1127A19523}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\seabattle.exe | 
"{6964779E-37DC-436C-BCC4-911097145BE7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | 
"{6B674D4E-3E7C-439B-B93B-BEDA5EA234F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row 2\sr2_pc.exe | 
"{6E7E6604-3108-48E6-A4F1-4A62C9B3E600}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{7A3EC496-8112-4BB7-A304-B5CD913537C9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe | 
"{7A489811-5E94-4F14-8C61-5A7FA6767B61}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\critical mass\criticalmass.exe | 
"{82E56316-C825-4D44-B53F-97FFC4DDC428}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bully scholarship edition\bully.exe | 
"{835D99C0-DF9E-4B56-A18C-5A64C3B27196}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\superbrothers sword & sworcery ep\swordandsworcery_pc.exe | 
"{849C46B7-E3AE-4031-B30C-FE38A0104EFD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{84FAF68D-8D2D-405D-B34B-61ED843730BD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{85BC3311-D058-47B5-A25D-EE4ABF437896}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{88447ECD-9544-42A6-A61C-FFE152F3ADBF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe | 
"{8A526F67-09E3-4716-B706-C670136A53C5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\runlauncher.bat | 
"{91FD7438-E86C-40BB-A85E-C84858256D0D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{93651123-1171-4352-94E7-12560CAEC696}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe | 
"{95DB32D5-5649-4CD1-84E8-022D8C0E3C02}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{9F8252B8-358B-4150-82A1-731A7E2CC3EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{A0C69B7C-D28B-4B09-BC38-19FE5940B314}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe | 
"{A38021BF-D47B-4362-BFCD-9C9BF931A815}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A41644E7-5B25-496C-A932-598A47058794}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe | 
"{A9004D12-6DA7-47E3-A845-179634861BF6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\critical mass\criticalmass.exe | 
"{ADC708E8-F943-401C-AE1B-68FF43B58C39}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{AFF64957-65BB-4418-AC82-02709B92D5C8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B050340A-13C0-497B-B7D8-1272E5A01A5C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{B06A31F2-C1A6-4AB2-A175-07EA3EAA1F32}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{B384619A-12CD-454A-8577-E96F18EA6F32}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\tictactoe.exe | 
"{B65B7042-D68D-4E63-BC49-9BDEC4B9BFD4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\edge\edge.exe | 
"{B66BAD62-AA2B-4810-A0F4-E5BA20CC6DF1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | 
"{BA59504E-DBDA-444E-8AC1-5FB7D4BAABF8}" = protocol=17 | dir=in | app=c:\users\hitless\appdata\roaming\dropbox\bin\dropbox.exe | 
"{BC768B47-B879-4FCA-896D-DCFF3514F243}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{BEAD6EA2-FD91-4AC5-B07D-8E917C1683AA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe | 
"{BFA6F1E8-E61A-4F38-B1FC-C434B906E0AD}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C079A06B-1F10-4A7E-89AC-986B95EFD7A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{C209DE2A-1B73-4CCF-95DB-0039E5860EF8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\binaries\win32\batmanac.exe | 
"{C6EB1E06-4E74-4415-930E-1FB4480B2AF8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\augmentededitioncontent\launch.bat | 
"{C745A3D7-0E48-47F8-8DA6-6975B8679DF6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darwinia\darwinia.exe | 
"{C7A1F9A0-9E59-4E5E-A80B-2279EB7595FD}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C9424FAF-EDBF-43E0-ABAF-23CCAFB56CDA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{C99E6A27-9B81-44D6-BF42-D9B9930A40FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm | 
"{CC09CD06-0EF7-4E65-B07C-F2F2635EA0EA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\binaries\win32\batmanac.exe | 
"{CC116EB1-6554-450D-B524-ADDD889F6B12}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe | 
"{CE1852DC-63A4-4F48-93A2-CBB8A318653E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe | 
"{CEA80FB4-4E75-4E0F-B7FB-7CB01253FBD1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{CEB526DB-AB5B-4272-BF8C-0B0B0E02F1FA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe | 
"{D2C3D6A7-8477-41A4-BB06-C1FEDDDF21D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\qube\binaries\win32\qube.exe | 
"{D395C5E4-5EEB-4889-A024-E05BC30ACF8C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\runlauncher.bat | 
