Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojan.Delf in "C:\ProgramData\lsass.exe"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 23.10.2012, 19:38   #1
Limatu
 
Trojan.Delf in "C:\ProgramData\lsass.exe" - Standard

Trojan.Delf in "C:\ProgramData\lsass.exe"



Hallo liebes Trojaner Board Team,

ich habe ein Problem mit dem "Polizei Virus". Beim Start von Windows erscheint nach kurzer Zeit eine Meldung am Screen, das ich 100€ bezahlen soll oder mein Computer wird gesperrt.

Ich habe Malware Bytes Anti-Malware installiert und das hat den Virus prompt geblockt und in die Quarantäne verschoben.
Um sicher zu gehen, dass der Virus weg ist poste ich hier aber trotzdem noch einmal die Logs und hoffe, dass Ihr mir weiterhelfen könnt.

Das OTL, und MBAM-Log hab ich angehängt und hier das Log vom Fund:

Code:
ATTFilter
2012/10/23 17:22:53 +0200	LIMATUII	andi	MESSAGE	Starting protection
2012/10/23 17:22:53 +0200	LIMATUII	andi	MESSAGE	Protection started successfully
2012/10/23 17:22:53 +0200	LIMATUII	andi	MESSAGE	Starting IP protection
2012/10/23 17:22:54 +0200	LIMATUII	andi	MESSAGE	IP Protection started successfully
2012/10/23 17:24:13 +0200	LIMATUII	andi	DETECTION	C:\ProgramData\lsass.exe	Trojan.Delf	QUARANTINE
2012/10/23 17:24:37 +0200	LIMATUII	andi	MESSAGE	Starting database refresh
2012/10/23 17:24:37 +0200	LIMATUII	andi	MESSAGE	Stopping IP protection
2012/10/23 17:24:37 +0200	LIMATUII	andi	MESSAGE	IP Protection stopped successfully
2012/10/23 17:24:39 +0200	LIMATUII	andi	MESSAGE	Database refreshed successfully
2012/10/23 17:24:39 +0200	LIMATUII	andi	MESSAGE	Starting IP protection
2012/10/23 17:24:40 +0200	LIMATUII	andi	MESSAGE	IP Protection started successfully
2012/10/23 17:27:27 +0200	LIMATUII	andi	MESSAGE	Executing scheduled update:  Daily
2012/10/23 17:27:27 +0200	LIMATUII	andi	MESSAGE	Database already up-to-date
2012/10/23 17:29:29 +0200	LIMATUII	andi	DETECTION	C:\Users\andi\AppData\Local\Temp\opera.dll	Trojan.Agent	QUARANTINE
         
Ich hoffe ich habe alles richtig verwendet, falls Ihr noch etwas braucht stehe ich gerne zur Verfügung.

Danke und schöne Grüße,
Limatu

Edit:Typos. ; /

Alt 25.10.2012, 12:30   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Delf in "C:\ProgramData\lsass.exe" - Standard

Trojan.Delf in "C:\ProgramData\lsass.exe"



Die Logs bitte nur in den Anhang (gezippt) legen, wenn sie zu groß sind um direkt gepostet zu werden!
Ansonsten bitte alles nach Möglichkeit hier in CODE-Tags posten. Das ist einfacher übersichtlicher und man spart sich ne Menge Rumklickerei

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 25.10.2012, 13:18   #3
Limatu
 
Trojan.Delf in "C:\ProgramData\lsass.exe" - Standard

Trojan.Delf in "C:\ProgramData\lsass.exe"



Hallo Cosinos,
da die Logs bei mir schon ziemlich lang ausgefallen sind, dachte ich es sei besser sie zu zippen. Habe sie jetzt versucht zu posten, aber die scheinen doch zu lang zu sein. Zumindest bekomme ich die Meldung das ich den Text auf 120000 Zeichen kürzen soll.

Ich hoffe das passt jetzt doch gezippt.
Danke und schöne Grüße,
Limatu
__________________

Alt 25.10.2012, 13:34   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Delf in "C:\ProgramData\lsass.exe" - Standard

Trojan.Delf in "C:\ProgramData\lsass.exe"



Poste die Logs bitte einzeln in CODE-Tags
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.10.2012, 13:39   #5
Limatu
 
Trojan.Delf in "C:\ProgramData\lsass.exe" - Standard

Trojan.Delf in "C:\ProgramData\lsass.exe"



Alles klar, hier das OTL Log

Code:
ATTFilter
OTL logfile created on: 23.10.2012 20:01:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\andi\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
12,00 Gb Total Physical Memory | 7,24 Gb Available Physical Memory | 60,38% Memory free
23,99 Gb Paging File | 19,34 Gb Available in Paging File | 80,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 266,76 Gb Free Space | 57,27% Space Free | Partition Type: NTFS
Drive D: | 465,15 Gb Total Space | 58,42 Gb Free Space | 12,56% Space Free | Partition Type: NTFS
Drive F: | 776,90 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 465,76 Gb Total Space | 206,14 Gb Free Space | 44,26% Space Free | Partition Type: NTFS
Drive J: | 3,73 Gb Total Space | 1,30 Gb Free Space | 34,88% Space Free | Partition Type: FAT32
 
Computer Name: LIMATUII | User Name: andi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.23 17:19:22 | 000,050,477 | ---- | M] () -- C:\Users\andi\Desktop\Defogger.exe
PRC - [2012.10.23 17:18:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\andi\Desktop\OTL.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.08 19:53:12 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.08 17:28:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 17:28:10 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.04.22 13:51:04 | 000,720,936 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012.04.04 06:25:00 | 000,295,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2012.01.30 19:52:06 | 001,421,312 | ---- | M] (Dexpot GbR) -- C:\Program Files (x86)\Dexpot\dexpot.exe
PRC - [2011.11.29 21:58:56 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011.11.29 21:58:46 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011.08.02 19:14:12 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.03.25 05:17:22 | 002,784,768 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
PRC - [2010.11.27 11:04:10 | 001,126,400 | ---- | M] (Tobias Erichsen) -- C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
PRC - [2009.12.22 18:57:40 | 001,150,976 | ---- | M] (AbstractSpoon Software) -- G:\Programme\todolist\ToDoList.exe
PRC - [2009.08.29 08:00:12 | 000,966,656 | ---- | M] () -- C:\Users\andi\Local Settings\Apps\F.lux\flux.exe
PRC - [2008.01.23 16:27:58 | 000,211,026 | ---- | M] () -- G:\Programme\Caps Lock Changer\caps_lock_changer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.23 17:19:22 | 000,050,477 | ---- | M] () -- C:\Users\andi\Desktop\Defogger.exe
MOD - [2012.06.13 00:34:22 | 017,998,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\2be5c267837bce48c2588db1cb45a218\PresentationFramework.ni.dll
MOD - [2012.06.13 00:34:10 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\2dc4170e59c6defec194ce1d3b7e9b6e\PresentationCore.ni.dll
MOD - [2012.06.13 00:34:07 | 013,197,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\31649acbb300c306f8359f26e94572a9\System.Windows.Forms.ni.dll
MOD - [2012.06.13 00:34:02 | 003,856,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\874de73de0aefaefe4d1226396d1b0c3\WindowsBase.ni.dll
MOD - [2012.06.13 00:34:00 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3d0c73f63305fa092666e6488634d025\System.Drawing.ni.dll
MOD - [2012.05.13 18:34:38 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\6a277b0dd5279e1f76d31604b4eeb31f\System.Management.ni.dll
MOD - [2012.05.13 18:32:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\7f9313247dd8235f6d4b63672b9ae3ad\System.Runtime.Remoting.ni.dll
MOD - [2012.05.13 18:32:33 | 001,781,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\adf79290d55b53d72aaedf49dc0ab05c\System.Xaml.ni.dll
MOD - [2012.05.13 01:09:45 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\124775115f8585454f2f7470b74a7d8d\PresentationFramework.Aero.ni.dll
MOD - [2012.05.13 01:07:02 | 007,052,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\0ad566912479454ed9ce37fb09de2715\System.Core.ni.dll
MOD - [2012.05.13 01:07:00 | 005,618,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\6e70ff4b74bed30aa8751253ed8aee56\System.Xml.ni.dll
MOD - [2012.05.13 01:06:56 | 009,090,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5339ecdda252537e37def11dc77c77aa\System.ni.dll
MOD - [2012.05.13 01:06:51 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll
MOD - [2011.12.14 12:54:22 | 000,115,137 | ---- | M] () -- C:\Users\andi\AppData\Local\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll
MOD - [2011.11.29 21:58:56 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011.05.22 19:21:36 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2009.12.14 19:37:06 | 000,208,896 | ---- | M] () -- G:\Programme\todolist\RTFContentCtrl.dll
MOD - [2009.12.02 13:44:20 | 000,053,248 | ---- | M] () -- G:\Programme\todolist\OutlookImpExp.dll
MOD - [2009.12.02 13:44:10 | 000,065,536 | ---- | M] () -- G:\Programme\todolist\FMindImportExport.dll
MOD - [2009.12.02 13:43:02 | 000,061,440 | ---- | M] () -- G:\Programme\todolist\MLOImport.dll
MOD - [2009.12.02 13:42:56 | 000,028,672 | ---- | M] () -- G:\Programme\todolist\PlainTextImport.dll
MOD - [2009.12.02 13:42:42 | 000,024,576 | ---- | M] () -- G:\Programme\todolist\iCalImportExport.dll
MOD - [2009.12.02 13:42:36 | 000,069,632 | ---- | M] () -- G:\Programme\todolist\GPExport.dll
MOD - [2009.08.29 08:00:12 | 000,966,656 | ---- | M] () -- C:\Users\andi\Local Settings\Apps\F.lux\flux.exe
MOD - [2008.01.23 16:27:58 | 000,211,026 | ---- | M] () -- G:\Programme\Caps Lock Changer\caps_lock_changer.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.04.05 17:41:54 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.10.13 11:22:27 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.09 16:30:14 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.05 10:33:06 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 17:28:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 17:28:10 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.08.31 17:04:42 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2011.08.02 19:14:12 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.04.07 17:37:16 | 005,352,960 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2011.03.25 05:17:22 | 002,784,768 | ---- | M] (PACE Anti-Piracy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices)
SRV - [2010.11.27 11:04:10 | 001,126,400 | ---- | M] (Tobias Erichsen) [Auto | Running] -- C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe -- (rtpMIDIService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- G:\Spiele\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.08 17:28:10 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 17:28:10 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.22 13:51:38 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.24 23:23:32 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2011.11.24 23:23:28 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2011.11.03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011.10.27 03:25:52 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2011.10.27 03:25:52 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2011.10.27 03:25:52 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2011.10.23 18:43:26 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.10.05 13:46:36 | 000,053,080 | ---- | M] (Novation DMS Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvnusbaudio.sys -- (NvnUsbAudio)
DRV:64bit: - [2011.10.03 16:41:58 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.07.06 17:12:16 | 000,019,800 | ---- | M] (Focusrite Audio Engineering Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\automap.sys -- (automap)
DRV:64bit: - [2011.03.24 22:16:20 | 000,025,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV:64bit: - [2011.03.24 22:14:12 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2010.11.15 11:35:38 | 000,028,160 | ---- | M] (Tobias Erichsen) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teVirtualMIDI64.sys -- (teVirtualMIDI64)
DRV:64bit: - [2010.10.01 22:58:05 | 000,043,072 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ttatmidi.sys -- (TTMIDICHIP)
DRV:64bit: - [2010.10.01 21:23:08 | 000,158,432 | ---- | M] (LOUD Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MackieAudio64.sys -- (MackieAudio)
DRV:64bit: - [2010.08.10 08:43:14 | 000,050,056 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2010.08.10 08:43:14 | 000,022,792 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.04.05 17:41:58 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.04.05 17:41:54 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.04.05 17:41:54 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.03.18 11:00:40 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009.08.04 14:15:36 | 000,048,200 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ymidusbx64.sys -- (YMIDUSBW)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009.07.14 02:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009.06.26 15:36:32 | 000,030,352 | ---- | M] (Steinberg Media Technologies GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\synusb64.sys -- (SynUSB64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.05.01 15:46:08 | 000,171,144 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiH040B.sys -- (SaiH040B)
DRV:64bit: - [2007.05.01 15:46:08 | 000,034,304 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiU040B.sys -- (SaiU040B)
DRV - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1F DA 69 19 26 B1 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@ilok.com/iLokHelper,version=3.1.0.7: C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll ( PACE Anti-Piracy, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.com/RCplugin: C:\Users\andi\AppData\LocalLow\raidcall\plugins\webplugin_en.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\andi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\andi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\andi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Browser\Mozilla Firefox\components [2012.04.06 11:16:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Browser\Mozilla Firefox\plugins [2012.09.04 15:58:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.25 13:38:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.09.04 15:58:29 | 000,000,000 | ---D | M]
 