"{D44DC0FC-AAB9-45A0-9694-105E325887C8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{D51A61AE-9AE6-445C-BF74-45D4D51D0793}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\checkers.exe | 
"{D596F25A-3469-42E7-8D1A-D844394B8888}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darwinia\darwinia.exe | 
"{D6CCC0AB-82F9-47B5-80CD-61B950500AC0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | 
"{D74647B8-6777-4C26-B491-85679E31C137}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | 
"{D87AEB6C-C115-41DD-8825-71007E8CD6EC}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\easychat.exe | 
"{D965D8E2-6EE3-443F-8578-809632EAED7B}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\chess.exe | 
"{D9EE6494-2532-484C-89CB-2AA0F5045FF6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{DE85B1F1-0ED3-4295-98D0-2E9CFBA6D2FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bully scholarship edition\bully.exe | 
"{E38B7691-0A7C-4BCE-8B4B-038AA667FF26}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rush\rush.exe | 
"{E8B3D731-FFBE-4837-9398-6ECA8754E1D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{E9A75C42-B338-4650-9EA5-11B7628B1DB3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row 2\sr2_pc.exe | 
"{EA49896D-444E-42F7-A637-46D2ED9E3C84}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rush\rush.exe | 
"{EA85F952-C19E-4052-89E6-7F0CA54E4F32}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{EB7C2753-33FC-4450-B2C2-CE2A4C273911}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{ED1A69DE-BF69-447E-8916-07D679D01746}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe | 
"{EFC4DE02-F641-4602-BCE8-AD4AB5D9D842}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe | 
"{F59FC9A4-249D-4FFD-9635-35ECE3185392}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm | 
"{F5FC535D-F5D6-429D-90D3-79BBE91EA3D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock\builds\release\bioshock.exe | 
"{F8A37327-C780-4C59-BD6A-9BBD964184BE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{FBE79317-CE86-4B5C-9EB4-8355B2DD16AF}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | 
"{FCD1427D-DE3F-46AC-82B1-1C88AAF5443C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe | 
"{FD2C1381-F9B0-413F-9DA4-A175614F8473}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{FD70CFFC-A6C0-4E06-A0A6-3B7DC21AFB52}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{FDCF9B95-D66F-42C6-8813-959689B801A5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"TCP Query User{06CA6FA1-B89B-45A1-9A54-73E22FD62425}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"TCP Query User{087DF8F3-F320-4751-8C96-A210C2B36501}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{0A55FD90-5C4C-44EF-BE90-74FAB79E4840}C:\programdata\battle.net\agent\agent.913\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | 
"TCP Query User{2C76F166-C16B-44AE-98A2-9522937B2151}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{3DB8FB4A-D136-46E7-B257-B61A311DE20B}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{549D1286-20A6-44D3-8AB3-F7B4769571BD}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{559AF120-6EB6-4EE5-8B36-F5ED6EF5B563}C:\program files (x86)\steam\steamapps\dimahl\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\dimahl\team fortress 2\hl2.exe | 
"TCP Query User{5A49F4A8-3ED4-41BE-8132-BC4EFF3C9EFF}C:\program files\java\jdk1.7.0_02\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_02\bin\java.exe | 
"TCP Query User{73905CBC-99B2-4854-B2DF-7CD7722865A8}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"TCP Query User{73A9392F-021F-421F-B3DE-E9AEFDC1D0B2}C:\users\hitless\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\hitless\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{7E1BB250-BBC2-466E-878C-7BD652C8BED0}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{A0B43921-DC0F-4C07-80D5-59AA8AA27126}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | 
"TCP Query User{C664C897-22B9-4CE4-9E08-8092A7A41D56}C:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"TCP Query User{CFD84D02-9FBD-40E8-BE39-0BF579D5EEAF}C:\program files (x86)\rockstar games\gta2\gta2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\gta2\gta2.exe | 
"TCP Query User{D6377C09-43E1-4E6C-BA20-CDEF082B2780}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"TCP Query User{D6FC7CD9-A90B-4D9A-8313-F164B2AFA318}C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe | 
"TCP Query User{E66D0539-E8C1-4854-9F54-82FD595323F1}C:\program files (x86)\qip 2012\qip.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip 2012\qip.exe | 
"TCP Query User{F56499BE-26AB-4607-A488-36BD79A03985}C:\program files\gta2\gta2.exe" = protocol=6 | dir=in | app=c:\program files\gta2\gta2.exe | 
"UDP Query User{0F487EF8-78BB-4998-9DD0-A6DB999916AA}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | 
"UDP Query User{161386F2-FD0E-40E0-BF2F-5E2ED90AC407}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{3BD6711F-9D0F-4D98-BD83-AE460C52EEC6}C:\program files (x86)\steam\steamapps\dimahl\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\dimahl\team fortress 2\hl2.exe | 
"UDP Query User{58F57729-F8FA-4B63-83A9-48DE5714DAA6}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"UDP Query User{6486E2AC-9CE5-485A-9110-C8B925740A7A}C:\program files (x86)\rockstar games\gta2\gta2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\gta2\gta2.exe | 
"UDP Query User{8C8DDA10-6B12-4030-AE97-743099FEB4AD}C:\program files (x86)\qip 2012\qip.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip 2012\qip.exe | 
"UDP Query User{991E630F-BD95-450F-87C2-80DDF0297637}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{A6FFC4E0-EBA2-4246-8DA6-4BDFA69833A3}C:\program files\java\jdk1.7.0_02\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_02\bin\java.exe | 
"UDP Query User{AC65B03F-DFA9-4E17-B889-DF2E2720060F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{B57DD5EE-5CC2-404F-97A7-C2F1E74C5D78}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"UDP Query User{C435B834-3809-4014-983F-821502BF82F3}C:\users\hitless\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\hitless\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{D4F6B7CE-BCC6-4D57-85E9-B7EA303A3C68}C:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"UDP Query User{DC3110D9-49EA-4837-8E7D-02B1DE3461BF}C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe | 
"UDP Query User{DD1BFD09-E8F0-4B04-8D75-998679A93AE6}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{E4A3C9F5-890A-42CB-A093-C93C1DEBB77C}C:\program files\gta2\gta2.exe" = protocol=17 | dir=in | app=c:\program files\gta2\gta2.exe | 
"UDP Query User{F0765E41-C3CD-49FF-AC6A-0D3872512E20}C:\programdata\battle.net\agent\agent.913\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | 
"UDP Query User{F7B36DAC-D2A2-4B61-A0AE-81CA3459D26A}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"UDP Query User{F932AAF5-8E67-4C6A-BAFE-0A14E0DE2E08}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0D432429-C79C-462D-ABD8-4D82B83A954B}" = Microsoft SQL Server System CLR Types (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{1111706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 (64-bit)
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219
"{2222706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 SDK (64-bit)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416033FF}" = Java(TM) 6 Update 33 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java(TM) 7 Update 2 (64-bit)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2A6823CE-23A8-35B3-8342-162A973CDD5B}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi-Software
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{4FC945A7-D54E-4F00-BE32-90553F80FCE8}" = ActivePerl 5.14.2 Build 1402 (64-bit)
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5ADA62BD-2FC0-4ECE-93AA-C933E69B2AB5}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java(TM) SE Development Kit 7 Update 2 (64-bit)
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++  Compilers 2010 Standard - enu - x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{8476A22A-405F-3DCB-96CA-D98C6418C89B}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E16BB50-E49A-3647-BD4D-4D150DCCBFAE}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.79
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E1C1D175-C23E-38F4-9AC1-ABE5167022CF}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBCA6D68-2FBE-4A52-8EAA-856CFEA714C8}" = Intel® PROSet/Wireless WiMAX Software
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)
"Logitech Unifying" = Logitech Unifying-Software 2.00
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"MiKTeX 2.9" = MiKTeX 2.9
"ProInst" = Intel PROSet Wireless
"sp6" = Logitech SetPoint 6.32
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UDK-6eec76be-be83-4f9d-a7e4-de10f07f198c" = My Game Long Name
"UDK-9eea78f8-1016-4817-b8ec-dcd011f7c35c" = My Game Long Name
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{103A5E44-DD5B-46D5-AD1E-9DF2260CA023}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Projekt
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver
"{28CF21CC-3FFF-3610-BA0E-5E5118EE92D5}" = Microsoft Visual Studio 2010 Premium - DEU