[2010.10.02 16:36:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\Extensions
[2010.10.02 16:36:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009.06.13 16:24:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\Firefox\Profiles\gmiqs0b3.default\extensions
[2011.06.15 09:58:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\Firefox\Profiles\s9f4tyf2.default\extensions
[2010.10.01 22:37:09 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\andi\AppData\Roaming\mozilla\Firefox\Profiles\s9f4tyf2.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2012.09.17 08:58:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\Firefox\Profiles\zcddboys.default\extensions
[2012.04.24 22:40:36 | 000,000,000 | ---D | M] (Site Launcher) -- C:\Users\andi\AppData\Roaming\mozilla\Firefox\Profiles\zcddboys.default\extensions\{20291fcc-1471-46c8-8213-5911f5ce6d67}
[2010.10.03 14:34:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\andi\AppData\Roaming\mozilla\Firefox\Profiles\zcddboys.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.03 21:32:08 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\andi\AppData\Roaming\mozilla\Firefox\Profiles\zcddboys.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011.03.03 21:32:07 | 000,000,000 | ---D | M] ("2 Pane Bookmarks") -- C:\Users\andi\AppData\Roaming\mozilla\Firefox\Profiles\zcddboys.default\extensions\{FD61379B-066A-4afc-89DE-89FB24D907C2}
[2011.03.03 21:32:10 | 000,000,000 | ---D | M] (VideoTap) -- C:\Users\andi\AppData\Roaming\mozilla\Firefox\Profiles\zcddboys.default\extensions\flvripper@harsha
[2012.03.27 20:07:00 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\andi\AppData\Roaming\mozilla\Firefox\Profiles\zcddboys.default\extensions\inspector@mozilla.org
[2012.09.17 08:58:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\Firefox\Profiles\zcddboys.default\extensions\staged
[2011.11.07 17:09:26 | 000,010,102 | ---- | M] () (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\zcddboys.default\extensions\amazononclick@martin.schreiber.xpi
[2012.02.23 14:11:32 | 000,018,789 | ---- | M] () (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\zcddboys.default\extensions\contextMenuExtension@leo.org.xpi
[2012.08.06 20:36:29 | 001,335,949 | ---- | M] () (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\zcddboys.default\extensions\firebug@software.joehewitt.com.xpi
[2012.08.06 20:36:29 | 000,159,870 | ---- | M] () (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\zcddboys.default\extensions\status4evar@caligonstudios.com.xpi
[2011.12.20 18:02:43 | 000,275,540 | ---- | M] () (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\zcddboys.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2012.09.17 08:58:37 | 000,527,915 | ---- | M] () (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\zcddboys.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.02.23 14:11:33 | 000,279,187 | ---- | M] () (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\zcddboys.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
[2012.01.06 21:24:08 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\zcddboys.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.10.30 22:04:39 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\zcddboys.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012.09.17 08:58:36 | 000,163,080 | ---- | M] () (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\zcddboys.default\extensions\staged\status4evar@caligonstudios.com.xpi
[2012.09.17 08:58:37 | 000,276,167 | ---- | M] () (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\zcddboys.default\extensions\staged\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2012.09.17 08:58:38 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\zcddboys.default\extensions\staged\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012.09.17 08:58:36 | 000,314,397 | ---- | M] () (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\zcddboys.default\extensions\staged\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
[2012.09.17 08:58:38 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\zcddboys.default\extensions\staged\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
File not found (No name found) -- H:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\andi\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\andi\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\andi\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\andi\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Browser\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Browser\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Browser\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Browser\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Browser\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Browser\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Browser\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Browser\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Browser\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: PACE Client Helper Plugin (Enabled) = C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\andi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Raidcall plugin (Enabled) = C:\Users\andi\AppData\LocalLow\raidcall\plugins\webplugin_en.dll
CHR - Extension: Session Manager = C:\Users\andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi\0.4_0\
CHR - Extension: AdBlock = C:\Users\andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
CHR - Extension: Speed Dial 2 = C:\Users\andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik\1.6.1.2_0\
CHR - Extension: Smooth Gestures = C:\Users\andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld\0.15.4.13_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.15_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ATIModeChange] Ati2mdxx.exe File not found
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Dexpot] C:\Program Files (x86)\Dexpot\dexpot.exe (Dexpot GbR)
O4 - HKCU..\Run: [F.lux] C:\Users\andi\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent File not found
O4 - Startup: C:\Users\andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\caps_lock_changer.exe - Verknüpfung.lnk = G:\Programme\Caps Lock Changer\caps_lock_changer.exe ()
O4 - Startup: C:\Users\andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\andi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ToDoList - Verknüpfung.lnk = G:\Programme\todolist\ToDoList.exe (AbstractSpoon Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08095A4E-E811-4B2C-95D7-9053458CD942}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4408DCA-FD57-4760-A957-85F237B7F84B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.02.27 19:52:29 | 000,000,146 | RH-- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{50d8fa3e-fd5f-11e0-b836-b8ac6f480875}\Shell - "" = AutoRun
O33 - MountPoints2\{50d8fa3e-fd5f-11e0-b836-b8ac6f480875}\Shell\AutoRun\command - "" = H:\_AUTORUN\AUTORUN.EXE
O33 - MountPoints2\{f6638203-cd64-11df-b7ad-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f6638203-cd64-11df-b7ad-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Install_Waves.exe -- [2012.04.02 16:19:51 | 004,450,069 | R--- | M] (Adobe Systems, Inc.)
O33 - MountPoints2\{f6638203-cd64-11df-b7ad-806e6f6e6963}\Shell\Run CD menu\command - "" = F:\Install_Waves.exe -- [2012.04.02 16:19:51 | 004,450,069 | R--- | M] (Adobe Systems, Inc.)
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\_AUTORUN\AUTORUN.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.23 17:25:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\andi\Desktop\OTL.exe
[2012.10.23 17:08:04 | 000,000,000 | ---D | C] -- C:\Users\andi\AppData\Roaming\Malwarebytes
[2012.10.23 17:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.23 17:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.23 17:07:51 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.23 17:07:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.19 11:17:40 | 000,000,000 | ---D | C] -- C:\Users\andi\AppData\Roaming\AudioMulch
[2012.10.13 11:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.10.13 11:22:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.10.10 09:27:07 | 005,505,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.10.10 09:27:07 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.10.10 09:27:07 | 003,902,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.10.10 09:27:00 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.10.10 09:26:13 | 001,462,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.10.10 09:26:13 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.10.09 00:51:56 | 000,000,000 | ---D | C] -- C:\Users\andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YAMB
[2012.10.09 00:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAMB
[2012.10.09 00:51:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YAMB
[2012.10.02 11:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Automatic Duck
[2012.10.01 13:05:09 | 000,000,000 | ---D | C] -- C:\Users\andi\Documents\Adobe Scripts
[2012.09.27 18:57:27 | 000,000,000 | ---D | C] -- C:\Users\andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.09.27 18:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.09.27 18:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.23 19:46:14 | 000,001,891 | ---- | M] () -- C:\Users\andi\Desktop\Logs - Verknüpfung.lnk
[2012.10.23 19:44:57 | 000,000,168 | ---- | M] () -- C:\Users\andi\defogger_reenable
[2012.10.23 19:38:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.23 19:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.23 19:23:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3536413052-1497961762-845648814-1001UA.job
[2012.10.23 17:30:39 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.23 17:30:39 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.23 17:24:45 | 000,001,056 | ---- | M] () -- C:\Users\andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.10.23 17:23:02 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.23 17:22:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.23 17:22:08 | 1071,837,182 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.23 17:19:22 | 000,050,477 | ---- | M] () -- C:\Users\andi\Desktop\Defogger.exe
[2012.10.23 17:18:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\andi\Desktop\OTL.exe
[2012.10.23 17:07:53 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.23 16:01:13 | 083,023,306 | ---- | M] () -- C:\ProgramData\arepo.pad
[2012.10.22 20:23:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3536413052-1497961762-845648814-1001Core.job
[2012.10.10 19:24:22 | 000,002,486 | ---- | M] () -- C:\Users\andi\Desktop\Google Chrome.lnk
[2012.10.10 18:44:13 | 000,001,295 | ---- | M] () -- C:\Users\andi\Desktop\content - Verknüpfung.lnk
[2012.10.10 09:16:51 | 005,080,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.09 16:30:14 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.09 16:30:14 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.10.09 00:51:56 | 000,000,957 | ---- | M] () -- C:\Users\andi\Desktop\Yamb.lnk
[2012.10.09 00:15:03 | 000,300,428 | ---- | M] () -- C:\Users\andi\Desktop\2120254 Simone Maurer-Koch.pdf
[2012.10.07 23:16:18 | 001,644,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.07 23:16:18 | 000,707,916 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.07 23:16:18 | 000,661,512 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.07 23:16:18 | 000,153,402 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.07 23:16:18 | 000,125,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.23 19:46:14 | 000,001,891 | ---- | C] () -- C:\Users\andi\Desktop\Logs - Verknüpfung.lnk
[2012.10.23 19:44:57 | 000,000,168 | ---- | C] () -- C:\Users\andi\defogger_reenable
[2012.10.23 17:25:14 | 000,050,477 | ---- | C] () -- C:\Users\andi\Desktop\Defogger.exe
[2012.10.23 17:24:45 | 000,001,056 | ---- | C] () -- C:\Users\andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.10.23 17:07:53 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.23 15:55:38 | 083,023,306 | ---- | C] () -- C:\ProgramData\arepo.pad
[2012.10.10 18:44:13 | 000,001,295 | ---- | C] () -- C:\Users\andi\Desktop\content - Verknüpfung.lnk
[2012.10.09 00:51:56 | 000,000,957 | ---- | C] () -- C:\Users\andi\Desktop\Yamb.lnk
[2012.10.09 00:15:01 | 000,300,428 | ---- | C] () -- C:\Users\andi\Desktop\2120254 Simone Maurer-Koch.pdf
[2012.07.23 13:41:45 | 000,000,081 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MPluginConfiguration.xml
[2012.07.07 14:07:23 | 000,001,734 | ---- | C] () -- C:\Users\andi\.recently-used.xbel
[2012.07.04 09:59:42 | 000,041,993 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MBandPasspresets.xml
[2012.07.04 09:59:42 | 000,013,158 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MOscillatorpresets.xml
[2012.07.04 09:59:42 | 000,006,687 | ---- | C] () -- C:\Users\andi\AppData\Roaming\menvelopepresets.xml
[2012.07.04 09:59:42 | 000,005,622 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MNoiseGeneratorpresets.xml
[2012.07.04 09:59:42 | 000,004,624 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MGranularPitchSequencespresets.xml
[2012.07.04 09:59:42 | 000,002,820 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MEqualizerAreasEditorpresets.xml
[2012.07.04 09:59:42 | 000,002,492 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MSpectralAnalyzerPrefilterpresets.xml
[2012.07.04 09:59:42 | 000,001,235 | ---- | C] () -- C:\Users\andi\AppData\Roaming\mbasestyleconfigurationpresets.xml
[2012.07.04 09:59:42 | 000,001,011 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MValueToColor5presets.xml
[2012.07.04 09:59:42 | 000,000,894 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MGranularTransformationspresets.xml
[2012.05.27 13:02:25 | 000,000,106 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012.05.02 13:34:28 | 000,000,051 | ---- | C] () -- C:\Users\andi\.gtkrc-2.0
[2012.04.26 14:45:53 | 000,001,473 | ---- | C] () -- C:\Users\andi\AppData\Local\RecConfig.xml
[2012.03.27 16:44:48 | 000,000,088 | ---- | C] () -- C:\Users\andi\AppData\Roaming\SplineEQ Preferences.dat
[2012.03.06 17:56:42 | 000,001,824 | ---- | C] () -- C:\Windows\lightworks.ini
[2012.01.16 17:49:40 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.01.16 17:49:40 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.08 21:08:35 | 000,000,288 | ---- | C] () -- C:\Users\andi\AppData\Roaming\.backup.dm
[2011.11.29 17:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.11.22 11:50:14 | 000,000,507 | ---- | C] () -- C:\Users\andi\Galician
[2011.10.28 01:17:00 | 000,000,001 | ---- | C] () -- C:\Users\andi\AppData\Roaming\.sunvox_files_preview
[2011.10.28 01:16:55 | 000,000,111 | ---- | C] () -- C:\Users\andi\AppData\Roaming\.sunvox_opensample
[2011.10.28 01:09:19 | 000,000,087 | ---- | C] () -- C:\Users\andi\AppData\Roaming\.sunvox_song_s
[2011.10.28 00:38:04 | 000,000,005 | ---- | C] () -- C:\Users\andi\AppData\Roaming\.sunvox_pateditor
[2011.10.28 00:38:01 | 000,000,001 | ---- | C] () -- C:\Users\andi\AppData\Roaming\.sunvox_colortheme
[2011.08.09 15:26:04 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\_Z2
[2011.08.02 19:14:16 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.08.02 19:14:12 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.08.02 19:14:12 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.07.10 12:22:35 | 000,038,922 | ---- | C] () -- C:\Windows\4ORM-DEMO-DX.ini
[2011.03.24 03:07:35 | 017,244,204 | ---- | C] () -- C:\Users\andi\ts3_recording_11_03_24_2_7_33.wav
[2011.03.22 13:38:59 | 000,000,001 | -H-- | C] () -- C:\Windows\mulch200.ini
[2011.02.18 22:44:01 | 000,005,138 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MWaveShaperpresets.xml
[2011.02.18 22:44:01 | 000,003,771 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MRingModulatorpresets.xml
[2011.02.18 22:44:01 | 000,002,775 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MStereoExpanderpresets.xml
[2011.02.18 22:44:01 | 000,002,666 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MVibratopresets.xml
[2011.02.18 22:44:01 | 000,002,366 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MTremolopresets.xml
[2011.02.18 22:44:00 | 000,191,692 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MAnalyzerpresets.xml
[2011.02.18 22:44:00 | 000,013,964 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MFlangerpresets.xml
[2011.02.18 22:44:00 | 000,009,119 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MFreqShifterpresets.xml
[2011.02.18 22:44:00 | 000,007,130 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MEqualizerpresets.xml
[2011.02.18 22:44:00 | 000,006,444 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MCompressorpresets.xml
[2011.02.18 22:44:00 | 000,004,362 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MPhaserpresets.xml
[2011.02.18 22:44:00 | 000,001,907 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MAutopanpresets.xml
[2011.02.18 22:44:00 | 000,001,381 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MLimiterpresets.xml
[2011.01.17 23:22:44 | 000,003,584 | ---- | C] () -- C:\Users\andi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.02 00:13:16 | 000,749,226 | ---- | C] () -- C:\Users\andi\Modes-Seite1.bmp
[2010.12.02 00:12:51 | 000,186,750 | ---- | C] () -- C:\Users\andi\Modes.sla
[2010.11.05 16:39:31 | 000,610,677 | ---- | C] () -- C:\Users\andi\.fonts.cache-1
[2010.10.19 16:20:49 | 000,008,956 | ---- | C] () -- C:\Users\andi\AppData\Local\Temp19.html
[2010.10.19 16:20:33 | 000,000,778 | ---- | C] () -- C:\Users\andi\AppData\Local\Temp1.html
[2010.10.02 02:20:32 | 000,000,092 | ---- | C] () -- C:\Users\andi\AppData\Local\fusioncache.dat
[2010.10.01 23:11:49 | 000,000,114 | ---- | C] () -- C:\ProgramData\.vslscantool_path
[2010.10.01 23:11:49 | 000,000,098 | ---- | C] () -- C:\ProgramData\.vsldaemon_path
 
========== ZeroAccess Check ==========
 
[2012.08.10 23:32:56 | 000,000,596 | ---- | M] () -- C:\Users\andi\AppData\Roaming\Thunderbird\Profiles\e2rct1wy.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0CFF5F08
@Alternate Data Stream - 1154 bytes -> C:\Users\andi\AppData\Local\A4YmXxh1nzQyCd:zO7x4VRAs5GTAlZERLdwY5nuk9OB
@Alternate Data Stream - 1145 bytes -> C:\ProgramData\Microsoft:5iWe1g3eByWUyKx9Swzvet
@Alternate Data Stream - 1141 bytes -> C:\Users\andi\AppData\Local\eDicRLhE1fGoJ:QmgfuY1ac9elqsEpw7CztYlil
@Alternate Data Stream - 1126 bytes -> C:\ProgramData\Microsoft:Puq5k0OFSXn8m5DJp1By1qH9
@Alternate Data Stream - 1081 bytes -> C:\Users\andi\AppData\Local\Temp:Yb5KS5M18fEVrqnpPcrYslq
@Alternate Data Stream - 1080 bytes -> C:\Users\andi\AppData\Local\Temp:D342CMV7XQsIsFO3nh3ealz0
@Alternate Data Stream - 1069 bytes -> C:\ProgramData\Microsoft:5fYWLFCYUplmxKNCy
@Alternate Data Stream - 1068 bytes -> C:\Users\andi\AppData\Local\Temp:rSLJYqbiC2ewwtbn4v21wdizW3
@Alternate Data Stream - 1019 bytes -> C:\ProgramData\Microsoft:QII3WIYAXZlFukjgoqNQu5RnI

< End of report >
         
Das Malwarebytes Anti Malware Log:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.23.05

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
andi :: LIMATUII [Administrator]

Schutz: Aktiviert

23.10.2012 17:29:42
mbam-log-2012-10-23 (17-29-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 885361
Laufzeit: 2 Stunde(n), 9 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         


Alt 25.10.2012, 13:41   #6
Limatu
 
Trojan.Delf in "C:\ProgramData\lsass.exe" - Standard

Trojan.Delf in "C:\ProgramData\lsass.exe"



Und das Extras logfile:
Code:
ATTFilter
OTL Extras logfile created on: 23.10.2012 20:01:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\andi\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
12,00 Gb Total Physical Memory | 7,24 Gb Available Physical Memory | 60,38% Memory free
23,99 Gb Paging File | 19,34 Gb Available in Paging File | 80,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 266,76 Gb Free Space | 57,27% Space Free | Partition Type: NTFS
Drive D: | 465,15 Gb Total Space | 58,42 Gb Free Space | 12,56% Space Free | Partition Type: NTFS
Drive F: | 776,90 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 465,76 Gb Total Space | 206,14 Gb Free Space | 44,26% Space Free | Partition Type: NTFS
Drive J: | 3,73 Gb Total Space | 1,30 Gb Free Space | 34,88% Space Free | Partition Type: FAT32
 
Computer Name: LIMATUII | User Name: andi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00519D1F-3E94-4A68-8F71-096AA17F0095}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{115633FC-9A8B-4C40-B23E-3EB5AA641D71}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{16533A39-43B6-4F96-821E-C2ECABB90B00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{18F48CEF-9C18-4E09-9BF4-0D1D3DB02913}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1C4A186F-46BF-480B-8039-60B096FE91B7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{1D8B2E6C-E47F-4B20-9C5C-F0999CBA7A9D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1E1E502C-CAAC-405E-971F-D169AF1E847F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{21D98E40-AA4B-45D1-B899-CB80C928CE3E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{38D952BC-AF71-430D-9FD3-3F453B51ACAA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4FFD8DC6-A2C4-4708-9423-61229DF5F02C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{50C00EC0-5E52-4A50-AA0B-DDD7BAB9CA23}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5A089E9F-4DF6-4855-B632-29EB3418B1E1}" = lport=56295 | protocol=17 | dir=in | name=pando media booster | 
"{6592165D-3041-4A54-B305-D0EBBD932D2F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6B340117-C645-42FE-BD27-5CEE33FBD428}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7E64B645-22B7-41DF-9DD1-F69FAF9E6C76}" = rport=139 | protocol=6 | dir=out | app=system | 
"{80290C4F-55B7-4620-A585-AA5CC91CE040}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{84A23465-77A1-4300-B027-0EEB8BBC3CF5}" = lport=56295 | protocol=17 | dir=in | name=pando media booster | 
"{9286C330-C53B-4280-B8DA-284386E7335F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{97622DF9-0761-4474-97A5-64D10422E479}" = lport=56295 | protocol=6 | dir=in | name=pando media booster | 
"{A61431DF-8D75-470B-B4E0-BC40C3AC2F4E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{AA54E879-6EE4-4405-99AF-B4DE42B1B123}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AFA8E610-DA27-49C4-84BF-F09AB115CD7E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B53E4509-1E81-4158-9C8E-4D407B2B1AB0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B84796DC-EE0C-4293-A3FD-6BA72CFF9BDD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BE216B02-BE74-463D-A577-01D042EA43A9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{BE5AC180-060E-4850-A1C0-0FEF7E2F8DCF}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{BF83858A-C4B3-4B12-B5F3-9BB2CA9BDBAC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C21214D3-568B-4697-B721-BFCF19E01894}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C9833E44-5E38-401F-BA09-5704E9341709}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DA553877-F536-4684-88EB-E085205679B1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E4187078-1192-452A-ACC1-5DD396C889A7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E4E25C6E-7AE4-45EA-BFF0-39D6E8FACA8E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E52548B3-B361-44EF-8F2F-CC5D87D25996}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F555653D-8E2B-4160-8066-8C5B9DDBDC5B}" = lport=56295 | protocol=6 | dir=in | name=pando media booster | 
"{F9BC5F8A-BD66-4814-859C-92EC7C8350C2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F9E18D3D-C808-41B9-A914-2E32CF19ECF7}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0104CF4F-634F-44FF-B551-78F99B546406}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{02569D7A-5626-484E-9F6C-DBDF3745388C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{0261138A-E398-46AA-8D08-110E54B2F6F6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{0275753B-4B70-4A6E-8B8F-23FBFF596736}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{05134907-6F8C-4AE9-A14D-6CCBCEEBB139}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{06C5BC6A-2C24-4181-A09C-D7E8FB1678D0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{07C41F1F-E692-42C1-9FA4-DF319ECE0F20}" = protocol=17 | dir=in | app=c:\users\andi\appdata\roaming\dropbox\bin\dropbox.exe | 
"{091F23E4-C23B-48C6-9619-B8934C474D2D}" = protocol=6 | dir=in | app=c:\program files (x86)\ejamming\ejammingaudiio\ejammingaudiio.exe | 
"{097ECABD-83D7-4CA5-AB9A-D6F6FE8BACD4}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{0EC8A1D7-DC26-4297-ACCC-09A5EAFC58CC}" = protocol=17 | dir=in | app=g:\spiele\dragon age\bin_ship\daupdatersvc.service.exe | 
"{1024CFC7-A713-4035-BC05-C01CD11A14B2}" = protocol=17 | dir=in | app=g:\spiele\dragon age\bin_ship\daorigins.exe | 
"{106B62AC-7BC4-4340-A2E4-9F5D6853844F}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe | 
"{15A92AB0-F3AE-4A33-9D19-FF96DFA75790}" = protocol=17 | dir=in | app=c:\program files (x86)\llcon\llcon.exe | 
"{168583B0-9D05-4E1B-9DEC-20652BC54396}" = protocol=17 | dir=in | app=c:\program files (x86)\ejamming\ejammingaudiio\ejammingaudiio.exe | 
"{17A2A586-0217-49EC-9DDA-ECFEA95D7521}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{1BBD0ED6-7EA9-4E6F-B621-25C8F8A21DB6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{1BF2D7C1-40B5-4E67-A330-230D13151576}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1DEBE5D3-A280-4FDB-86B1-7461E3C3F9AF}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{20BB5042-958C-4949-99D8-22C17468DCB9}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | 
"{21EE659C-0661-4447-93AA-8C28A2943403}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{22FB13D5-A160-4FA4-B651-2CB2D985A736}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{242DDD41-BBF2-471B-9D09-B31335A3BA7D}" = protocol=6 | dir=in | app=c:\users\andi\appdata\roaming\dropbox\bin\dropbox.exe | 
"{24E1454B-E970-496D-B249-8F9AD778FEDE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2770A4D3-6C65-464B-B4BD-8D7457417F7D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{29B397D6-4003-4B1A-8B17-C3FE30AB2E2E}" = protocol=17 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"{29D518F3-8BA4-49D4-82E9-D0F44B4F2352}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{2B544DAA-46A0-48AC-96D5-94CDD8B1022B}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe | 
"{2B927ADD-68F3-426B-A51A-39568EA40318}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{2E1F86A8-0BD9-420C-9A59-44E00A2CE99B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2E673550-4128-424A-8EAC-B459BCF34748}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{2EA3CB4B-F0F1-4695-8FCD-3F83AD76BE22}" = protocol=6 | dir=in | app=g:\spiele\wow 3.3\launcher.patch.exe | 
"{306648E3-5E20-4109-AAEF-A954E79542AA}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe | 
"{318E00C1-C9FE-473D-8061-0EBAAA3360B3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{320DB64D-2562-4932-A28D-E8D10CCC34E8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{32408159-92AD-472E-AEDC-974C2FE1F8C8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{33149C40-5616-409F-B161-48B51F0C6B4C}" = protocol=6 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"{33203BE1-6EEA-4967-BBCC-9122B8C76219}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe | 
"{353FBAE6-88A4-48FB-8780-8A8EA3D015DA}" = protocol=17 | dir=in | app=c:\program files (x86)\supercollider\scsynth.exe | 
"{3BB86562-9CA9-4F65-9176-2A69C3D1D4B0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3C3353C7-AE3D-4F1C-8626-AE23B6F82897}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3D684743-B4C2-40F8-B5B6-42E47598AD27}" = protocol=17 | dir=in | app=g:\spiele\s2g\s25client.exe | 
"{40699997-FD47-49AC-B43C-160DAC68568E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{42A60764-546E-410C-9FFF-FFEFACE78B8D}" = protocol=6 | dir=in | app=c:\users\andi\downloads\diablo-iii-setup-dede.exe | 
"{446B8C12-1FD6-43F4-92DD-73D95CC2F35B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{453A0CEE-AF28-48FB-AB21-33AB30F56156}" = protocol=17 | dir=in | app=c:\users\andi\downloads\diablo-iii-setup-dede.exe | 
"{474A1201-CEF5-46AB-90FF-2BC421B24726}" = protocol=6 | dir=in | app=c:\program files (x86)\titanium studio\plugins\com.appcelerator.titanium.python.win32_1.0.0.1312318466\python\python.exe | 
"{498F224F-5EFD-4523-A4D1-459A3C707931}" = protocol=17 | dir=in | app=c:\program files (x86)\resolume arena 4.0.1\arena.exe | 
"{5301EB8C-389E-46B5-8A82-2FC632088AE1}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe | 
"{543D3772-FCAA-44AE-9D68-C64B1D30AFF3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{5568F62C-9254-4FD8-A2D9-D7B0CA9BB0F2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{58147284-649A-4856-9517-F6BB3B38F3AE}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{58AD5B7E-C186-44DD-A8A8-60F2A2503EBD}" = protocol=6 | dir=in | app=g:\spiele\dragon age\daoriginslauncher.exe | 
"{5C40D7FC-E875-4914-A4C6-5402D4ABF741}" = protocol=6 | dir=in | app=c:\program files (x86)\resolume arena 4.0.1\arena.exe | 
"{5D5E0A64-756B-41D5-ABFA-1E36320C33DC}" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"{5D6A9DC7-C17B-4969-B380-C5652394B9AE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{5E398A89-B92F-45E8-AB7A-E25C410E6440}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{63DA849E-112F-47FB-B7D0-AF78D6EC8742}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{655B1082-8E32-44E5-8B55-514D84C9E105}" = protocol=17 | dir=in | app=c:\users\andi\appdata\roaming\dropbox\bin\dropbox.exe | 
"{65FD817B-0AFD-40C8-A3F7-22C0362A9E3D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{67EDA2DB-EC83-49D4-B15B-FCAB592F9ABD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6A88F3D3-AE02-44FA-9489-EFCEF66A7A53}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe | 
"{6BBE4C0A-850F-4866-95B2-624AA8C12B68}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6FEB6C07-E923-410D-882D-C1CC509408F9}" = protocol=6 | dir=in | app=g:\spiele\s2g\s25client.exe | 
"{70910855-9A5C-4439-90E8-A6E283F36366}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{7507CC90-2751-4770-89D4-F41A82B544D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{75E649F2-F968-4275-B5DA-9D284FE64235}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{768DA5D6-378D-4D1A-B464-CF4D77AB87C6}" = protocol=6 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe | 
"{78E79913-753C-46E3-8155-669CC0E731A5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{79443084-ADB3-4C8F-86B2-399F898D9360}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7A22D288-F722-4780-936F-B1DB2AA195A9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{7D5FE493-1A86-4A4A-B686-19F0825C086F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{81923FD3-691F-46AE-96FE-0A0C0F926585}" = protocol=17 | dir=in | app=g:\spiele\wow 3.3\launcher.exe | 
"{834C366E-5ACD-4C80-9472-4E382B1FC335}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{84F0C925-5ACA-4CB7-97E7-3FC146DB052E}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe | 
"{87DE59AF-905C-4F09-B813-49DAF06F3686}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{92F82202-FE37-4FB2-A318-3CC8D72F2870}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe | 
"{955E6C57-6AE8-4A7E-A627-1CEFFD53586E}" = protocol=6 | dir=in | app=g:\spiele\dragon age\bin_ship\daupdatersvc.service.exe | 
"{95D2BD0E-70E3-476C-831A-CEA523F99912}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{9873E61D-BF91-4398-B79B-9D3CCE4D6455}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{999142A6-3E08-4C15-A4FC-E03FD5073EB3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{9B8188AE-80C0-4397-AB7C-12340A469581}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{9E378F41-88AD-48E0-8CB7-356B3136C5CE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A35635C3-DA78-4919-88C4-3ACEE0745B52}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A3D4BD62-2E32-47B5-86A2-49F61BA976D6}" = protocol=17 | dir=in | app=g:\spiele\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{A57DEB50-99D7-4983-A1AD-2965AC1981BC}" = protocol=6 | dir=in | app=c:\program files (x86)\supercollider\supercollider.exe | 
"{AA5AF31E-94C8-489F-BAB8-99ED416159E3}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe | 
"{ACAAA1B8-D72D-4BC0-8F4D-45AA2FC3AAA4}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe | 
"{ADA2FC9D-6567-4BCF-A1CD-DB23248D8A68}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AF2866D3-7E62-4AAE-8A5A-AD755756D7D0}" = protocol=17 | dir=in | app=c:\program files (x86)\titanium studio\plugins\com.appcelerator.titanium.python.win32_1.0.0.1312318466\python\python.exe | 
"{AF8E68BF-31D7-465D-9F7B-D518BCDE69BF}" = protocol=17 | dir=in | app=c:\program files\autodesk\maya2012\bin\maya.exe | 
"{B0089A06-0FC7-483E-9D25-80B57B058BB1}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe | 
"{B0D94B9E-D1A3-49A7-B26D-BE2BC70F19B9}" = protocol=17 | dir=in | app=g:\programme\pd\bin\pd.exe | 
"{B1161120-3BE0-4D85-8F97-924FD774C5B6}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{B863FB8C-0F1D-431B-A5A3-CFF45C5E8503}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{BDD23699-0B08-4B0F-B39F-E194882487E2}" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe | 
"{BF091B5F-6490-4456-93A7-3B559734908A}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{C381B82A-DB89-423A-A67A-97D26D76BF1C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{C3CF2161-574B-4CBA-AF9E-586E0DBE8DFA}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe | 
"{C497D22C-81C0-49C2-9789-AC379F0BD9F4}" = protocol=6 | dir=in | app=c:\program files (x86)\llcon\llcon.exe | 
"{C507394B-C162-4070-9819-1179B478AA07}" = protocol=17 | dir=in | app=g:\spiele\wow 3.3\launcher.patch.exe | 
"{CB7693A6-30D8-473A-970D-C8FEFD2005FE}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe | 
"{CD78B4B0-DCB4-4A8A-BFF2-94D4DA49F23E}" = protocol=6 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"{CFAA9A35-7043-4F8C-94B6-22F6B49D7702}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{D02706E6-E35B-4891-B8C2-561A41F630E0}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe | 
"{D06F223F-F6D6-4E41-9A42-5E58F627B320}" = protocol=6 | dir=out | app=system | 
"{D10AE5FD-6ECD-4792-844C-E55FCCD337F8}" = protocol=17 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"{D36FCFE7-850D-4B66-9E04-7AC54CE175FD}" = protocol=17 | dir=in | app=c:\program files (x86)\titanium studio\titaniumstudio.exe | 
"{D48AC1DA-2F03-485A-B780-3CB0C9CA2FFB}" = protocol=6 | dir=in | app=g:\spiele\wow 3.3\launcher.exe | 
"{D55D1871-FFAE-412A-9D3F-5762B46C6A36}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{D8314EED-0397-4E0C-84AE-B149614AF476}" = protocol=6 | dir=in | app=g:\spiele\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{D8BB7AAB-5702-471C-B6C4-2ED7520E49B2}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{D9ED6927-111B-49A5-865A-2B60E7CC84D4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{DA427389-67D6-44A9-A0BD-E3C0368FEA39}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{DBD25050-D9C6-4D0D-B8E6-BF50FFBD5184}" = protocol=6 | dir=in | app=g:\spiele\dragon age\bin_ship\daorigins.exe | 
"{DCDA2C48-A78B-44FB-B090-4A0E2DA34E16}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | 
"{DDCAB741-9371-4942-A3D7-1008AB22825F}" = protocol=17 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe | 
"{DDF5EE21-B10F-4885-AA93-E17FE39102A1}" = protocol=6 | dir=in | app=g:\programme\pd\bin\pd.exe | 
"{DE0F355B-D24E-461C-81E4-81A42A65F0A3}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{E0294EDA-5A06-4CFC-A29D-8BBABC0AC7B3}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E3B4F17C-ECEA-44B1-87F8-C2CDCC838B68}" = protocol=17 | dir=in | app=g:\spiele\dragon age\daoriginslauncher.exe | 
"{E506CCAE-4AE7-4770-B370-3436741A1461}" = protocol=6 | dir=in | app=c:\program files (x86)\titanium studio\titaniumstudio.exe | 
"{EB28C41E-368B-4AA1-8499-F71B76DC2C3B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{EE7A7C91-BDF0-481B-88A8-771046B94DC4}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{F1A249DF-9714-4EA3-A028-5835F328E816}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F2D9217B-7321-4D84-921F-05EDDE7159F7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{F5198846-ADF9-43EF-8B5E-582F738D091C}" = protocol=6 | dir=in | app=c:\program files (x86)\supercollider\scsynth.exe | 
"{F5AD0FC0-073D-4671-9D2E-66CA5660133D}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{F8C781A7-4F3D-43C3-B163-9CFEFD0D00EE}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe | 
"{FD2D3748-F8C5-4B23-8D27-11DE63BD245E}" = protocol=6 | dir=in | app=c:\users\andi\appdata\roaming\dropbox\bin\dropbox.exe | 
"{FD560388-EDD5-4889-8C67-3096F2296A40}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe | 
"{FDA77B1F-7B60-47F3-921C-E3F85AA5A9E2}" = protocol=17 | dir=in | app=c:\program files (x86)\supercollider\supercollider.exe | 
"{FDB5F3A8-7095-40D8-98CC-F301C194A3D2}" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe | 
"{FE04700A-DDA2-480D-9408-31C0439E978F}" = protocol=6 | dir=in | app=c:\program files\autodesk\maya2012\bin\maya.exe | 
"{FE601A38-B25B-4071-ABC2-F7BF6E74AD3F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{FF8DE50F-3B04-4AC5-94F3-3028D9EBEF25}" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{0A6B471D-CA89-4571-AA0A-CD1277C906A4}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{1053968D-1850-44F7-B6AE-AF4B803C9ADD}G:\spiele\wow 3.3\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.0.1.2210-enus-tools-downloader.exe | 
"TCP Query User{192F0673-C4C1-4B4E-B3F6-CF8A257064C7}C:\program files\steinberg\cubase 5\cubase5.exe" = protocol=6 | dir=in | app=c:\program files\steinberg\cubase 5\cubase5.exe | 
"TCP Query User{1AACCDF7-B271-4797-A25D-C54F25CDFECD}C:\program files\steinberg\cubase 5\components\vstbridgeapp.exe" = protocol=6 | dir=in | app=c:\program files\steinberg\cubase 5\components\vstbridgeapp.exe | 
"TCP Query User{1CF4208A-F19D-45ED-A807-880E718A2A1F}G:\spiele\wow 3.3\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"TCP Query User{2FD19F1F-EC23-4BB7-8E0A-B86B8CDC6F37}G:\spiele\wow 3.3\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"TCP Query User{3D1288EF-3BA7-49AE-AED1-5F8EF2C8B28A}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{3E3F71FB-3849-4317-8681-8D590CBDC355}C:\program files (x86)\titanium studio\titaniumstudio.exe" = protocol=6 | dir=in | app=c:\program files (x86)\titanium studio\titaniumstudio.exe | 
"TCP Query User{3E8340A3-0D3F-4D98-ACE8-FF728E55F10B}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe | 
"TCP Query User{3F8B992C-409B-4DC3-B296-4AF3EF2E8258}G:\spiele\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=g:\spiele\dragon age\bin_ship\daorigins.exe | 
"TCP Query User{4156993C-B349-42EE-AB7A-9F7A04AF051C}C:\program files (x86)\browser\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\browser\mozilla firefox\firefox.exe | 
"TCP Query User{43D4D33F-6635-4B19-9C79-063E34DA52A6}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"TCP Query User{451663A4-5C73-4AD2-9187-25F13A0F8455}C:\program files (x86)\resolume arena 4.0.1\arena.exe" = protocol=6 | dir=in | app=c:\program files (x86)\resolume arena 4.0.1\arena.exe | 
"TCP Query User{46266D2B-93C8-4E4B-AD15-CA6DB1AC3B01}C:\program files\autodesk\maya2012\bin\maya.exe" = protocol=6 | dir=in | app=c:\program files\autodesk\maya2012\bin\maya.exe | 
"TCP Query User{570291F4-02E7-400F-90CF-B21BD771F624}C:\program files (x86)\novation\automap\automapserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\novation\automap\automapserver.exe | 
"TCP Query User{67CF12DB-BC0D-4AE0-BBED-BA5486488E4B}C:\program files (x86)\supercollider\supercollider.exe" = protocol=6 | dir=in | app=c:\program files (x86)\supercollider\supercollider.exe | 
"TCP Query User{68854F91-657C-4D58-9C41-C4A813B83BEE}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"TCP Query User{6B61D72C-CC47-4FD6-8C4D-FB72582506D7}G:\spiele\wow 3.3\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.1.0.2317-enus-tools-downloader.exe | 
"TCP Query User{7F892D91-253D-44B6-8434-330A9A1489F8}C:\program files (x86)\steinberg\cubase 5\cubase5.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steinberg\cubase 5\cubase5.exe | 
"TCP Query User{808D57F8-5728-4390-B795-4C0A73E10825}G:\spiele\wow 3.3\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 
"TCP Query User{85571439-433A-43EA-B5A9-61FAEBD00A9C}C:\users\andi\downloads\diablo-iii-setup-dede.exe" = protocol=6 | dir=in | app=c:\users\andi\downloads\diablo-iii-setup-dede.exe | 
"TCP Query User{87C8C450-16B5-41B9-B945-EAC69D22B6D5}G:\focusnatura\wp-portable-3-0 - kopie (2)\bin\mysql\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=g:\focusnatura\wp-portable-3-0 - kopie (2)\bin\mysql\bin\mysqld-nt.exe | 
"TCP Query User{8A8ABD29-4890-4FAC-8101-0882347899A2}G:\spiele\s2g\s25client.exe" = protocol=6 | dir=in | app=g:\spiele\s2g\s25client.exe | 
"TCP Query User{8C2ECF2C-02D3-4F31-B710-F1053D1C1B5A}G:\programme\pd\bin\pd.exe" = protocol=6 | dir=in | app=g:\programme\pd\bin\pd.exe | 
"TCP Query User{8D8C7FF8-A0CE-46C2-899A-80764B90FA6B}C:\program files (x86)\ejamming\ejammingaudiio\ejammingaudiio.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ejamming\ejammingaudiio\ejammingaudiio.exe | 
"TCP Query User{8EA3E7D1-EB69-4831-89A4-11FC0FBE4D57}G:\spiele\lotro\lotroclient.exe" = protocol=6 | dir=in | app=g:\spiele\lotro\lotroclient.exe | 
"TCP Query User{968E1D23-ED12-458B-866D-5F07B55664DD}C:\program files (x86)\titanium studio\plugins\com.appcelerator.titanium.python.win32_1.0.0.1312318466\python\python.exe" = protocol=6 | dir=in | app=c:\program files (x86)\titanium studio\plugins\com.appcelerator.titanium.python.win32_1.0.0.1312318466\python\python.exe | 
"TCP Query User{982FF87E-52E0-461D-A714-82B78658DD7E}G:\spiele\wow 3.3\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=6 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe | 
"TCP Query User{A0FF5AA6-F45A-4E38-91E4-94736244F898}C:\program files (x86)\unity\editor\unity.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe | 
"TCP Query User{A477D3EF-C82A-4AEC-9EB2-1B0F4AC17C1C}G:\spiele\wow 3.3\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.0.0.2104-enus-tools-downloader.exe | 
"TCP Query User{A5379AD3-3EF0-4A5A-892F-ACF297137EF9}G:\spiele\wow 3.3\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 
"TCP Query User{AF25638B-BFCF-406F-8F60-FFEA94BF5CCB}G:\focusnatura\wp-portable-3-0\bin\mysql\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=g:\focusnatura\wp-portable-3-0\bin\mysql\bin\mysqld-nt.exe | 
"TCP Query User{B2E9525D-A8E8-4851-9155-CDEF58B07523}C:\program files (x86)\mediacoder\mediacoder.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediacoder\mediacoder.exe | 
"TCP Query User{B4C3AC87-95A6-40E5-A1BC-2E8B213D920B}G:\focusnatura\wp-portable-3-0\bin\apache2\bin\httpd-wpp.exe" = protocol=6 | dir=in | app=g:\focusnatura\wp-portable-3-0\bin\apache2\bin\httpd-wpp.exe | 
"TCP Query User{BB964709-B58E-4354-B48D-F30BD6CDAAD7}C:\users\andi\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\andi\appdata\local\google\chrome\application\chrome.exe | 
"TCP Query User{C9B0EAF5-5B73-4069-921B-0F5FA5BE2D36}G:\spiele\wow 3.3\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"TCP Query User{D39C2A1C-A0BC-4BFC-B19B-D6D63D93E2B4}G:\spiele\wow 3.3\blizzard downloader.exe" = protocol=6 | dir=in | app=g:\spiele\wow 3.3\blizzard downloader.exe | 
"TCP Query User{D55910BD-7625-495C-9773-B6B195F6DB98}C:\program files (x86)\llcon\llcon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\llcon\llcon.exe | 
"TCP Query User{E118D66C-0AB3-4057-B820-545C9A06CD79}C:\program files (x86)\browser\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\browser\mozilla firefox\plugin-container.exe | 
"TCP Query User{E47FCD71-9223-4430-920B-AB44DA3688D2}C:\program files (x86)\supercollider\scsynth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\supercollider\scsynth.exe | 
"TCP Query User{EF34D796-DCBD-49BC-B66A-EE090C942778}C:\program files (x86)\novation\automap\automapserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\novation\automap\automapserver.exe | 
"TCP Query User{F2B2F985-C67D-450F-B525-4080CEE9F241}G:\focusnatura\wp-portable-3-0 - kopie (2)\bin\apache2\bin\httpd-wpp.exe" = protocol=6 | dir=in | app=g:\focusnatura\wp-portable-3-0 - kopie (2)\bin\apache2\bin\httpd-wpp.exe | 