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++  Compilers 2010 Standard - enu - x86
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{3B69A712-4CBC-40B1-AE55-0203075FD093}" = Nokia Suite
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5454085C-129F-416C-9C0B-8B1000058301}" = BioShock 2
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{6AFE6FF2-059F-45F4-A2F2-0602C6DEBE0C}" = S60 3rd Edition SDK for Symbian OS, Supporting Feature Pack 2, for C++, Beta
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7390478C-8581-415E-92E9-2997D9306B81}" = PC Connectivity Solution
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{803910CC-3A39-45E3-A594-0D5512A60A86}" = Microsoft Silverlight 4 SDK - Deutsch
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{915C56D7-1EFD-4BF3-9FBE-2B0D39F36525}" = calibre
"{919E5477-D20B-4F64-AE8B-8199469F7817}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B001BC87-1A45-3656-AD07-213ED52F13E2}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B834524D-C302-F626-87D6-5E7352FBE502}" = simfy
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{BB1E119E-CF4B-4183-910E-A8C2B379F2C6}" = Microsoft SQL Server 2008 R2 Transact-SQL-Sprachdienst
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = Lenovo EasyCamera
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E77A53A2-4623-4635-AE7F-702152168EE5}" = Google Drive
"{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0
"AVerMedia A336 MiniCard Hybrid TV Tuner" = AVerMedia A336 MiniCard Hybrid TV Tuner 10.2.64.51
"Avira AntiVir Desktop" = Avira Free Antivirus
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"CSL Arm Toolchain (arm-symbianelf)_is1" = CSL ARM Toolchain (arm-symbianelf) 2005-Q1C
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"Drago_is1" = Drago 4.12
"DVBViewer Pro Demo_is1" = DVBViewer Pro DEMO
"Earthworm Jim_is1" = Earthworm Jim
"Foxit Reader_is1" = Foxit Reader
"GameSpy 3D" = GameSpy 3D
"Geany" = Geany 0.21
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mendeley Desktop" = Mendeley Desktop 1.6
"Microsoft Visual Studio 2010 Premium - DEU" = Microsoft Visual Studio 2010 Premium - DEU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"ProInst" = Intel PROSet Wireless
"Rockstar Games Social Club" = Rockstar Games Social Club
"Simfy" = simfy
"Steam App 105300" = Critical Mass
"Steam App 110800" = L.A. Noire
"Steam App 111800" = Blocks That Matter
"Steam App 113200" = The Binding Of Isaac
"Steam App 12200" = Bully: Scholarship Edition
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 1500" = Darwinia
"Steam App 1510" = Uplink
"Steam App 17410" = Mirror's Edge
"Steam App 17470" = Dead Space
"Steam App 200001" = Saints Row The Third Prima Official Strategy Guide
"Steam App 200900" = Cave Story+
"Steam App 201280" = Deus Ex: Human Revolution - The Missing Link
"Steam App 203730" = Q.U.B.E.
"Steam App 204060" = Superbrothers: Sword & Sworcery EP
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 28110" = Deus Ex Human Revolution Augmented Edition Bonus Content
"Steam App 35140" = Batman: Arkham Asylum GOTY Edition
"Steam App 38720" = RUSH
"Steam App 38740" = EDGE
"Steam App 40800" = Super Meat Boy
"Steam App 41500" = Torchlight
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 50620" = Darksiders
"Steam App 55230" = Saints Row: The Third
"Steam App 570" = Dota 2
"Steam App 57400" = Batman: Arkham City™
"Steam App 620" = Portal 2
"Steam App 63710" = BIT.TRIP RUNNER
"Steam App 6860" = Hitman: Blood Money
"Steam App 7670" = BioShock
"Steam App 8190" = Just Cause 2
"Steam App 8850" = BioShock 2
"Steam App 8980" = Borderlands
"Steam App 9480" = Saints Row 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Texmaker" = Texmaker
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TIPP10_is1" = TIPP10 Version 2.1.0
"Tygem Baduk" = TygemBaduk Remove
"VeriFace" = VeriFace 
"VLC media player" = VLC media player 1.1.11
"WebcamMax" = WebcamMax
"WinEdt 7" = WinEdt 7
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"CGoban 3" = CGoban 3
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"QIP 2012" = QIP 2012 4.0.7210
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.06.2012 06:39:22 | Computer Name = Yeah-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
 stamp: 0x4a5bc3c1  Faulting module name: pouawxp0u.dll_unloaded, version: 0.0.0.0,
 time stamp: 0x4fc94cc8  Exception code: 0xc0000005  Fault offset: 0x00000000754a64e2
Faulting
 process id: 0x4a8  Faulting application start time: 0x01cd44959b28851d  Faulting application
 path: C:\Windows\system32\svchost.exe  Faulting module path: pouawxp0u.dll  Report 
Id: 0add6387-b08d-11e1-a9e6-9439e5e48044
 