"TCP Query User{F31FE3B8-E641-49C0-A823-4464B3470DD0}G:\spiele\wow 3.3\backgrounddownloader.exe" = protocol=6 | dir=in | app=g:\spiele\wow 3.3\backgrounddownloader.exe | 
"TCP Query User{F41C7209-4D8B-41BD-B9A1-DF288BBFC80B}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{FB11C145-470A-4BE1-A96F-DB93EB455DAD}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe | 
"UDP Query User{013AF885-B279-48B1-8C26-9D501B47A08A}C:\program files (x86)\titanium studio\plugins\com.appcelerator.titanium.python.win32_1.0.0.1312318466\python\python.exe" = protocol=17 | dir=in | app=c:\program files (x86)\titanium studio\plugins\com.appcelerator.titanium.python.win32_1.0.0.1312318466\python\python.exe | 
"UDP Query User{06654836-D8F8-4850-BD52-0F02534A7D05}G:\focusnatura\wp-portable-3-0\bin\apache2\bin\httpd-wpp.exe" = protocol=17 | dir=in | app=g:\focusnatura\wp-portable-3-0\bin\apache2\bin\httpd-wpp.exe | 
"UDP Query User{070FC759-1778-49B7-8E4A-F4D14879BBBC}G:\spiele\wow 3.3\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=17 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe | 
"UDP Query User{1431537B-DA4A-46DA-B318-A0B02AE6121E}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"UDP Query User{155BC496-EA88-4B52-B345-0904753C2D6E}G:\focusnatura\wp-portable-3-0\bin\mysql\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=g:\focusnatura\wp-portable-3-0\bin\mysql\bin\mysqld-nt.exe | 
"UDP Query User{2344C94C-DF58-4188-A9FD-A4026A825FDD}C:\users\andi\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\andi\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{3699BF9A-2EED-4A02-B0BA-CFAFD90D71AC}G:\spiele\lotro\lotroclient.exe" = protocol=17 | dir=in | app=g:\spiele\lotro\lotroclient.exe | 
"UDP Query User{384462A1-79DB-4B6E-8304-6926090367C9}G:\spiele\wow 3.3\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 
"UDP Query User{45990B92-AD3B-447A-B89F-56ADAC9DC9B2}C:\program files (x86)\ejamming\ejammingaudiio\ejammingaudiio.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ejamming\ejammingaudiio\ejammingaudiio.exe | 
"UDP Query User{4872CFFB-B5BE-4F98-85F6-BE5CAF03CE8C}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe | 
"UDP Query User{53FA5F3C-A357-401B-9DC0-8FB199E6DFFE}C:\program files (x86)\browser\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\browser\mozilla firefox\plugin-container.exe | 
"UDP Query User{59251942-1738-4269-A0D1-260CFAB6485C}G:\spiele\s2g\s25client.exe" = protocol=17 | dir=in | app=g:\spiele\s2g\s25client.exe | 
"UDP Query User{59A385FC-BC17-457E-8720-B095A18DDBD3}C:\program files (x86)\supercollider\scsynth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\supercollider\scsynth.exe | 
"UDP Query User{63937EB9-38E7-4709-86F0-C5CFB9756D34}C:\program files (x86)\browser\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\browser\mozilla firefox\firefox.exe | 
"UDP Query User{6B824D05-C1D9-4AF4-9D71-1EF3994DD895}C:\program files\steinberg\cubase 5\components\vstbridgeapp.exe" = protocol=17 | dir=in | app=c:\program files\steinberg\cubase 5\components\vstbridgeapp.exe | 
"UDP Query User{6D29F3F4-C186-44B6-9376-8F06CE17F966}C:\program files (x86)\novation\automap\automapserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\novation\automap\automapserver.exe | 
"UDP Query User{6F3AACBC-7EEA-4ADA-8784-E22125827108}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{79E2917A-FABE-4D32-938B-D630459E65A5}C:\program files (x86)\supercollider\supercollider.exe" = protocol=17 | dir=in | app=c:\program files (x86)\supercollider\supercollider.exe | 
"UDP Query User{853A1501-5322-4A7A-B80A-81C0F1A79773}G:\focusnatura\wp-portable-3-0 - kopie (2)\bin\apache2\bin\httpd-wpp.exe" = protocol=17 | dir=in | app=g:\focusnatura\wp-portable-3-0 - kopie (2)\bin\apache2\bin\httpd-wpp.exe | 
"UDP Query User{85DC5074-328F-43F9-9005-ADF347CB614E}C:\program files (x86)\resolume arena 4.0.1\arena.exe" = protocol=17 | dir=in | app=c:\program files (x86)\resolume arena 4.0.1\arena.exe | 
"UDP Query User{9A3B9B49-2B10-4545-A370-83135010C783}C:\program files (x86)\llcon\llcon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\llcon\llcon.exe | 
"UDP Query User{9A9375AF-F579-4BB6-B75C-7819B7881A9A}G:\spiele\wow 3.3\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.0.1.2210-enus-tools-downloader.exe | 
"UDP Query User{9CD544A6-D923-44C0-9E7A-5005E0F00983}C:\program files (x86)\novation\automap\automapserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\novation\automap\automapserver.exe | 
"UDP Query User{A3338740-8954-4FC8-AB67-19A2F85DF0C0}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{B59B08E0-E98C-4532-A91B-1F4A366E1ED2}C:\program files (x86)\unity\editor\unity.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe | 
"UDP Query User{B94BA4C2-09C0-4A4C-955D-5D5B6911AA42}C:\program files\autodesk\maya2012\bin\maya.exe" = protocol=17 | dir=in | app=c:\program files\autodesk\maya2012\bin\maya.exe | 
"UDP Query User{BAACBAF5-F222-4CC3-B93E-0FA0A1FCB131}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{BDF1D948-3CDA-41C2-B71F-459A3929ED87}C:\program files (x86)\mediacoder\mediacoder.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediacoder\mediacoder.exe | 
"UDP Query User{C0BE6BF9-12F1-4A18-BE49-C5995F937BFE}G:\spiele\wow 3.3\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"UDP Query User{CB905EBE-56D8-4D9B-956C-95DF39D5CADA}G:\focusnatura\wp-portable-3-0 - kopie (2)\bin\mysql\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=g:\focusnatura\wp-portable-3-0 - kopie (2)\bin\mysql\bin\mysqld-nt.exe | 
"UDP Query User{CC0BE077-C201-405A-A5A8-B7CBBA764EA9}G:\spiele\wow 3.3\blizzard downloader.exe" = protocol=17 | dir=in | app=g:\spiele\wow 3.3\blizzard downloader.exe | 
"UDP Query User{CC363F5A-A986-4BBA-AB7E-CBD52704C71A}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"UDP Query User{CE212E79-6818-4702-93DA-F7CAFC491CB3}C:\program files (x86)\titanium studio\titaniumstudio.exe" = protocol=17 | dir=in | app=c:\program files (x86)\titanium studio\titaniumstudio.exe | 
"UDP Query User{D306600A-BF36-4B3B-A965-2F0745BFCFA9}G:\spiele\wow 3.3\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.1.0.2317-enus-tools-downloader.exe | 
"UDP Query User{D3EFC400-BFD0-49AB-835A-6D3AC45738FA}G:\spiele\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=g:\spiele\dragon age\bin_ship\daorigins.exe | 
"UDP Query User{D502ABA0-89FC-4AE6-BFA4-AC8D9896FB10}G:\spiele\wow 3.3\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"UDP Query User{DD1DD994-3D6C-4E94-9A3B-A8BC8ED5EE1C}G:\spiele\wow 3.3\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 
"UDP Query User{E28DBE2B-00B5-48F9-986D-485A43A6F1AC}G:\spiele\wow 3.3\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"UDP Query User{E7849150-ACD1-47F7-A74F-D03FB15F0494}G:\programme\pd\bin\pd.exe" = protocol=17 | dir=in | app=g:\programme\pd\bin\pd.exe | 
"UDP Query User{EC1A4C86-84B0-4538-9663-36CDABCD5587}G:\spiele\wow 3.3\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.0.0.2104-enus-tools-downloader.exe | 
"UDP Query User{F13ACA2C-1519-4F22-98D3-5B00C12C2EDD}C:\users\andi\downloads\diablo-iii-setup-dede.exe" = protocol=17 | dir=in | app=c:\users\andi\downloads\diablo-iii-setup-dede.exe | 
"UDP Query User{F2FF2D8C-90C4-4974-A7CB-D9151EEC81E5}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe | 
"UDP Query User{F3B40540-80A2-4409-81FF-837216DC0670}C:\program files (x86)\steinberg\cubase 5\cubase5.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steinberg\cubase 5\cubase5.exe | 
"UDP Query User{F45B8F6E-EF71-43A2-B2DE-BC2F49AF5086}C:\program files\steinberg\cubase 5\cubase5.exe" = protocol=17 | dir=in | app=c:\program files\steinberg\cubase 5\cubase5.exe | 
"UDP Query User{F66458FD-8CC6-4036-A2B7-0A804C0CA516}G:\spiele\wow 3.3\backgrounddownloader.exe" = protocol=17 | dir=in | app=g:\spiele\wow 3.3\backgrounddownloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9}" = Native Instruments Guitar Rig 5
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0E086923-AAA3-4F98-A6E2-48B64CE27553}" = Native Instruments Reaktor Factory Selection
"{183C740A-0406-380F-A235-2EC2F8A28D13}" = Microsoft Windows SDK MSHelp (30514)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1DAF5307-E4E2-41F2-9903-863102C84A77}" = Native Instruments Skanner
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{2B7F5983-7076-4D6E-9207-D9D05722502F}" = Smart Technology Programming Software 7.0.2.7
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{3165EA9B-36CC-499B-96FF-36FC30E10EF4}" = License Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4529F749-C362-4119-AFA0-0A3F1CA924AB}" = Autodesk MatchMover 2012 64-bit
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5962F0C0-4719-1E0F-BCBA-3C2AF06C239C}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{639673E9-D53F-44F4-A046-485C8A6ADA16}" = Paint.NET v3.5.6
"{6438691E-D44E-4A18-B6C4-D1EB26281D6A}" = Native Instruments Mikro Prism
"{64A3A4F4-B792-11D6-A78A-00B0D0160250}" = Java(TM) SE Development Kit 6 Update 25 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0170010}" = Java(TM) SE Development Kit 7 Update 1 (64-bit)
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{69B583CE-463B-4B61-AEF6-C0166045A9EA}" = Blue Cat's Gain Suite VST-x64 3.01
"{6BED4DFE-C527-463E-B93A-6F6848B74DD0}" = Native Instruments Battery 3
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{743C5D75-6BC8-4881-BF7D-E7DF29F155F4}" = Steinberg HALionOne 64bit
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89026002-A893-42D9-9E20-6829B844735E}" = Application Verifier (x64)
"{8A9065DA-0293-41DA-A349-16E1A2605F64}" = Steinberg Cubase 5 64bit
"{8BE6BF06-8557-11DF-8EEF-13B3DFD72085}_is1" = Zen 1.6.6
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9BA2F491-A10D-4266-905B-61C549B35D97}_is1" = 4U Goniometer & Korrelator Version 1.0.2
"{9E6BB4E4-0B20-4922-AA37-260FA5ACFBA5}" = Autodesk Maya 2012 64-bit
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{AC07B5F9-BF11-4221-9E85-87A6F33BCBB3}" = Steinberg VST Classics 2 64bit
"{AC3E3746-8F18-4F8A-9521-1493022C6E0A}" = Autodesk DirectConnect 2012 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B307C60F-2DF4-8AA9-4215-6352F105F10B}" = ccc-utility64
"{B653153C-B4C7-45D0-B2EE-037A9F635FB0}" = Yamaha USB-MIDI Driver
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C1FB650C-FE43-84D6-942F-33767F4A90B8}" = AMD AVIVO64 Codecs
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D21540A9-37AC-40FC-8106-15A4C1A2DD1A}" = Oracle VM VirtualBox 4.1.4
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{DC045263-336D-4915-9170-E9A9AE1F2ADB}_is1" = 4U Meter, Fader & MS-Pan Version 1.0.2
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
"{EA234BC3-39FE-4734-B72F-076086889F6D}" = Composite 2012 64-bit
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FC4AD39F-9DCE-4BD0-B7D0-7C81CEB9F04B}" = NVIDIA PhysX Plug-in for Autodesk Maya 2012 64 bit
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"48DA9D7CD0A60ABE8FAF9B0BD6C99935B024BEA7" = Windows-Treiberpaket - LOUD Technologies Inc. (MackieAudio) MEDIA  (12/15/2009 1.7.0.1)
"Autodesk DirectConnect 2012 64-bit" = Autodesk DirectConnect 2012 64-bit
"Autodesk Maya 2012 64-bit" = Autodesk Maya 2012 64-bit
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1304
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Matrox VFW Software Codecs" = Matrox VFW Software Codecs, build 1.0.0.31 
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Novation USB Audio Driver_is1" = Novation USB Audio Driver 2.3
"REAPER" = REAPER (x64)
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"Sibelius 7.0.0.23_is1" = Sibelius 7.0.0.23
"SP6" = Logitech SetPoint 6.32
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"USB_AUDIO_DEusb-audio.deTTATMIDI" = MIDI USB driver
"Vienna Instruments_is1" = Vienna Instruments 4.1
"WhoCrashed_is1" = WhoCrashed 2.10
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0191D1AE-DB97-A3CB-9E50-61AC6D829760}" = CCC Help Spanish
"{02EBDD2F-58B6-D059-9889-1DA39B4E4BA6}" = CCC Help Swedish
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{045D4EDF-8DC1-43D7-BAFC-7AAEF99C7168}" = Adobe Creative Suite 6 Production Premium
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0489621E-DE2A-11E0-93EA-F04DA23A5C58}" = DVD Architect Studio 5.0
"{053C7D32-3566-452B-9A37-D42B4F4C5379}" = WaveAgent
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{106F9A11-6D38-4FDF-9A0A-BD6461C459F8}_is1" = TrainYourEars EQ Edition version 1.0
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15F02176-0D12-4FAF-B2CD-2767C7781427}" = Google SketchUp 8
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{1D111953-3C70-48E3-BB62-B669C724585C}" = Steinberg CC121 Extension 64bit
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216A560D-EE1D-553F-A512-FB3E48C066AB}" = CCC Help Dutch
"{237AE7F6-5BE0-06C0-1C5D-3F15B17836E6}" = CCC Help Chinese Traditional
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2C60BF08-3604-95BE-4E2C-2B253A1FF05F}" = CCC Help Russian
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{34A32F81-9779-8091-2AC6-251A99797F83}" = CCC Help Portuguese
"{36C0C3FC-6B7E-467A-81DB-6E4532B44374}" = Catalyst Control Center - Branding
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{405ACF62-2C40-956B-ED88-9BDBB8E7E6AB}" = CCC Help Japanese
"{42EB63A2-8D42-F70C-B7F7-A821CF4C4CBA}" = Catalyst Control Center Core Implementation
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{5755EBD2-BCB8-8C9F-B5F6-F8C7E3F4D772}" = CCC Help Greek
"{599D5FDA-304B-B6F9-7109-D14D98D0AEF8}" = CCC Help Finnish
"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C16E81-327C-49B6-9643-4F5EFD8A6B2D}" = winLAME 2010 beta 2
"{6632608D-DE22-000A-AF96-A3426B2F1AC5}" = Catalyst Control Center Localization All
"{68544F92-4A85-48F2-9997-40E02EFB2305}" = eJammingAUDiiO
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{6B4BE918-CA10-4CB4-AA34-295379CA4E5A}" = VSTPlayer
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7242AD09-AE6B-7B45-DE28-69CFD54B6AC6}" = Catalyst Control Center InstallProxy
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73D766DC-C79D-11DD-9A42-A17956D89593}" = SuperCollider
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B10D7BF-02B7-F510-EA11-92733B1AA947}" = CCC Help Norwegian
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{81BBE880-5409-11E1-BF7F-F04DA23A5C58}" = Vegas Movie Studio HD Platinum 11.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8CA1C3B5-BEF7-CA11-5465-264361B86A9C}" = ccc-core-static
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{91000001-C561-4E32-99EB-3C5AD3683A70}" = Waves Complete V9r5
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{93249DC5-F4BC-4AF7-B4BF-E52927302B5E}" = AKME FFmpeg 0.7.9
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9B7602DF-4A71-77E3-B714-834D3B377981}" = Catalyst Control Center Graphics Light
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D217983-0D17-6DF9-6004-BE7370F4CAF7}" = Catalyst Control Center Graphics Previews Vista
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A6457851-5EA9-45B0-AF1D-D2A0A4781CFB}" = MIDI-OX
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1" = Bass Station 1.6
"{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}" = MIDI-OX
"{AC6199F7-4411-09B7-2E14-8A8829ABEA46}" = Catalyst Control Center Graphics Full Existing
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{BFB51B96-BBED-3BCD-2910-FCF8E692FA2D}" = CCC Help Hungarian
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C2AF7B2D-7018-414B-9B8B-D3C9F3BED04F}" = Visual C++ Redistributables
"{C2F545C0-6FE6-E4D4-2B08-F48200467799}" = CCC Help Chinese Standard
"{C5B5A5FE-875C-0C7A-0AF6-B5096176F4DE}" = CCC Help Thai
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB8327D1-8F9E-E9C8-C42A-33F45DF06FD3}" = CCC Help Polish
"{CC89DAB5-10F6-9C2D-AA56-0AA5213BA000}" = CCC Help Italian
"{CD2FE3BE-784C-0967-A63A-C4C5E1EA04A3}" = CCC Help Korean
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2019967-5858-364E-6269-F85FD2C9D16E}" = CCC Help Turkish
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D5242CDB-8BD8-61EB-3CA3-DB87C4B4F2B3}" = Catalyst Control Center Graphics Previews Common
"{D73D0110-3C7C-BF4F-0904-6779B327C343}" = CCC Help Czech
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DBF4BC99-53F1-4C97-84C3-7557D103E182}" = Steinberg Groove Agent ONE Vintage Beatboxes
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEA491FB-48BC-4B6B-8902-FCD4BAB069BE}" = iLok Client Helper
"{E00AD25B-8D96-BE0A-BC90-318098FE0684}" = CCC Help French
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4480875-3E39-B8F5-4AEC-F19F2BF6AE0D}" = CCC Help English
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{E7463B84-E3FB-5659-D75E-BB0A311E4871}" = CCC Help Danish
"{EBAEEE00-5412-11E1-B144-001676AB6D60}" = MSVCRT Redists
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEB52713-AEED-2462-CDD4-AE42CCB3AD23}" = CCC Help German
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F88116EE-FFA7-D0C9-553C-AF5C5684A966}" = Catalyst Control Center Graphics Full New
"{FBE64702-E893-4D55-BA5C-514AAF11CCC4}" = Sibelius 7 OpenType Fonts
"{FD937297-84C3-41A5-B5DF-1FAEEE669D68}" = rtpMIDI
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"6140-2535-4985-4395" = Impro-Visor 5.08
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Android SDK Tools" = Android SDK Tools
"AudioMulch Interactive Music Studio_is1" = AudioMulch Interactive Music Studio 2.1.1
"Avira AntiVir Desktop" = Avira Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BloXpander Demo" = BloXpander Demo 1.3.0
"Camel Audio Alchemy64" = Camel Audio Alchemy64
"Cantabile 2.0 Lite" = Cantabile 2.0 Lite
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Lite" = DAEMON Tools Lite
"DarkWave Studio" = DarkWave Studio 3.3.2
"Death Rally" = Death Rally for Windows
"Diablo III" = Diablo III
"DVD Flick_is1" = DVD Flick 1.3.0.7
"eLicenser Control" = eLicenser Control
"FBackup 4_is1" = FBackup 4
"FileZilla Client" = FileZilla Client 3.5.0
"Filtrate LE" = Filtrate LE 1.004
"FLAC" = FLAC 1.2.1b (remove only)
"FMOD Designer" = FMOD Designer
"FMOD Sandbox" = FMOD Sandbox (remove only)
"FreeFileSync" = FreeFileSync 5.6
"GNU Solfege_is1" = GNU Solfege 3.20.6.1
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"Heroes of Might and Magic II Gold" = Heroes II Gold
"Inkscape" = Inkscape 0.48.1 
"InstallShield_{053C7D32-3566-452B-9A37-D42B4F4C5379}" = WaveAgent
"InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}" = License Support
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C2AF7B2D-7018-414B-9B8B-D3C9F3BED04F}" = Visual C++ Redistributables
"InstallShield_{DEA491FB-48BC-4B6B-8902-FCD4BAB069BE}" = iLok Client Helper
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"iZotope Nectar_is1" = iZotope Nectar
"LenMus" = lenmus v4.2.2
"Live 8.0.9" = Live 8.0.9
"Live 8.2.2" = Live 8.2.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MediaCoder" = MediaCoder 2011
"MeldaProduction Free VST Effects" = MeldaProduction Free VST Effects
"MeldaProduction MFreeEffectsBundle64 6" = MeldaProduction MFreeEffectsBundle64 6
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MuseScore" = MuseScore 1.2 MuseScore score typesetter
"Native Instruments Battery 3" = Native Instruments Battery 3
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Guitar Rig 5" = Native Instruments Guitar Rig 5
"Native Instruments Mikro Prism" = Native Instruments Mikro Prism
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Reaktor Factory Selection" = Native Instruments Reaktor Factory Selection
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Skanner" = Native Instruments Skanner
"NCLauncher_GameForge" = NC Launcher (GameForge)
"OpenAL" = OpenAL
"OpenLibraries" = OpenLibraries
"Opera 12.02.1578" = Opera 12.02
"Pencil" = Pencil
"PriMus Free_is1" = PriMus Free 1.1 (Build 10152)
"PSP PianoVerb 1.7.1 64bit" = PSP PianoVerb 1.7.1 64bit
"PunkBusterSvc" = PunkBuster Services
"Raidcall" = Raidcall
"ReaPlugs" = ReaPlugs
"Registry Repair" = Registry Repair 4.1.0.388
"Resolume Arena 4.0.1_is1" = Resolume Arena 4.0.1
"Reverberate LE" = Reverberate LE 1.007
"RSSOwl" = RSSOwl
"Saitek Dual Analog Rumble Pad" = Saitek Dual Analog Rumble Pad
"Screen Capturer Recorder_is1" = Screen Capturer Recorder uninstall
"Scribus 1.3.3.14" = Scribus 1.3.3.14
"shortcircuit" = shortcircuit
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"Steam App 28050" = Deus Ex: Human Revolution
"SubtitleWorkshop" = Subtitle Workshop 2.51
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Titanium Studio" = Titanium Studio
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Unity" = Unity
"uTorrent" = µTorrent
"virtual audio capture grabber device_is1" = virtual audio capture grabber device uninstall
"VLC media player" = VLC media player 1.1.5
"Wild Tangent - Fate" = Wild Tangent - Fate
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"World of Warcraft" = World of Warcraft
"YAMB" = YAMB
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dexpot" = Dexpot
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager
"Flux" = F.lux
"Free Alpha 3" = Free Alpha 3
"Google Chrome" = Google Chrome
"Torpedo PI-FREE" = Torpedo PI-FREE 1.0.12
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.10.2012 02:03:48 | Computer Name = LimatuII | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\Composite
 2012\python\lib\distutils\command\wininst-8_d.exe".  Die abhängige Assemblierung 
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 01.10.2012 02:54:43 | Computer Name = LimatuII | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Waves\Applications\wlc.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files (x86)\Waves\Applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST"
 in Zeile  8.  Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
 angeforderten Komponente überein.  Verweis: WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition:
 WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Verwenden
 Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 01.10.2012 02:54:49 | Computer Name = LimatuII | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Waves\Applications\GTRSolo 3.5.exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Waves\Applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST"
 in Zeile  8.  Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
 angeforderten Komponente überein.  Verweis: WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition:
 WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Verwenden
 Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 01.10.2012 02:54:49 | Computer Name = LimatuII | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Waves\Applications\GTR 3.5.exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Waves\Applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST"
 in Zeile  8.  Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
 angeforderten Komponente überein.  Verweis: WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition:
 WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Verwenden
 Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 01.10.2012 05:00:08 | Computer Name = LimatuII | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Waves\Applications\wlc.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files (x86)\Waves\Applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST"
 in Zeile  8.  Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
 angeforderten Komponente überein.  Verweis: WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition:
 WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Verwenden
 Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 01.10.2012 06:27:04 | Computer Name = LimatuII | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Bridge.exe, Version: 5.0.1.21, Zeitstempel:
 0x50226378  Name des fehlerhaften Moduls: atio6axx.dll, Version: 6.14.10.9551, Zeitstempel:
 0x4b68f993  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000001c53  ID des fehlerhaften
 Prozesses: 0x1ba0  Startzeit der fehlerhaften Anwendung: 0x01cd9fbef4597570  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\atio6axx.dll  Berichtskennung: 8a9ecd92-0bb2-11e2-a9f3-b8ac6f480875
 
Error - 01.10.2012 12:01:51 | Computer Name = LimatuII | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Cubase5.exe, Version: 5.5.0.602, 
Zeitstempel: 0x4c061a50  Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161,
 Zeitstempel: 0x4dace4e7  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000001e401
ID
 des fehlerhaften Prozesses: 0x1f6c  Startzeit der fehlerhaften Anwendung: 0x01cd9fede951db61
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Steinberg\Cubase 5\Cubase5.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\MSVCR90.dll
Berichtskennung:
 4f6acce1-0be1-11e2-a9f3-b8ac6f480875
 
Error - 01.10.2012 15:18:28 | Computer Name = LimatuII | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\Composite
 2012\python\lib\distutils\command\wininst-8_d.exe".  Die abhängige Assemblierung 
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 02.10.2012 03:17:08 | Computer Name = LimatuII | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\Composite
 2012\python\lib\distutils\command\wininst-8_d.exe".  Die abhängige Assemblierung 
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 02.10.2012 04:11:01 | Computer Name = LimatuII | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AfterFX.exe, Version: 11.0.1.12, 
Zeitstempel: 0x4fab6f50  Name des fehlerhaften Moduls: AfterFXLib.dll, Version: 0.0.0.0,
 Zeitstempel: 0x4fab92e1  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000004ad0a7
ID
 des fehlerhaften Prozesses: 0xe74  Startzeit der fehlerhaften Anwendung: 0x01cda07163861b7c
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Adobe\Adobe After Effects CS6\Support
 Files\AfterFX.exe  Pfad des fehlerhaften Moduls: C:\Program Files\Adobe\Adobe After
 Effects CS6\Support Files\AfterFXLib.dll  Berichtskennung: b3f4d39e-0c68-11e2-9401-b8ac6f480875
 
[ System Events ]
Error - 23.10.2012 11:13:58 | Computer Name = LimatuII | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Arbeitsstationsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.10.2012 11:13:58 | Computer Name = LimatuII | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.10.2012 11:13:58 | Computer Name = LimatuII | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst 
"Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%31
 
Error - 23.10.2012 11:13:58 | Computer Name = LimatuII | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.10.2012 11:13:58 | Computer Name = LimatuII | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.10.2012 11:13:58 | Computer Name = LimatuII | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.10.2012 11:13:58 | Computer Name = LimatuII | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFD  avipbb  avkmgr  CSC  DfsC  discache  NetBIOS  NetBT  nsiproxy  Psched  rdbss  spldr  tdx  VBoxDrv  VBoxUSBMon
Wanarpv6
WfpLwf
 
Error - 23.10.2012 11:24:05 | Computer Name = LimatuII | Source = DCOM | ID = 10005
Description = 
 
Error - 23.10.2012 11:24:05 | Computer Name = LimatuII | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 23.10.2012 11:24:05 | Computer Name = LimatuII | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
 
< End of report >
         
Liebe Grüße,
Limatu

Alt 25.10.2012, 14:54   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Delf in "C:\ProgramData\lsass.exe" - Standard

Trojan.Delf in "C:\ProgramData\lsass.exe"



Bitte ein Log mit CF machen

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.10.2012, 23:54   #8
Limatu
 
Trojan.Delf in "C:\ProgramData\lsass.exe" - Standard

Trojan.Delf in "C:\ProgramData\lsass.exe"



Hier ist nun auch das Combofix-Log:
Code:
ATTFilter
ComboFix 12-10-25.01 - andi 25.10.2012  17:14:08.1.8 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1252.43.1031.18.12286.10208 [GMT 2:00]
ausgeführt von:: c:\users\andi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\arepo.pad
c:\users\andi\AppData\Local\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll
c:\windows\SysWow64\hookdll.dll
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-25 bis 2012-10-25  ))))))))))))))))))))))))))))))
.
.
2012-10-25 15:26 . 2012-10-25 15:26	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-23 15:08 . 2012-10-23 15:08	--------	d-----w-	c:\users\andi\AppData\Roaming\Malwarebytes
2012-10-23 15:07 . 2012-10-23 15:07	--------	d-----w-	c:\programdata\Malwarebytes
2012-10-23 15:07 . 2012-10-23 15:07	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-23 15:07 . 2012-09-29 17:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-10-19 09:17 . 2012-10-19 09:17	--------	d-----w-	c:\users\andi\AppData\Roaming\AudioMulch
2012-10-13 09:22 . 2012-10-13 09:23	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-10-10 07:27 . 2012-08-30 18:11	5505904	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-10-10 07:27 . 2012-08-30 17:18	3958128	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 07:27 . 2012-08-30 17:18	3902832	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 07:27 . 2012-08-24 18:05	220160	----a-w-	c:\windows\system32\wintrust.dll
2012-10-10 07:27 . 2012-08-24 17:10	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-10-10 07:26 . 2012-09-14 19:23	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-10 07:26 . 2012-09-14 18:30	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-10-10 07:26 . 2012-08-11 00:53	714752	----a-w-	c:\windows\system32\kerberos.dll
2012-10-10 07:26 . 2012-08-10 23:54	541184	----a-w-	c:\windows\SysWow64\kerberos.dll
2012-10-10 07:26 . 2012-06-02 05:25	182272	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-10 07:26 . 2012-06-02 05:25	1462784	----a-w-	c:\windows\system32\crypt32.dll
2012-10-10 07:26 . 2012-06-02 05:25	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-10 07:26 . 2012-06-02 04:45	139264	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-10-10 07:26 . 2012-06-02 04:45	1157632	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-10-10 07:26 . 2012-06-02 04:45	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-10-08 22:51 . 2012-10-08 22:52	--------	d-----w-	c:\program files (x86)\YAMB
2012-10-02 09:25 . 2012-10-02 09:25	--------	d-----w-	c:\programdata\Automatic Duck
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 21:26 . 2010-10-01 23:43	65309168	----a-w-	c:\windows\system32\MRT.exe
2012-10-09 14:30 . 2012-04-05 23:58	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 14:30 . 2011-05-16 07:35	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-24 11:15 . 2012-09-22 22:09	17810944	----a-w-	c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 22:09	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 22:09	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 22:09	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 22:09	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 22:09	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 22:09	237056	----a-w-	c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 22:09	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 22:09	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 22:09	816640	----a-w-	c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 22:09	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 22:09	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 22:09	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 22:09	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 22:09	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 22:09	248320	----a-w-	c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 22:09	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 22:09	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 22:09	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 22:09	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 22:09	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 22:09	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\andi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\andi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\andi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\andi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dexpot"="c:\program files (x86)\Dexpot\dexpot.exe" [2012-01-30 1421312]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"F.lux"="c:\users\andi\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-11-29 935312]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-11-29 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-11-29 3508624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]
.
c:\users\andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
caps_lock_changer.exe - Verknüpfung.lnk - g:\programme\Caps Lock Changer\caps_lock_changer.exe [2010-10-16 211026]
Dropbox.lnk - c:\users\andi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
ToDoList - Verknüpfung.lnk - g:\programme\todolist\ToDoList.exe [2010-10-2 1150976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-03 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 automap;Automap MIDI Driver;c:\windows\system32\DRIVERS\automap.sys [2011-07-06 19800]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;g:\spiele\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-11-24 98616]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-08-31 1431888]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-03 136176]
R3 MackieAudio;Mackie Audio Driver;c:\windows\system32\DRIVERS\MackieAudio64.sys [2010-10-01 158432]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-13 115168]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-11-24 203320]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TTMIDICHIP;Terratec MIDI-CHIP driver service;c:\windows\system32\drivers\ttatmidi.sys [2010-10-01 43072]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-01 1255736]
R3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbx64.sys [2009-08-04 48200]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-23 270912]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-10-03 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-10-03 130864]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-05 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960]
S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2011-03-25 2784768]
S2 rtpMIDIService;rtpMIDIService;c:\program files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe [2010-11-27 1126400]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-04-05 6366720]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-04-05 186880]
S3 iLokDrvr;Usb Driver;c:\windows\system32\DRIVERS\iLokDrvr.sys [2011-03-24 25720]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\DRIVERS\nvnusbaudio.sys [2011-10-05 53080]
S3 SynUSB64;eLicenser;c:\windows\system32\DRIVERS\SynUSB64.sys [2009-06-26 30352]
S3 teVirtualMIDI64;teVirtualMIDI - Virtual MIDI Driver x64;c:\windows\system32\DRIVERS\teVirtualMIDI64.sys [2010-11-15 28160]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-10-03 146736]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-10-03 165680]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 14:30]
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-03 07:36]
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-03 07:36]
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3536413052-1497961762-845648814-1001Core.job
- c:\users\andi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-10 20:14]
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3536413052-1497961762-845648814-1001UA.job
- c:\users\andi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-10 20:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\andi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\andi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\andi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\andi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-07-29 310272]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-07-29 158208]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\andi\AppData\Roaming\Mozilla\Firefox\Profiles\zcddboys.default\
FF - prefs.js: browser.search.selectedEngine - Google.de
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-Overwolf - c:\program files (x86)\Overwolf\Overwolf.exe
Wow6432Node-HKLM-Run-NPSStartup - (no file)
HKLM-Run-ATIModeChange - Ati2mdxx.exe
AddRemove-MeldaProduction MFreeEffectsBundle64 6 - c:\program files\VstPlugins\MeldaProduction\MFreeEffectsBundle64 6\setup.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-Steam App 28050 - c:\program files (x86)\Steam\steam.exe
AddRemove-Wild Tangent - Fate - g:\spiele\Fate1\Uninstal.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{9999A076-A9E2-4C99-8A2B-632FC9429223}"=hex:51,66,7a,6c,4c,1d,38,12,18,a3,8a,
   9d,d0,e7,f7,09,f5,3d,20,6f,cc,1c,d6,37
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:29,d0,c6,0a,ed,8d,cd,01
.
[HKEY_USERS\S-1-5-21-3536413052-1497961762-845648814-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:12,69,91,b9,6f,c9,67,f9,ea,1d,1e,9e,b5,02,86,bf,62,58,34,fb,48,05,71,
   fe,95,ad,d0,d1,28,f1,49,7b,f8,04,74,13,c1,e3,2e,5b,bf,a1,14,10,e1,61,73,53,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-3536413052-1497961762-845648814-1001\Software\SecuROM\License information*]
"datasecu"=hex:3a,29,de,63,b5,e4,43,09,6c,3a,44,85,35,3b,0d,e2,30,95,b0,39,5b,
   e5,3e,ee,9b,8b,60,9f,19,cc,4a,e0,32,3a,54,84,a9,07,6f,c6,e6,a5,e5,5f,fe,e0,\
"rkeysecu"=hex:39,42,eb,11,ef,55,53,34,b5,b8,49,36,42,99,51,5a
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-26  00:50:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-25 22:50
.
Vor Suchlauf: 10 Verzeichnis(se), 285.294.120.960 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 338.253.701.120 Bytes frei
.
- - End Of File - - 62864617078D3D846204588E5B6D7A76
         
Schöne Grüße,
Limatu

Alt 26.10.2012, 13:12   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Delf in "C:\ProgramData\lsass.exe" - Standard

Trojan.Delf in "C:\ProgramData\lsass.exe"



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.10.2012, 14:21   #10
Limatu
 
Trojan.Delf in "C:\ProgramData\lsass.exe" - Standard

Trojan.Delf in "C:\ProgramData\lsass.exe"



Hallo,
hier ist das gewünschte Log von TDSS Killer:

Code:
ATTFilter
15:16:41.0867 4692  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
15:16:42.0134 4692  ============================================================
15:16:42.0134 4692  Current date / time: 2012/10/26 15:16:42.0134
15:16:42.0134 4692  SystemInfo:
15:16:42.0134 4692  
15:16:42.0134 4692  OS Version: 6.1.7600 ServicePack: 0.0
15:16:42.0134 4692  Product type: Workstation
15:16:42.0134 4692  ComputerName: LIMATUII
15:16:42.0134 4692  UserName: andi
15:16:42.0134 4692  Windows directory: C:\Windows
15:16:42.0134 4692  System windows directory: C:\Windows
15:16:42.0134 4692  Running under WOW64
15:16:42.0134 4692  Processor architecture: Intel x64
15:16:42.0134 4692  Number of processors: 8
15:16:42.0134 4692  Page size: 0x1000
15:16:42.0134 4692  Boot type: Normal boot
15:16:42.0134 4692  ============================================================
15:16:43.0170 4692  Drive \Device\Harddisk0\DR0 - Size: 0x7450000000 (465.25 Gb), SectorSize: 0x200, Cylinders: 0xED3E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:16:43.0176 4692  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:16:43.0188 4692  Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:16:43.0193 4692  Drive \Device\Harddisk3\DR3 - Size: 0x79280000 (1.89 Gb), SectorSize: 0x200, Cylinders: 0xF7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:16:43.0195 4692  ============================================================
15:16:43.0195 4692  \Device\Harddisk0\DR0:
15:16:43.0195 4692  MBR partitions:
15:16:43.0195 4692  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:16:43.0195 4692  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A24C800
15:16:43.0195 4692  \Device\Harddisk1\DR1:
15:16:43.0196 4692  MBR partitions:
15:16:43.0196 4692  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
15:16:43.0196 4692  \Device\Harddisk2\DR2:
15:16:43.0196 4692  MBR partitions:
15:16:43.0196 4692  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
15:16:43.0196 4692  \Device\Harddisk3\DR3:
15:16:43.0197 4692  MBR partitions:
15:16:43.0197 4692  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x6, StartLBA 0xF9, BlocksNum 0x3C9307
15:16:43.0197 4692  ============================================================
15:16:43.0234 4692  C: <-> \Device\Harddisk2\DR2\Partition1
15:16:43.0266 4692  D: <-> \Device\Harddisk0\DR0\Partition2
15:16:43.0284 4692  G: <-> \Device\Harddisk1\DR1\Partition1
15:16:43.0284 4692  ============================================================
15:16:43.0285 4692  Initialize success
15:16:43.0285 4692  ============================================================
15:17:23.0303 3480  ============================================================
15:17:23.0303 3480  Scan started
15:17:23.0303 3480  Mode: Manual; SigCheck; TDLFS; 
15:17:23.0303 3480  ============================================================
15:17:24.0089 3480  ================ Scan system memory ========================
15:17:24.0089 3480  System memory - ok
15:17:24.0089 3480  ================ Scan services =============================
15:17:24.0204 3480  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
15:17:24.0246 3480  1394ohci - ok
15:17:24.0285 3480  [ E0A8525A951ADDB4655BC2068566407D ] 61883           C:\Windows\system32\DRIVERS\61883.sys
15:17:24.0308 3480  61883 - ok
15:17:24.0340 3480  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
15:17:24.0354 3480  ACPI - ok
15:17:24.0365 3480  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
15:17:24.0386 3480  AcpiPmi - ok
15:17:24.0489 3480  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:17:24.0499 3480  AdobeARMservice - ok
15:17:24.0977 3480  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:17:24.0987 3480  AdobeFlashPlayerUpdateSvc - ok
15:17:25.0032 3480  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:17:25.0051 3480  adp94xx - ok
15:17:25.0088 3480  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:17:25.0103 3480  adpahci - ok
15:17:25.0115 3480  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:17:25.0128 3480  adpu320 - ok
15:17:25.0149 3480  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:17:25.0188 3480  AeLookupSvc - ok
15:17:25.0242 3480  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD             C:\Windows\system32\drivers\afd.sys
15:17:25.0264 3480  AFD - ok
15:17:25.0274 3480  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
15:17:25.0285 3480  agp440 - ok
15:17:25.0289 3480  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:17:25.0314 3480  ALG - ok
15:17:25.0335 3480  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
15:17:25.0345 3480  aliide - ok
15:17:25.0395 3480  [ C4C88CD854B28FC85495C841A0F6A069 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:17:25.0408 3480  AMD External Events Utility - ok
15:17:25.0428 3480  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
15:17:25.0438 3480  amdide - ok
15:17:25.0456 3480  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:17:25.0476 3480  AmdK8 - ok
15:17:25.0594 3480  [ 1147F8816D4DDC9FC43A40DF52F40500 ] amdkmdag        C:\Windows\system32\DRIVERS\atipmdag.sys
15:17:25.0691 3480  amdkmdag - ok
15:17:25.0725 3480  [ EBC963D8F5B04C98F5EF597AAE79CDDD ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:17:25.0758 3480  amdkmdap - ok
15:17:25.0778 3480  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:17:25.0808 3480  AmdPPM - ok
15:17:25.0829 3480  [ 7A4B413614C055935567CF88A9734D38 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
15:17:25.0840 3480  amdsata - ok
15:17:25.0856 3480  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:17:25.0869 3480  amdsbs - ok
15:17:25.0884 3480  [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
15:17:25.0893 3480  amdxata - ok
15:17:25.0983 3480  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:17:25.0993 3480  AntiVirSchedulerService - ok
15:17:26.0018 3480  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:17:26.0027 3480  AntiVirService - ok
15:17:26.0046 3480  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
15:17:26.0061 3480  AppID - ok
15:17:26.0079 3480  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:17:26.0124 3480  AppIDSvc - ok
15:17:26.0153 3480  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
15:17:26.0178 3480  Appinfo - ok
15:17:26.0205 3480  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
15:17:26.0218 3480  AppMgmt - ok
15:17:26.0243 3480  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:17:26.0254 3480  arc - ok
15:17:26.0270 3480  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:17:26.0281 3480  arcsas - ok
15:17:26.0371 3480  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:17:26.0379 3480  aspnet_state - ok
15:17:26.0403 3480  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:17:26.0431 3480  AsyncMac - ok
15:17:26.0454 3480  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
15:17:26.0463 3480  atapi - ok
15:17:26.0523 3480  [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
15:17:26.0540 3480  AtiHdmiService - ok
15:17:26.0581 3480  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:17:26.0638 3480  AudioEndpointBuilder - ok
15:17:26.0645 3480  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:17:26.0679 3480  AudioSrv - ok
15:17:26.0719 3480  [ 332BBC97F90440E46DD621ADC2DC512A ] automap         C:\Windows\system32\DRIVERS\automap.sys
15:17:32.0059 3480  automap - ok
15:17:32.0089 3480  [ 16FABE84916623D0607E4A975544032C ] Avc             C:\Windows\system32\DRIVERS\avc.sys
15:17:32.0119 3480  Avc - ok
15:17:32.0153 3480  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
15:17:32.0165 3480  avgntflt - ok
15:17:32.0201 3480  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
15:17:32.0211 3480  avipbb - ok
15:17:32.0251 3480  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
15:17:32.0260 3480  avkmgr - ok
15:17:32.0286 3480  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:17:32.0314 3480  AxInstSV - ok
15:17:32.0349 3480  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
15:17:32.0375 3480  b06bdrv - ok
15:17:32.0398 3480  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:17:32.0424 3480  b57nd60a - ok
15:17:32.0459 3480  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:17:32.0486 3480  BDESVC - ok
15:17:32.0497 3480  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:17:32.0542 3480  Beep - ok
15:17:32.0588 3480  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
15:17:32.0624 3480  BFE - ok
15:17:32.0653 3480  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\system32\qmgr.dll
15:17:32.0689 3480  BITS - ok
15:17:32.0703 3480  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:17:32.0729 3480  blbdrive - ok
15:17:32.0795 3480  [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
15:17:32.0804 3480  Bonjour Service - ok
15:17:32.0839 3480  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:17:32.0865 3480  bowser - ok
15:17:32.0880 3480  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:17:32.0893 3480  BrFiltLo - ok
15:17:32.0902 3480  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:17:32.0915 3480  BrFiltUp - ok
15:17:32.0951 3480  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
15:17:32.0980 3480  BridgeMP - ok
15:17:33.0026 3480  [ 6B054C67AAA87843504E8E3C09102009 ] Browser         C:\Windows\System32\browser.dll
15:17:33.0039 3480  Browser - ok
15:17:33.0052 3480  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:17:33.0078 3480  Brserid - ok
15:17:33.0087 3480  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:17:33.0110 3480  BrSerWdm - ok
15:17:33.0122 3480  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:17:33.0146 3480  BrUsbMdm - ok
15:17:33.0167 3480  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:17:33.0187 3480  BrUsbSer - ok
15:17:33.0239 3480  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
15:17:33.0257 3480  BthEnum - ok
15:17:33.0273 3480  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:17:33.0299 3480  BTHMODEM - ok
15:17:33.0329 3480  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
15:17:33.0361 3480  BthPan - ok
15:17:33.0398 3480  [ 21084CEB85280468C9ACA3C805C0F8CF ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
15:17:33.0429 3480  BTHPORT - ok
15:17:33.0462 3480  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:17:33.0515 3480  bthserv - ok
15:17:33.0546 3480  [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
15:17:33.0558 3480  BTHUSB - ok
15:17:33.0575 3480  catchme - ok
15:17:33.0599 3480  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:17:33.0638 3480  cdfs - ok
15:17:33.0688 3480  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:17:33.0715 3480  cdrom - ok
15:17:33.0742 3480  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:17:33.0843 3480  CertPropSvc - ok
15:17:33.0857 3480  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:17:33.0916 3480  circlass - ok
15:17:33.0949 3480  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:17:33.0963 3480  CLFS - ok
15:17:34.0021 3480  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:17:34.0031 3480  clr_optimization_v2.0.50727_32 - ok
15:17:34.0058 3480  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:17:34.0067 3480  clr_optimization_v2.0.50727_64 - ok
15:17:34.0130 3480  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:17:34.0140 3480  clr_optimization_v4.0.30319_32 - ok
15:17:34.0157 3480  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:17:34.0166 3480  clr_optimization_v4.0.30319_64 - ok
15:17:34.0181 3480  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:17:34.0205 3480  CmBatt - ok
15:17:34.0220 3480  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
15:17:34.0230 3480  cmdide - ok
15:17:34.0276 3480  [ CA7720B73446FDDEC5C69519C1174C98 ] CNG             C:\Windows\system32\Drivers\cng.sys
15:17:34.0297 3480  CNG - ok
15:17:34.0327 3480  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:17:34.0337 3480  Compbatt - ok
15:17:34.0350 3480  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
15:17:34.0371 3480  CompositeBus - ok
15:17:34.0386 3480  COMSysApp - ok
15:17:34.0405 3480  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:17:34.0416 3480  crcdisk - ok
15:17:34.0460 3480  [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:17:34.0472 3480  CryptSvc - ok
15:17:34.0525 3480  CrystalSysInfo - ok
15:17:34.0563 3480  [ 4A6173C2279B498CD8F57CAE504564CB ] CSC             C:\Windows\system32\drivers\csc.sys
15:17:34.0596 3480  CSC - ok
15:17:34.0618 3480  [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService      C:\Windows\System32\cscsvc.dll
15:17:34.0657 3480  CscService - ok
15:17:34.0746 3480  [ 80861969541971176E005D2C09DAE851 ] DAUpdaterSvc    G:\Spiele\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
15:17:34.0754 3480  DAUpdaterSvc - ok
15:17:34.0793 3480  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:17:34.0827 3480  DcomLaunch - ok
15:17:34.0855 3480  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:17:34.0927 3480  defragsvc - ok
15:17:35.0071 3480  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:17:35.0122 3480  DfsC - ok
15:17:35.0172 3480  [ 388039F99CE8769024EE0438352ACA99 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
15:17:35.0182 3480  dg_ssudbus - ok
15:17:35.0226 3480  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:17:35.0258 3480  Dhcp - ok
15:17:35.0297 3480  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:17:35.0337 3480  discache - ok
15:17:35.0375 3480  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:17:35.0385 3480  Disk - ok
15:17:35.0418 3480  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:17:35.0441 3480  Dnscache - ok
15:17:35.0460 3480  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
15:17:35.0491 3480  dot3svc - ok
15:17:35.0505 3480  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
15:17:35.0543 3480  DPS - ok
15:17:35.0582 3480  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:17:35.0595 3480  drmkaud - ok
15:17:35.0631 3480  [ D3D64CF7B2BCEAA34A270F45A3FFFB36 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:17:35.0642 3480  dtsoftbus01 - ok
15:17:35.0688 3480  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:17:35.0708 3480  DXGKrnl - ok
15:17:35.0726 3480  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:17:35.0771 3480  EapHost - ok
15:17:35.0832 3480  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
15:17:35.0897 3480  ebdrv - ok
15:17:35.0937 3480  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS             C:\Windows\System32\lsass.exe
15:17:35.0949 3480  EFS - ok
15:17:35.0987 3480  [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:17:36.0013 3480  ehRecvr - ok
15:17:36.0030 3480  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:17:36.0042 3480  ehSched - ok
15:17:36.0067 3480  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:17:36.0085 3480  elxstor - ok
15:17:36.0093 3480  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
15:17:36.0113 3480  ErrDev - ok
15:17:36.0130 3480  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:17:36.0161 3480  EventSystem - ok
15:17:36.0177 3480  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:17:36.0215 3480  exfat - ok
15:17:36.0227 3480  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:17:36.0271 3480  fastfat - ok
15:17:36.0318 3480  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
15:17:36.0351 3480  Fax - ok
15:17:36.0371 3480  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:17:36.0399 3480  fdc - ok
15:17:36.0415 3480  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:17:36.0454 3480  fdPHost - ok
15:17:36.0487 3480  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:17:36.0531 3480  FDResPub - ok
15:17:36.0553 3480  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:17:36.0563 3480  FileInfo - ok
15:17:36.0571 3480  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:17:36.0607 3480  Filetrace - ok
15:17:36.0702 3480  [ 5CEE6CD43AE5844C49300EA0B1E557EE ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
15:17:36.0730 3480  FLEXnet Licensing Service 64 - ok
15:17:36.0747 3480  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:17:36.0773 3480  flpydisk - ok
15:17:36.0788 3480  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:17:36.0800 3480  FltMgr - ok
15:17:36.0856 3480  [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache       C:\Windows\system32\FntCache.dll
15:17:36.0896 3480  FontCache - ok
15:17:37.0023 3480  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:17:37.0031 3480  FontCache3.0.0.0 - ok
15:17:37.0062 3480  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:17:37.0073 3480  FsDepends - ok
15:17:37.0133 3480  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:17:37.0142 3480  Fs_Rec - ok
15:17:37.0157 3480  [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:17:37.0172 3480  fvevol - ok
15:17:37.0193 3480  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:17:37.0203 3480  gagp30kx - ok
15:17:37.0234 3480  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
15:17:37.0267 3480  gpsvc - ok
15:17:37.0373 3480  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:17:37.0382 3480  gupdate - ok
15:17:37.0397 3480  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:17:37.0405 3480  gupdatem - ok
15:17:37.0439 3480  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:17:37.0470 3480  hcw85cir - ok
15:17:37.0511 3480  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:17:37.0539 3480  HdAudAddService - ok
15:17:37.0562 3480  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:17:37.0583 3480  HDAudBus - ok
15:17:37.0592 3480  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:17:37.0611 3480  HidBatt - ok
15:17:37.0630 3480  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:17:37.0644 3480  HidBth - ok
15:17:37.0659 3480  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:17:37.0678 3480  HidIr - ok
15:17:37.0698 3480  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
15:17:37.0745 3480  hidserv - ok
15:17:37.0772 3480  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:17:37.0797 3480  HidUsb - ok
15:17:37.0833 3480  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:17:37.0861 3480  hkmsvc - ok
15:17:37.0887 3480  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:17:37.0914 3480  HomeGroupListener - ok
15:17:37.0940 3480  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:17:37.0969 3480  HomeGroupProvider - ok
15:17:37.0981 3480  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
15:17:37.0992 3480  HpSAMD - ok
15:17:38.0010 3480  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:17:38.0061 3480  HTTP - ok
15:17:38.0071 3480  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:17:38.0081 3480  hwpolicy - ok
15:17:38.0092 3480  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:17:38.0105 3480  i8042prt - ok
15:17:38.0119 3480  [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys
15:17:38.0134 3480  iaStorV - ok
15:17:38.0219 3480  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:17:38.0239 3480  IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:17:38.0239 3480  IDriverT - detected UnsignedFile.Multi.Generic (1)
15:17:38.0289 3480  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:17:38.0310 3480  idsvc - ok
15:17:38.0328 3480  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:17:38.0338 3480  iirsp - ok
15:17:38.0377 3480  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
15:17:38.0428 3480  IKEEXT - ok
15:17:38.0471 3480  [ F37E4DC8EFC72AEE6CEFEE2DAD00ABD0 ] iLokDrvr        C:\Windows\system32\DRIVERS\iLokDrvr.sys
15:17:38.0480 3480  iLokDrvr - ok
15:17:38.0497 3480  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
15:17:38.0507 3480  intelide - ok
15:17:38.0530 3480  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:17:38.0556 3480  intelppm - ok
15:17:38.0573 3480  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:17:38.0613 3480  IPBusEnum - ok
15:17:38.0622 3480  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:17:38.0651 3480  IpFilterDriver - ok
15:17:38.0698 3480  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:17:38.0744 3480  iphlpsvc - ok
15:17:38.0758 3480  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:17:38.0782 3480  IPMIDRV - ok
15:17:38.0801 3480  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:17:38.0842 3480  IPNAT - ok
15:17:38.0859 3480  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:17:38.0874 3480  IRENUM - ok
15:17:38.0892 3480  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
15:17:38.0902 3480  isapnp - ok
15:17:38.0932 3480  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
15:17:38.0944 3480  iScsiPrt - ok
15:17:38.0955 3480  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:17:38.0965 3480  kbdclass - ok
15:17:38.0981 3480  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:17:39.0008 3480  kbdhid - ok
15:17:39.0024 3480  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
15:17:39.0035 3480  KeyIso - ok
15:17:39.0082 3480  [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:17:39.0092 3480  KSecDD - ok
15:17:39.0104 3480  [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:17:39.0115 3480  KSecPkg - ok
15:17:39.0132 3480  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:17:39.0169 3480  ksthunk - ok
15:17:39.0195 3480  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:17:39.0228 3480  KtmRm - ok
15:17:39.0251 3480  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\System32\srvsvc.dll
15:17:39.0286 3480  LanmanServer - ok
15:17:39.0308 3480  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:17:39.0351 3480  LanmanWorkstation - ok
15:17:39.0439 3480  [ 7772DFAB22611050B79504E671B06E6E ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
15:17:39.0455 3480  LBTServ - ok
15:17:39.0500 3480  [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:17:39.0510 3480  LHidFilt - ok
15:17:39.0560 3480  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:17:39.0589 3480  lltdio - ok
15:17:39.0637 3480  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:17:39.0692 3480  lltdsvc - ok
15:17:39.0738 3480  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:17:39.0766 3480  lmhosts - ok
15:17:39.0802 3480  [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:17:39.0812 3480  LMouFilt - ok
15:17:39.0858 3480  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:17:39.0870 3480  LSI_FC - ok
15:17:39.0879 3480  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:17:39.0890 3480  LSI_SAS - ok
15:17:39.0900 3480  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:17:39.0910 3480  LSI_SAS2 - ok
15:17:39.0926 3480  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:17:39.0937 3480  LSI_SCSI - ok
15:17:39.0970 3480  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:17:40.0012 3480  luafv - ok
15:17:40.0052 3480  [ DA3494DF01C62D821911ED91CE5E1642 ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
15:17:40.0062 3480  LUsbFilt - ok
15:17:40.0099 3480  [ D46ADC4BA784EC4B1E8090DD339487AD ] MackieAudio     C:\Windows\system32\DRIVERS\MackieAudio64.sys
15:17:40.0114 3480  MackieAudio - ok
15:17:40.0158 3480  [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
15:17:40.0169 3480  MBAMProtector - ok
15:17:40.0286 3480  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:17:40.0302 3480  MBAMScheduler - ok
15:17:40.0321 3480  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:17:40.0336 3480  MBAMService - ok
15:17:40.0368 3480  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:17:40.0398 3480  Mcx2Svc - ok
15:17:40.0416 3480  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:17:40.0426 3480  megasas - ok
15:17:40.0445 3480  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:17:40.0458 3480  MegaSR - ok
15:17:40.0489 3480  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:17:40.0535 3480  MMCSS - ok
15:17:40.0557 3480  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:17:40.0586 3480  Modem - ok
15:17:40.0625 3480  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:17:40.0649 3480  monitor - ok
15:17:40.0673 3480  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:17:40.0683 3480  mouclass - ok
15:17:40.0693 3480  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:17:40.0704 3480  mouhid - ok
15:17:40.0718 3480  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:17:40.0728 3480  mountmgr - ok
15:17:40.0764 3480  [ 24409A2A9F0351E208E14F609340FB25 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:17:40.0777 3480  MozillaMaintenance - ok
15:17:40.0793 3480  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
15:17:40.0807 3480  mpio - ok
15:17:40.0824 3480  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:17:40.0853 3480  mpsdrv - ok
15:17:40.0876 3480  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:17:40.0923 3480  MpsSvc - ok
15:17:40.0942 3480  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:17:40.0968 3480  MRxDAV - ok
15:17:40.0993 3480  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:17:41.0005 3480  mrxsmb - ok
15:17:41.0034 3480  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:17:41.0048 3480  mrxsmb10 - ok
15:17:41.0065 3480  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:17:41.0106 3480  mrxsmb20 - ok
15:17:41.0122 3480  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
15:17:41.0132 3480  msahci - ok
15:17:41.0146 3480  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
15:17:41.0158 3480  msdsm - ok
15:17:41.0169 3480  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:17:41.0198 3480  MSDTC - ok
15:17:41.0209 3480  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:17:41.0237 3480  Msfs - ok
15:17:41.0256 3480  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:17:41.0284 3480  mshidkmdf - ok
15:17:41.0298 3480  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
15:17:41.0307 3480  msisadrv - ok
15:17:41.0347 3480  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:17:41.0384 3480  MSiSCSI - ok
15:17:41.0387 3480  msiserver - ok
15:17:41.0409 3480  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:17:41.0447 3480  MSKSSRV - ok
15:17:41.0458 3480  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:17:41.0485 3480  MSPCLOCK - ok
15:17:41.0488 3480  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:17:41.0527 3480  MSPQM - ok
15:17:41.0558 3480  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:17:41.0573 3480  MsRPC - ok
15:17:41.0584 3480  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:17:41.0593 3480  mssmbios - ok
15:17:41.0605 3480  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:17:41.0646 3480  MSTEE - ok
15:17:41.0649 3480  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:17:41.0659 3480  MTConfig - ok
15:17:41.0677 3480  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:17:41.0687 3480  Mup - ok
15:17:41.0715 3480  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
15:17:41.0749 3480  napagent - ok
15:17:41.0771 3480  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:17:41.0802 3480  NativeWifiP - ok
15:17:41.0850 3480  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:17:41.0870 3480  NDIS - ok
15:17:41.0885 3480  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:17:41.0914 3480  NdisCap - ok
15:17:41.0927 3480  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:17:41.0955 3480  NdisTapi - ok
15:17:41.0972 3480  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:17:42.0000 3480  Ndisuio - ok
15:17:42.0014 3480  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:17:42.0043 3480  NdisWan - ok
15:17:42.0050 3480  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:17:42.0086 3480  NDProxy - ok
15:17:42.0099 3480  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:17:42.0140 3480  NetBIOS - ok
15:17:42.0155 3480  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:17:42.0197 3480  NetBT - ok
15:17:42.0209 3480  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
15:17:42.0220 3480  Netlogon - ok
15:17:42.0249 3480  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:17:42.0280 3480  Netman - ok
15:17:42.0305 3480  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:17:42.0315 3480  NetMsmqActivator - ok