Error - 07.06.2012 09:46:59 | Computer Name = Yeah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 07.06.2012 09:46:59 | Computer Name = Yeah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 07.06.2012 09:46:59 | Computer Name = Yeah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 07.06.2012 09:46:59 | Computer Name = Yeah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 07.06.2012 09:46:59 | Computer Name = Yeah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 07.06.2012 09:47:00 | Computer Name = Yeah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 07.06.2012 09:47:00 | Computer Name = Yeah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 07.06.2012 09:47:00 | Computer Name = Yeah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 07.06.2012 09:47:00 | Computer Name = Yeah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
[ System Events ]
Error - 05.09.2012 04:25:27 | Computer Name = Yeah-PC | Source = Service Control Manager | ID = 7023
Description = The DNS Client service terminated with the following error:   %%5
 
Error - 05.09.2012 04:25:27 | Computer Name = Yeah-PC | Source = Service Control Manager | ID = 7023
Description = The DNS Client service terminated with the following error:   %%5
 
Error - 05.09.2012 04:25:39 | Computer Name = Yeah-PC | Source = Service Control Manager | ID = 7023
Description = The DNS Client service terminated with the following error:   %%5
 
Error - 05.09.2012 04:35:08 | Computer Name = Yeah-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:34:21 on ?05.?09.?2012 was unexpected.
 
Error - 05.09.2012 07:30:48 | Computer Name = Yeah-PC | Source = Service Control Manager | ID = 7031
Description = The Cryptographic Services service terminated unexpectedly.  It has
 done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 05.09.2012 07:30:48 | Computer Name = Yeah-PC | Source = Service Control Manager | ID = 7031
Description = The DNS Client service terminated unexpectedly.  It has done this 
1 time(s).  The following corrective action will be taken in 120000 milliseconds:
 Restart the service.
 
Error - 05.09.2012 07:30:48 | Computer Name = Yeah-PC | Source = Service Control Manager | ID = 7031
Description = The Workstation service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 05.09.2012 07:30:48 | Computer Name = Yeah-PC | Source = Service Control Manager | ID = 7031
Description = The Network Location Awareness service terminated unexpectedly.  It
 has done this 1 time(s).  The following corrective action will be taken in 100 
milliseconds: Restart the service.
 
Error - 05.09.2012 10:03:27 | Computer Name = Yeah-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 05.09.2012 12:38:51 | Computer Name = Yeah-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
--- --- ---

[/CODE]

Alt 07.09.2012, 08:13   #11
Psychotic
/// Malwareteam
 
GVU Trojaner mit Webcam - Standard

GVU Trojaner mit Webcam



Schritt 1: Software deinstallieren
  • Klicke Start-->Systemsteuerung.
  • Öffne Programme und Funktionen.
  • Suche und deinstalliere folgende Einträge:
    Zitat:
    Ask Toolbar
  • Schließe das Fenster.


Schritt 2: Fix mit OTL

  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:OTL
SRV - (Update-Service) -- C:\Windows\SysWOW64\UpdSvc.dll (Joosoft.com GmbH) 
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
"ServiceDll"=hex(2):"%SystemRoot%\System32\dnsrslvr.dll"
:FILES
C:\Windows\system32\tnnsvqxhl.dll /lsp
C:\Windows\SysNative\pouawxp0u.dll
C:\ProgramData\dsgsdgdsgdsgw.pad
C:\Users\Hitless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
:COMMANDS
[emptytemp]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread



Schritt 3: Combofix


Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Schritt 4: Custom Scan mit OTL



Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com
%SystemRoot%\system32\*.tsp
%SystemRoot%\system32\*.tsp /64
C:\Windows\system32\*.dll /360
C:\Windows\SysNative\*.dll /360
C:\Windows\SysWOW64\*.dll /360
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 07.09.2012, 12:51   #12
Dimon
 
GVU Trojaner mit Webcam - Standard

GVU Trojaner mit Webcam



Bei Schritt 1 hatte ich zuerst Probleme, da er mekerte das ein Browser sei noch geöffnet. Im Taskmanager nachgeschaut es war tatsächlich IE versteckt(man konnte es nicht in der Taskleiste sehen) offen. Geschlossen, dann ging es.