15:17:42.0318 3480  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:17:42.0327 3480  NetPipeActivator - ok
15:17:42.0345 3480  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:17:42.0388 3480  netprofm - ok
15:17:42.0392 3480  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:17:42.0400 3480  NetTcpActivator - ok
15:17:42.0403 3480  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:17:42.0411 3480  NetTcpPortSharing - ok
15:17:42.0453 3480  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:17:42.0463 3480  nfrd960 - ok
15:17:42.0635 3480  [ 0BCB418C2906852C6F9347A258FD5711 ] NIHardwareService C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
15:17:42.0717 3480  NIHardwareService ( UnsignedFile.Multi.Generic ) - warning
15:17:42.0717 3480  NIHardwareService - detected UnsignedFile.Multi.Generic (1)
15:17:42.0756 3480  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:17:42.0795 3480  NlaSvc - ok
15:17:42.0813 3480  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:17:42.0841 3480  Npfs - ok
15:17:42.0858 3480  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:17:42.0907 3480  nsi - ok
15:17:42.0928 3480  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:17:42.0963 3480  nsiproxy - ok
15:17:43.0003 3480  [ 356698A13C4630D5B31C37378D469196 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:17:43.0032 3480  Ntfs - ok
15:17:43.0039 3480  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:17:43.0067 3480  Null - ok
15:17:43.0101 3480  [ 7AEAB7A9C665E97F8CF2CC87D9CCEEBB ] NvnUsbAudio     C:\Windows\system32\DRIVERS\nvnusbaudio.sys
15:17:43.0112 3480  NvnUsbAudio - ok
15:17:43.0133 3480  [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
15:17:43.0145 3480  nvraid - ok
15:17:43.0160 3480  [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
15:17:43.0172 3480  nvstor - ok
15:17:43.0196 3480  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
15:17:43.0207 3480  nv_agp - ok
15:17:43.0218 3480  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
15:17:43.0241 3480  ohci1394 - ok
15:17:43.0260 3480  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:17:43.0289 3480  p2pimsvc - ok
15:17:43.0308 3480  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:17:43.0323 3480  p2psvc - ok
15:17:43.0417 3480  [ 3269F55D511F45DD909D4CB13A7CD083 ] PaceLicenseDServices C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
15:17:43.0465 3480  PaceLicenseDServices ( UnsignedFile.Multi.Generic ) - warning
15:17:43.0466 3480  PaceLicenseDServices - detected UnsignedFile.Multi.Generic (1)
15:17:43.0504 3480  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:17:43.0517 3480  Parport - ok
15:17:43.0556 3480  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:17:43.0566 3480  partmgr - ok
15:17:43.0583 3480  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:17:43.0605 3480  PcaSvc - ok
15:17:43.0648 3480  [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
15:17:43.0674 3480  pccsmcfd - ok
15:17:43.0699 3480  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
15:17:43.0710 3480  pci - ok
15:17:43.0725 3480  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
15:17:43.0734 3480  pciide - ok
15:17:43.0747 3480  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:17:43.0760 3480  pcmcia - ok
15:17:43.0777 3480  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:17:43.0787 3480  pcw - ok
15:17:43.0805 3480  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:17:43.0848 3480  PEAUTH - ok
15:17:43.0910 3480  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
15:17:43.0945 3480  PeerDistSvc - ok
15:17:44.0017 3480  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:17:44.0038 3480  PerfHost - ok
15:17:44.0091 3480  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
15:17:44.0178 3480  pla - ok
15:17:44.0227 3480  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:17:44.0258 3480  PlugPlay - ok
15:17:44.0286 3480  PnkBstrA - ok
15:17:44.0303 3480  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:17:44.0314 3480  PNRPAutoReg - ok
15:17:44.0332 3480  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:17:44.0345 3480  PNRPsvc - ok
15:17:44.0374 3480  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:17:44.0413 3480  PolicyAgent - ok
15:17:44.0442 3480  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:17:44.0472 3480  Power - ok
15:17:44.0508 3480  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:17:44.0547 3480  PptpMiniport - ok
15:17:44.0559 3480  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:17:44.0571 3480  Processor - ok
15:17:44.0584 3480  [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc         C:\Windows\system32\profsvc.dll
15:17:44.0631 3480  ProfSvc - ok
15:17:44.0642 3480  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:17:44.0652 3480  ProtectedStorage - ok
15:17:44.0678 3480  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:17:44.0722 3480  Psched - ok
15:17:44.0775 3480  [ BC08F7F3C53CBEE68670ED1314E290FD ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
15:17:44.0784 3480  PxHlpa64 - ok
15:17:44.0829 3480  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:17:44.0862 3480  ql2300 - ok
15:17:44.0880 3480  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:17:44.0891 3480  ql40xx - ok
15:17:44.0907 3480  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:17:44.0924 3480  QWAVE - ok
15:17:44.0936 3480  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:17:44.0964 3480  QWAVEdrv - ok
15:17:44.0979 3480  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:17:45.0008 3480  RasAcd - ok
15:17:45.0043 3480  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:17:45.0072 3480  RasAgileVpn - ok
15:17:45.0088 3480  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:17:45.0118 3480  RasAuto - ok
15:17:45.0127 3480  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:17:45.0169 3480  Rasl2tp - ok
15:17:45.0196 3480  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
15:17:45.0242 3480  RasMan - ok
15:17:45.0258 3480  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:17:45.0299 3480  RasPppoe - ok
15:17:45.0319 3480  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:17:45.0347 3480  RasSstp - ok
15:17:45.0369 3480  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:17:45.0408 3480  rdbss - ok
15:17:45.0429 3480  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:17:45.0463 3480  rdpbus - ok
15:17:45.0509 3480  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:17:45.0537 3480  RDPCDD - ok
15:17:45.0566 3480  [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
15:17:45.0596 3480  RDPDR - ok
15:17:45.0746 3480  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:17:45.0773 3480  RDPENCDD - ok
15:17:45.0778 3480  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:17:45.0804 3480  RDPREFMP - ok
15:17:45.0829 3480  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:17:45.0850 3480  RDPWD - ok
15:17:45.0868 3480  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:17:45.0880 3480  rdyboost - ok
15:17:45.0896 3480  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:17:45.0932 3480  RemoteAccess - ok
15:17:45.0956 3480  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:17:45.0985 3480  RemoteRegistry - ok
15:17:46.0034 3480  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
15:17:46.0061 3480  RFCOMM - ok
15:17:46.0077 3480  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:17:46.0106 3480  RpcEptMapper - ok
15:17:46.0114 3480  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:17:46.0125 3480  RpcLocator - ok
15:17:46.0141 3480  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
15:17:46.0174 3480  RpcSs - ok
15:17:46.0206 3480  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:17:46.0260 3480  rspndr - ok
15:17:46.0339 3480  [ 651F33C42D88EC9B577EA5E9AC4B6970 ] rtpMIDIService  C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
15:17:46.0353 3480  rtpMIDIService ( UnsignedFile.Multi.Generic ) - warning
15:17:46.0353 3480  rtpMIDIService - detected UnsignedFile.Multi.Generic (1)
15:17:46.0368 3480  [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap           C:\Windows\system32\DRIVERS\vms3cap.sys
15:17:46.0388 3480  s3cap - ok
15:17:46.0418 3480  [ 248ABD858FF7DCC966E5A54529DDD225 ] SaiH040B        C:\Windows\system32\DRIVERS\SaiH040B.sys
15:17:46.0429 3480  SaiH040B - ok
15:17:46.0458 3480  [ 9E7E53891D1747A01F491AB25B95135D ] SaiMini         C:\Windows\system32\DRIVERS\SaiMini.sys
15:17:46.0467 3480  SaiMini - ok
15:17:46.0473 3480  [ B3B86BE19A0CAF025F679C39FD21E735 ] SaiNtBus        C:\Windows\system32\drivers\SaiBus.sys
15:17:46.0482 3480  SaiNtBus - ok
15:17:46.0497 3480  [ 547B16D072A3AFCE5807BE20C3F4734B ] SaiU040B        C:\Windows\system32\DRIVERS\SaiU040B.sys
15:17:46.0506 3480  SaiU040B - ok
15:17:46.0522 3480  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs           C:\Windows\system32\lsass.exe
15:17:46.0532 3480  SamSs - ok
15:17:46.0549 3480  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
15:17:46.0560 3480  sbp2port - ok
15:17:46.0570 3480  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:17:46.0617 3480  SCardSvr - ok
15:17:46.0632 3480  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:17:46.0671 3480  scfilter - ok
15:17:46.0720 3480  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
15:17:46.0740 3480  Schedule - ok
15:17:46.0759 3480  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:17:46.0787 3480  SCPolicySvc - ok
15:17:46.0797 3480  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:17:46.0822 3480  SDRSVC - ok
15:17:46.0836 3480  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:17:46.0868 3480  secdrv - ok
15:17:46.0905 3480  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
15:17:46.0948 3480  seclogon - ok
15:17:46.0993 3480  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
15:17:47.0042 3480  SENS - ok
15:17:47.0058 3480  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:17:47.0086 3480  SensrSvc - ok
15:17:47.0108 3480  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:17:47.0118 3480  Serenum - ok
15:17:47.0151 3480  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:17:47.0185 3480  Serial - ok
15:17:47.0226 3480  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:17:47.0237 3480  sermouse - ok
15:17:47.0288 3480  [ C15B813F2FDB44F87F23312472C6E790 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
15:17:47.0304 3480  ServiceLayer - ok
15:17:47.0326 3480  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
15:17:47.0355 3480  SessionEnv - ok
15:17:47.0364 3480  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
15:17:47.0388 3480  sffdisk - ok
15:17:47.0399 3480  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:17:47.0412 3480  sffp_mmc - ok
15:17:47.0415 3480  [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
15:17:47.0427 3480  sffp_sd - ok
15:17:47.0438 3480  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:17:47.0467 3480  sfloppy - ok
15:17:47.0502 3480  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:17:47.0551 3480  SharedAccess - ok
15:17:47.0569 3480  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:17:47.0586 3480  ShellHWDetection - ok
15:17:47.0595 3480  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:17:47.0606 3480  SiSRaid2 - ok
15:17:47.0615 3480  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:17:47.0626 3480  SiSRaid4 - ok
15:17:47.0675 3480  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
15:17:47.0684 3480  SkypeUpdate - ok
15:17:47.0708 3480  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:17:47.0738 3480  Smb - ok
15:17:47.0766 3480  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:17:47.0778 3480  SNMPTRAP - ok
15:17:47.0786 3480  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:17:47.0796 3480  spldr - ok
15:17:47.0825 3480  [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler         C:\Windows\System32\spoolsv.exe
15:17:47.0840 3480  Spooler - ok
15:17:47.0895 3480  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
15:17:47.0947 3480  sppsvc - ok
15:17:47.0958 3480  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:17:48.0001 3480  sppuinotify - ok
15:17:48.0044 3480  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:17:48.0072 3480  srv - ok
15:17:48.0089 3480  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:17:48.0102 3480  srv2 - ok
15:17:48.0120 3480  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:17:48.0144 3480  srvnet - ok
15:17:48.0192 3480  [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus         C:\Windows\system32\DRIVERS\sscdbus.sys
15:17:48.0203 3480  sscdbus - ok
15:17:48.0238 3480  [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl        C:\Windows\system32\DRIVERS\sscdmdfl.sys
15:17:48.0247 3480  sscdmdfl - ok
15:17:48.0287 3480  [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm         C:\Windows\system32\DRIVERS\sscdmdm.sys
15:17:48.0298 3480  sscdmdm - ok
15:17:48.0334 3480  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:17:48.0364 3480  SSDPSRV - ok
15:17:48.0382 3480  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:17:48.0421 3480  SstpSvc - ok
15:17:48.0433 3480  [ AD42CA614E086BCADBD53FFFC404AC24 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
15:17:48.0445 3480  ssudmdm - ok
15:17:48.0486 3480  Steam Client Service - ok
15:17:48.0512 3480  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:17:48.0522 3480  stexstor - ok
15:17:48.0557 3480  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
15:17:48.0578 3480  stisvc - ok
15:17:48.0616 3480  [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
15:17:48.0626 3480  storflt - ok
15:17:48.0648 3480  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
15:17:48.0673 3480  StorSvc - ok
15:17:48.0687 3480  [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc         C:\Windows\system32\DRIVERS\storvsc.sys
15:17:48.0698 3480  storvsc - ok
15:17:48.0706 3480  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:17:48.0715 3480  swenum - ok
15:17:48.0787 3480  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:17:48.0800 3480  SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
15:17:48.0800 3480  SwitchBoard - detected UnsignedFile.Multi.Generic (1)
15:17:48.0813 3480  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:17:48.0858 3480  swprv - ok
15:17:48.0879 3480  [ BCB6AA197267D3506BE2535342FC40E0 ] SynUSB64        C:\Windows\system32\DRIVERS\SynUSB64.sys
15:17:48.0887 3480  SynUSB64 - ok
15:17:48.0929 3480  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
15:17:48.0968 3480  SysMain - ok
15:17:48.0985 3480  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:17:49.0000 3480  TabletInputService - ok
15:17:49.0018 3480  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:17:49.0049 3480  TapiSrv - ok
15:17:49.0065 3480  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:17:49.0105 3480  TBS - ok
15:17:49.0163 3480  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:17:49.0196 3480  Tcpip - ok
15:17:49.0247 3480  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:17:49.0278 3480  TCPIP6 - ok
15:17:49.0302 3480  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:17:49.0331 3480  tcpipreg - ok
15:17:49.0339 3480  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:17:49.0350 3480  TDPIPE - ok
15:17:49.0392 3480  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:17:49.0418 3480  TDTCP - ok
15:17:49.0439 3480  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:17:49.0467 3480  tdx - ok
15:17:49.0487 3480  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:17:49.0497 3480  TermDD - ok
15:17:49.0524 3480  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
15:17:49.0558 3480  TermService - ok
15:17:49.0606 3480  [ 678BD7D7620368AF1F399662E9B941B4 ] teVirtualMIDI64 C:\Windows\system32\DRIVERS\teVirtualMIDI64.sys
15:17:49.0632 3480  teVirtualMIDI64 - ok
15:17:49.0665 3480  [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk       C:\Windows\System32\Drivers\TFsExDisk.sys
15:17:49.0673 3480  TFsExDisk - ok
15:17:49.0685 3480  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:17:49.0708 3480  Themes - ok
15:17:49.0723 3480  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:17:49.0751 3480  THREADORDER - ok
15:17:49.0803 3480  [ 832F9D02B20DE69C52E81DBE13599EE1 ] Tpkd            C:\Windows\system32\drivers\Tpkd.sys
15:17:49.0811 3480  Tpkd - ok
15:17:49.0824 3480  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:17:49.0862 3480  TrkWks - ok
15:17:49.0893 3480  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:17:49.0906 3480  TrustedInstaller - ok
15:17:49.0915 3480  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:17:49.0954 3480  tssecsrv - ok
15:17:49.0983 3480  [ 3D61C1AA2460A995965D95256B0C66A1 ] TTMIDICHIP      C:\Windows\system32\drivers\ttatmidi.sys
15:17:49.0992 3480  TTMIDICHIP - ok
15:17:50.0019 3480  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:17:50.0048 3480  tunnel - ok
15:17:50.0057 3480  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:17:50.0068 3480  uagp35 - ok
15:17:50.0079 3480  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:17:50.0110 3480  udfs - ok
15:17:50.0127 3480  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:17:50.0151 3480  UI0Detect - ok
15:17:50.0180 3480  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
15:17:50.0190 3480  uliagpkx - ok
15:17:50.0216 3480  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:17:50.0227 3480  umbus - ok
15:17:50.0254 3480  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:17:50.0265 3480  UmPass - ok
15:17:50.0289 3480  [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService    C:\Windows\System32\umrdp.dll
15:17:50.0323 3480  UmRdpService - ok
15:17:50.0351 3480  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:17:50.0394 3480  upnphost - ok
15:17:50.0419 3480  [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:17:50.0449 3480  usbaudio - ok
15:17:50.0470 3480  [ B26AFB54A534D634523C4FB66765B026 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:17:50.0504 3480  usbccgp - ok
15:17:50.0528 3480  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
15:17:50.0551 3480  usbcir - ok
15:17:50.0569 3480  [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:17:50.0588 3480  usbehci - ok
15:17:50.0606 3480  [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:17:50.0621 3480  usbhub - ok
15:17:50.0640 3480  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
15:17:50.0651 3480  usbohci - ok
15:17:50.0669 3480  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:17:50.0682 3480  usbprint - ok
15:17:50.0712 3480  [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:17:50.0723 3480  USBSTOR - ok
15:17:50.0739 3480  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
15:17:50.0750 3480  usbuhci - ok
15:17:50.0795 3480  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:17:50.0825 3480  UxSms - ok
15:17:50.0868 3480  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
15:17:50.0879 3480  VaultSvc - ok
15:17:50.0928 3480  [ 6372EAA7CC0E8A2FC4BE7B3F2DE1ED62 ] VBoxDrv         C:\Windows\system32\DRIVERS\VBoxDrv.sys
15:17:50.0940 3480  VBoxDrv - ok
15:17:50.0947 3480  [ B996117F6202464A56901CBC13999FE2 ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
15:17:50.0957 3480  VBoxNetAdp - ok
15:17:50.0971 3480  [ 89835A2F779979F1D545E40F36D737E0 ] VBoxNetFlt      C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
15:17:50.0981 3480  VBoxNetFlt - ok
15:17:51.0038 3480  [ F9BD6CFF0376D1DADDB1CB2F794D9BC7 ] VBoxUSBMon      C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
15:17:51.0049 3480  VBoxUSBMon - ok
15:17:51.0077 3480  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
15:17:51.0087 3480  vdrvroot - ok
15:17:51.0104 3480  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
15:17:51.0133 3480  vds - ok
15:17:51.0153 3480  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:17:51.0167 3480  vga - ok
15:17:51.0181 3480  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:17:51.0217 3480  VgaSave - ok
15:17:51.0237 3480  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
15:17:51.0250 3480  vhdmp - ok
15:17:51.0266 3480  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
15:17:51.0276 3480  viaide - ok
15:17:51.0299 3480  [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus           C:\Windows\system32\DRIVERS\vmbus.sys
15:17:51.0312 3480  vmbus - ok
15:17:51.0333 3480  [ AE10C35761889E65A6F7176937C5592C ] VMBusHID        C:\Windows\system32\DRIVERS\VMBusHID.sys
15:17:51.0350 3480  VMBusHID - ok
15:17:51.0367 3480  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
15:17:51.0377 3480  volmgr - ok
15:17:51.0390 3480  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:17:51.0404 3480  volmgrx - ok
15:17:51.0423 3480  [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
15:17:51.0437 3480  volsnap - ok
15:17:51.0454 3480  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:17:51.0466 3480  vsmraid - ok
15:17:51.0497 3480  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
15:17:51.0525 3480  VSS - ok
15:17:51.0552 3480  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
15:17:51.0565 3480  vwifibus - ok
15:17:51.0601 3480  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:17:51.0634 3480  W32Time - ok
15:17:51.0646 3480  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:17:51.0665 3480  WacomPen - ok
15:17:51.0682 3480  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:17:51.0711 3480  WANARP - ok
15:17:51.0720 3480  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:17:51.0747 3480  Wanarpv6 - ok
15:17:51.0803 3480  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
15:17:51.0832 3480  WatAdminSvc - ok
15:17:51.0871 3480  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
15:17:51.0920 3480  wbengine - ok
15:17:51.0934 3480  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:17:51.0952 3480  WbioSrvc - ok
15:17:51.0967 3480  [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:17:51.0986 3480  wcncsvc - ok
15:17:51.0993 3480  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:17:52.0005 3480  WcsPlugInService - ok
15:17:52.0011 3480  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:17:52.0021 3480  Wd - ok
15:17:52.0044 3480  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:17:52.0063 3480  Wdf01000 - ok
15:17:52.0081 3480  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:17:52.0112 3480  WdiServiceHost - ok
15:17:52.0115 3480  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:17:52.0130 3480  WdiSystemHost - ok
15:17:52.0158 3480  [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient       C:\Windows\System32\webclnt.dll
15:17:52.0183 3480  WebClient - ok
15:17:52.0202 3480  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:17:52.0235 3480  Wecsvc - ok
15:17:52.0248 3480  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:17:52.0299 3480  wercplsupport - ok
15:17:52.0334 3480  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:17:52.0369 3480  WerSvc - ok
15:17:52.0391 3480  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:17:52.0419 3480  WfpLwf - ok
15:17:52.0430 3480  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:17:52.0440 3480  WIMMount - ok
15:17:52.0462 3480  WinDefend - ok
15:17:52.0467 3480  WinHttpAutoProxySvc - ok
15:17:52.0525 3480  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:17:52.0554 3480  Winmgmt - ok
15:17:52.0590 3480  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
15:17:52.0676 3480  WinRM - ok
15:17:52.0717 3480  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:17:52.0730 3480  WinUsb - ok
15:17:52.0750 3480  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:17:52.0795 3480  Wlansvc - ok
15:17:52.0818 3480  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
15:17:52.0840 3480  WmiAcpi - ok
15:17:52.0857 3480  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:17:52.0882 3480  wmiApSrv - ok
15:17:52.0896 3480  WMPNetworkSvc - ok
15:17:52.0908 3480  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:17:52.0919 3480  WPCSvc - ok
15:17:52.0930 3480  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:17:52.0943 3480  WPDBusEnum - ok
15:17:52.0951 3480  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:17:52.0993 3480  ws2ifsl - ok
15:17:53.0009 3480  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
15:17:53.0030 3480  wscsvc - ok
15:17:53.0032 3480  WSearch - ok
15:17:53.0101 3480  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:17:53.0147 3480  wuauserv - ok
15:17:53.0164 3480  [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:17:53.0193 3480  WudfPf - ok
15:17:53.0219 3480  [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:17:53.0248 3480  WUDFRd - ok
15:17:53.0265 3480  [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:17:53.0301 3480  wudfsvc - ok
15:17:53.0320 3480  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:17:53.0336 3480  WwanSvc - ok
15:17:53.0379 3480  [ 8A812A2A2D1FFF9654919BC5433104DA ] YMIDUSBW        C:\Windows\system32\drivers\ymidusbx64.sys
15:17:53.0388 3480  YMIDUSBW - ok
15:17:53.0419 3480  ================ Scan global ===============================
15:17:53.0444 3480  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:17:53.0478 3480  [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
15:17:53.0483 3480  [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
15:17:53.0503 3480  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:17:53.0523 3480  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:17:53.0526 3480  [Global] - ok
15:17:53.0526 3480  ================ Scan MBR ==================================
15:17:53.0543 3480  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:17:53.0731 3480  \Device\Harddisk0\DR0 - ok
15:17:53.0741 3480  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
15:17:53.0807 3480  \Device\Harddisk1\DR1 - ok
15:17:53.0817 3480  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
15:17:53.0881 3480  \Device\Harddisk2\DR2 - ok
15:17:53.0887 3480  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR3
15:17:54.0087 3480  \Device\Harddisk3\DR3 - ok
15:17:54.0087 3480  ================ Scan VBR ==================================
15:17:54.0089 3480  [ 0CCF01C94BCC7076C219F91EE7DFC8D7 ] \Device\Harddisk0\DR0\Partition1
15:17:54.0091 3480  \Device\Harddisk0\DR0\Partition1 - ok
15:17:54.0093 3480  [ 91F7E78F022132DAA62891BAFFC5B3CA ] \Device\Harddisk0\DR0\Partition2
15:17:54.0094 3480  \Device\Harddisk0\DR0\Partition2 - ok
15:17:54.0119 3480  [ B0679DE60C3E21E3905B472B68259467 ] \Device\Harddisk1\DR1\Partition1
15:17:54.0121 3480  \Device\Harddisk1\DR1\Partition1 - ok
15:17:54.0145 3480  [ E08D9D4DDF242874A0556A0C21C9DF47 ] \Device\Harddisk2\DR2\Partition1
15:17:54.0147 3480  \Device\Harddisk2\DR2\Partition1 - ok
15:17:54.0150 3480  [ 810DD51FD4261A23AD0A9295E9B98D17 ] \Device\Harddisk3\DR3\Partition1
15:17:54.0152 3480  \Device\Harddisk3\DR3\Partition1 - ok
15:17:54.0152 3480  ============================================================
15:17:54.0153 3480  Scan finished
15:17:54.0153 3480  ============================================================
15:17:54.0161 1856  Detected object count: 5
15:17:54.0161 1856  Actual detected object count: 5
15:18:28.0147 1856  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:18:28.0147 1856  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:18:28.0147 1856  NIHardwareService ( UnsignedFile.Multi.Generic ) - skipped by user
15:18:28.0147 1856  NIHardwareService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:18:28.0148 1856  PaceLicenseDServices ( UnsignedFile.Multi.Generic ) - skipped by user
15:18:28.0148 1856  PaceLicenseDServices ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:18:28.0149 1856  rtpMIDIService ( UnsignedFile.Multi.Generic ) - skipped by user
15:18:28.0149 1856  rtpMIDIService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:18:28.0150 1856  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
15:18:28.0150 1856  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Danke und schöne Grüße,
Limatu