Bei Schritt 2:
Als Admin gestartet, den Fix kopiert ==> Range Check Error

Alt 08.09.2012, 07:55   #13
Psychotic
/// Malwareteam
 
GVU Trojaner mit Webcam - Standard

GVU Trojaner mit Webcam



OK, dann nimm für Schritt 2 den folgenden Fix:

Code:
ATTFilter
:OTL
SRV - (Update-Service) -- C:\Windows\SysWOW64\UpdSvc.dll (Joosoft.com GmbH) 

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  64,00,6e,00,73,00,72,00,73,00,6c,00,76,00,72,00,2e,00,64,00,6c,00,6c,00,00,\
  00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  77,00,6b,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

:FILES
C:\Windows\system32\tnnsvqxhl.dll /lsp
C:\Windows\SysNative\pouawxp0u.dll
C:\ProgramData\dsgsdgdsgdsgw.pad
C:\Users\Hitless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk

:COMMANDS
[emptytemp]
         

Alles andere in meiner letzten Antwort bleibt unberührt!
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 08.09.2012, 12:30   #14
Dimon
 
GVU Trojaner mit Webcam - Standard

GVU Trojaner mit Webcam



Ich habe das nun so gestartet und es läuft nun seit mehr als einer Stunde und zeigt die ganze Zeit folgendes in der Statusbar an:
Code:
ATTFilter
Processing Registry data "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ ...
         
Ich glaube OTL bleibt stecken.

Alt 10.09.2012, 08:15   #15
Psychotic
/// Malwareteam
 
GVU Trojaner mit Webcam - Standard

GVU Trojaner mit Webcam



OK, dann was anderes:


Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Antwort

Themen zu GVU Trojaner mit Webcam
7-zip, adobe flash player, antivir, application/pdf:, autorun, avg, avira, battle.net, bho, blockiert, cpu-z, defender, desktop, explorer, firefox, flash player, format, google, grand theft auto, gvu trojaner windows 7 64, install.exe, jdownloader, lenovo, logfile, nvidia, nvidia update, nvpciflt.sys, object, opera, pando media booster, prima, realtek, registry, required, scan, software, spotify web helper, trojaner, usb, usb 3.0, visual studio, windows



Ähnliche Themen: GVU Trojaner mit Webcam


  1. GVU Trojaner hat Windows 7 gesperrt - Webcam - paysafecard oder ukash - Trojaner-Board
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (3)
  2. GVU - Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 23.12.2012 (23)
  3. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 16.12.2012 (1)
  4. GVU-Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (3)
  5. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (4)
  6. GVU Trojaner mit Webcam
    Log-Analyse und Auswertung - 11.11.2012 (3)
  7. GVU Trojaner mit Webcam
    Log-Analyse und Auswertung - 26.10.2012 (6)
  8. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (1)
  9. GVU-Trojaner mit Webcam
    Log-Analyse und Auswertung - 11.09.2012 (9)
  10. GVU Webcam Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.09.2012 (7)
  11. GVU-Trojaner mit Webcam
    Log-Analyse und Auswertung - 03.09.2012 (14)
  12. BSI Trojaner mit Webcam
    Log-Analyse und Auswertung - 21.08.2012 (16)
  13. GVU Trojaner + Webcam
    Log-Analyse und Auswertung - 16.08.2012 (8)
  14. GVU Trojaner mit webcam
    Log-Analyse und Auswertung - 13.08.2012 (24)
  15. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (11)
  16. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 22.06.2012 (2)
  17. Webcam trojaner?
    Mülltonne - 12.02.2008 (0)

Zum Thema GVU Trojaner mit Webcam - Hi, Ich habe mir auf meinem Laptop den GVU-Trojaner mit Webcam eingefangen. Sobald er an ist blockiert er alles und man kann im Grunde nur noch den Laptop ausschalten (per - GVU Trojaner mit Webcam...
Archiv
Du betrachtest: GVU Trojaner mit Webcam auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.