Alt 26.10.2012, 14:36   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Delf in "C:\ProgramData\lsass.exe" - Standard

Trojan.Delf in "C:\ProgramData\lsass.exe"



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.10.2012, 21:09   #12
Limatu
 
Trojan.Delf in "C:\ProgramData\lsass.exe" - Standard

Trojan.Delf in "C:\ProgramData\lsass.exe"



So, hier ist das nächste aswMBR Log:

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-26 21:22:14
-----------------------------
21:22:14.498    OS Version: Windows x64 6.1.7600 
21:22:14.498    Number of processors: 8 586 0x2C02
21:22:14.499    ComputerName: LIMATUII  UserName: andi
21:22:17.415    Initialize success
21:27:14.906    AVAST engine defs: 12102601
21:30:27.264    Disk 0  \Device\Harddisk0\DR0 -> \Device\00000067
21:30:27.267    Disk 0 Vendor: Dell____ 1028 Size: 476416MB BusType: 10
21:30:27.269    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000068
21:30:27.271    Disk 1 Vendor: ATA_____ 3B01 Size: 476940MB BusType: 10
21:30:27.273    Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\00000069
21:30:27.275    Disk 2 Vendor: ATA_____ 1118 Size: 476940MB BusType: 10
21:30:27.285    Disk 2 MBR read successfully
21:30:27.289    Disk 2 MBR scan
21:30:27.294    Disk 2 Windows 7 default MBR code
21:30:27.304    Disk 2 Partition 1 00     07    HPFS/NTFS NTFS       476938 MB offset 2048
21:30:27.328    Disk 2 scanning C:\Windows\system32\drivers
21:30:35.257    Service scanning
21:30:51.618    Modules scanning
21:30:51.956    Disk 2 trace - called modules:
21:30:51.970    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll lsi_sas.sys 
21:30:51.976    1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa800aa85060]
21:30:51.980    3 CLASSPNP.SYS[fffff880011d043f] -> nt!IofCallDriver -> \Device\00000069[0xfffffa80098fc9d0]
21:30:54.348    AVAST engine scan C:\Windows
21:30:57.235    AVAST engine scan C:\Windows\system32
21:33:33.277    AVAST engine scan C:\Windows\system32\drivers
21:33:43.640    AVAST engine scan C:\Users\andi
21:50:56.680    AVAST engine scan C:\ProgramData
21:54:11.620    Scan finished successfully
22:01:56.892    Disk 2 MBR has been saved successfully to "C:\MBR.dat"
22:01:56.897    The log file has been saved successfully to "C:\aswMBR.txt"
         
Bin schon gespannt wie es weitergeht.
Danke und schöne Grüße,
Limatu

Alt 27.10.2012, 14:25   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Delf in "C:\ProgramData\lsass.exe" - Standard

Trojan.Delf in "C:\ProgramData\lsass.exe"



Sieht auch gut aus, eine Kontrolle bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.10.2012, 18:57   #14
Limatu
 
Trojan.Delf in "C:\ProgramData\lsass.exe" - Standard

Trojan.Delf in "C:\ProgramData\lsass.exe"



Hallo Cosinus,
hier die Kontroll-logs:

Code:
ATTFilter
OTL logfile created on: 27.10.2012 16:56:25 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\andi\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
12,00 Gb Total Physical Memory | 9,63 Gb Available Physical Memory | 80,27% Memory free
23,99 Gb Paging File | 20,45 Gb Available in Paging File | 85,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 314,38 Gb Free Space | 67,50% Space Free | Partition Type: NTFS
Drive D: | 465,15 Gb Total Space | 57,34 Gb Free Space | 12,33% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 465,76 Gb Total Space | 206,15 Gb Free Space | 44,26% Space Free | Partition Type: NTFS
Drive K: | 1,89 Gb Total Space | 1,89 Gb Free Space | 99,99% Space Free | Partition Type: FAT
 
Computer Name: LIMATUII | User Name: andi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\andi\Desktop\aswMBR.exe (AVAST Software)
PRC - C:\Users\andi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\andi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Dexpot\dexpot.exe (Dexpot GbR)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe (PACE Anti-Piracy, Inc.)
PRC - C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe (Tobias Erichsen)
PRC - G:\Programme\todolist\ToDoList.exe (AbstractSpoon Software)
PRC - C:\Users\andi\Local Settings\Apps\F.lux\flux.exe ()
PRC - G:\Programme\Caps Lock Changer\caps_lock_changer.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\andi\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\andi\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\andi\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll ()
MOD - C:\Users\andi\AppData\Local\Google\Chrome\Application\22.0.1229.94\libglesv2.dll ()
MOD - C:\Users\andi\AppData\Local\Google\Chrome\Application\22.0.1229.94\libegl.dll ()
MOD - C:\Users\andi\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll ()
MOD - C:\Users\andi\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll ()
MOD - C:\Users\andi\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\2be5c267837bce48c2588db1cb45a218\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\2dc4170e59c6defec194ce1d3b7e9b6e\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\31649acbb300c306f8359f26e94572a9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\874de73de0aefaefe4d1226396d1b0c3\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3d0c73f63305fa092666e6488634d025\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\6a277b0dd5279e1f76d31604b4eeb31f\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\7f9313247dd8235f6d4b63672b9ae3ad\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\adf79290d55b53d72aaedf49dc0ab05c\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\124775115f8585454f2f7470b74a7d8d\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\0ad566912479454ed9ce37fb09de2715\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\6e70ff4b74bed30aa8751253ed8aee56\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5339ecdda252537e37def11dc77c77aa\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - G:\Programme\todolist\RTFContentCtrl.dll ()
MOD - G:\Programme\todolist\OutlookImpExp.dll ()
MOD - G:\Programme\todolist\FMindImportExport.dll ()
MOD - G:\Programme\todolist\MLOImport.dll ()
MOD - G:\Programme\todolist\PlainTextImport.dll ()
MOD - G:\Programme\todolist\iCalImportExport.dll ()
MOD - G:\Programme\todolist\GPExport.dll ()
MOD - C:\Users\andi\Local Settings\Apps\F.lux\flux.exe ()
MOD - G:\Programme\Caps Lock Changer\caps_lock_changer.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (PaceLicenseDServices) -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe (PACE Anti-Piracy, Inc.)
SRV - (rtpMIDIService) -- C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe (Tobias Erichsen)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (DAUpdaterSvc) -- G:\Spiele\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (NvnUsbAudio) -- C:\Windows\SysNative\drivers\nvnusbaudio.sys (Novation DMS Ltd.)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (automap) -- C:\Windows\SysNative\drivers\automap.sys (Focusrite Audio Engineering Limited)
DRV:64bit: - (iLokDrvr) -- C:\Windows\SysNative\drivers\iLokDrvr.sys ()
DRV:64bit: - (Tpkd) -- C:\Windows\SysNative\drivers\Tpkd.sys (PACE Anti-Piracy, Inc.)
DRV:64bit: - (teVirtualMIDI64) -- C:\Windows\SysNative\drivers\teVirtualMIDI64.sys (Tobias Erichsen)
DRV:64bit: - (TTMIDICHIP) -- C:\Windows\SysNative\drivers\ttatmidi.sys (Ploytec GmbH)
DRV:64bit: - (MackieAudio) -- C:\Windows\SysNative\drivers\MackieAudio64.sys (LOUD Technologies, Inc.)
DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)
DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\drivers\SaiMini.sys (Saitek)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (YMIDUSBW) -- C:\Windows\SysNative\drivers\ymidusbx64.sys (Yamaha Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (SynUSB64) -- C:\Windows\SysNative\drivers\synusb64.sys (Steinberg Media Technologies GmbH)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SaiH040B) -- C:\Windows\SysNative\drivers\SaiH040B.sys (Saitek)
DRV:64bit: - (SaiU040B) -- C:\Windows\SysNative\drivers\SaiU040B.sys (Saitek)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3536413052-1497961762-845648814-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKU\S-1-5-21-3536413052-1497961762-845648814-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1F DA 69 19 26 B1 CD 01  [binary data]
IE - HKU\S-1-5-21-3536413052-1497961762-845648814-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3536413052-1497961762-845648814-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3536413052-1497961762-845648814-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3536413052-1497961762-845648814-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@ilok.com/iLokHelper,version=3.1.0.7: C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll ( PACE Anti-Piracy, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.com/RCplugin: C:\Users\andi\AppData\LocalLow\raidcall\plugins\webplugin_en.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\andi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\andi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\andi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Browser\Mozilla Firefox\components [2012.04.06 11:16:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Browser\Mozilla Firefox\plugins [2012.09.04 15:58:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.25 13:38:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.09.04 15:58:29 | 000,000,000 | ---D | M]
 
[2010.10.02 16:36:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\Extensions
[2010.10.02 16:36:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009.06.13 16:24:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\Firefox\Profiles\gmiqs0b3.default\extensions
[2011.06.15 09:58:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\Firefox\Profiles\s9f4tyf2.default\extensions
[2010.10.01 22:37:09 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\andi\AppData\Roaming\mozilla\Firefox\Profiles\s9f4tyf2.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2012.09.17 08:58:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\Firefox\Profiles\zcddboys.default\extensions
[2012.04.24 22:40:36 | 000,000,000 | ---D | M] (Site Launcher) -- C:\Users\andi\AppData\Roaming\mozilla\Firefox\Profiles\zcddboys.default\extensions\{20291fcc-1471-46c8-8213-5911f5ce6d67}
[2010.10.03 14:34:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\andi\AppData\Roaming\mozilla\Firefox\Profiles\zcddboys.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.03 21:32:08 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\andi\AppData\Roaming\mozilla\Firefox\Profiles\zcddboys.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011.03.03 21:32:07 | 000,000,000 | ---D | M] ("2 Pane Bookmarks") -- C:\Users\andi\AppData\Roaming\mozilla\Firefox\Profiles\zcddboys.default\extensions\{FD61379B-066A-4afc-89DE-89FB24D907C2}
[2011.03.03 21:32:10 | 000,000,000 | ---D | M] (VideoTap) -- C:\Users\andi\AppData\Roaming\mozilla\Firefox\Profiles\zcddboys.default\extensions\flvripper@harsha
[2012.03.27 20:07:00 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\andi\AppData\Roaming\mozilla\Firefox\Profiles\zcddboys.default\extensions\inspector@mozilla.org
[2012.09.17 08:58:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\Firefox\Profiles\zcddboys.default\extensions\staged
[2011.11.07 17:09:26 | 000,010,102 | ---- | M] () (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\zcddboys.default\extensions\amazononclick@martin.schreiber.xpi
[2012.02.23 14:11:32 | 000,018,789 | ---- | M] () (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\zcddboys.default\extensions\contextMenuExtension@leo.org.xpi
[2012.08.06 20:36:29 | 001,335,949 | ---- | M] () (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\zcddboys.default\extensions\firebug@software.joehewitt.com.xpi
[2012.08.06 20:36:29 | 000,159,870 | ---- | M] () (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\zcddboys.default\extensions\status4evar@caligonstudios.com.xpi
[2011.12.20 18:02:43 | 000,275,540 | ---- | M] () (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\zcddboys.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2012.09.17 08:58:37 | 000,527,915 | ---- | M] () (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\zcddboys.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.02.23 14:11:33 | 000,279,187 | ---- | M] () (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\zcddboys.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
[2012.01.06 21:24:08 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\zcddboys.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.10.30 22:04:39 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\zcddboys.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012.09.17 08:58:36 | 000,163,080 | ---- | M] () (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\zcddboys.default\extensions\staged\status4evar@caligonstudios.com.xpi
[2012.09.17 08:58:37 | 000,276,167 | ---- | M] () (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\zcddboys.default\extensions\staged\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2012.09.17 08:58:38 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\zcddboys.default\extensions\staged\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012.09.17 08:58:36 | 000,314,397 | ---- | M] () (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\zcddboys.default\extensions\staged\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
[2012.09.17 08:58:38 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\andi\AppData\Roaming\mozilla\firefox\profiles\zcddboys.default\extensions\staged\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
File not found (No name found) -- H:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\andi\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\andi\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\andi\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\andi\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Browser\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Browser\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Browser\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Browser\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Browser\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Browser\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Browser\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Browser\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Browser\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: PACE Client Helper Plugin (Enabled) = C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\andi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Raidcall plugin (Enabled) = C:\Users\andi\AppData\LocalLow\raidcall\plugins\webplugin_en.dll
CHR - Extension: Session Manager = C:\Users\andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi\0.4_0\
CHR - Extension: AdBlock = C:\Users\andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.46_0\
CHR - Extension: Speed Dial 2 = C:\Users\andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik\1.6.1.2_0\
CHR - Extension: Smooth Gestures = C:\Users\andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld\0.15.4.13_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.15_0\
 
O1 HOSTS File: ([2012.10.25 17:27:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ATIModeChange] Ati2mdxx.exe File not found
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3536413052-1497961762-845648814-1001..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-3536413052-1497961762-845648814-1001..\Run: [Dexpot] C:\Program Files (x86)\Dexpot\dexpot.exe (Dexpot GbR)
O4 - HKU\S-1-5-21-3536413052-1497961762-845648814-1001..\Run: [F.lux] C:\Users\andi\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKU\S-1-5-21-3536413052-1497961762-845648814-1001..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-3536413052-1497961762-845648814-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - Startup: C:\Users\andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\caps_lock_changer.exe - Verknüpfung.lnk = G:\Programme\Caps Lock Changer\caps_lock_changer.exe ()
O4 - Startup: C:\Users\andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\andi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ToDoList - Verknüpfung.lnk = G:\Programme\todolist\ToDoList.exe (AbstractSpoon Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3536413052-1497961762-845648814-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3536413052-1497961762-845648814-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08095A4E-E811-4B2C-95D7-9053458CD942}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4408DCA-FD57-4760-A957-85F237B7F84B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3536413052-1497961762-845648814-1001\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.26 21:21:08 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\andi\Desktop\aswMBR.exe
[2012.10.26 15:15:00 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\andi\Desktop\tdsskiller.exe
[2012.10.26 00:50:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.10.26 00:47:32 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.10.25 17:10:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.25 17:10:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.25 17:10:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.25 17:10:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.25 17:10:32 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.25 16:12:27 | 004,988,915 | R--- | C] (Swearware) -- C:\Users\andi\Desktop\ComboFix.exe
[2012.10.23 17:25:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\andi\Desktop\OTL.exe
[2012.10.23 17:08:04 | 000,000,000 | ---D | C] -- C:\Users\andi\AppData\Roaming\Malwarebytes
[2012.10.23 17:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.23 17:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.23 17:07:51 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.23 17:07:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.19 11:17:40 | 000,000,000 | ---D | C] -- C:\Users\andi\AppData\Roaming\AudioMulch
[2012.10.13 11:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.10.13 11:22:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.10.10 09:27:07 | 005,505,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.10.10 09:27:07 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.10.10 09:27:07 | 003,902,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.10.10 09:27:00 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.10.10 09:26:13 | 001,462,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.10.10 09:26:13 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.10.09 00:51:56 | 000,000,000 | ---D | C] -- C:\Users\andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YAMB
[2012.10.09 00:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAMB
[2012.10.09 00:51:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YAMB
[2012.10.02 11:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Automatic Duck
[2012.10.01 13:05:09 | 000,000,000 | ---D | C] -- C:\Users\andi\Documents\Adobe Scripts
[2012.09.27 18:57:27 | 000,000,000 | ---D | C] -- C:\Users\andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.09.27 18:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.09.27 18:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.27 16:38:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.27 16:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.27 16:23:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3536413052-1497961762-845648814-1001UA.job
[2012.10.27 11:41:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.26 22:01:56 | 000,000,512 | ---- | M] () -- C:\MBR.dat
[2012.10.26 21:21:22 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\andi\Desktop\aswMBR.exe
[2012.10.26 20:38:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.26 20:23:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3536413052-1497961762-845648814-1001Core.job
[2012.10.26 15:15:01 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\andi\Desktop\tdsskiller.exe
[2012.10.26 12:15:02 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.26 12:15:02 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.25 17:29:32 | 1071,837,182 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.25 17:27:24 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.10.25 16:12:27 | 004,988,915 | R--- | M] (Swearware) -- C:\Users\andi\Desktop\ComboFix.exe
[2012.10.25 15:37:41 | 001,644,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.25 15:37:41 | 000,707,916 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.25 15:37:41 | 000,661,512 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.25 15:37:41 | 000,153,402 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.25 15:37:41 | 000,125,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.23 20:31:51 | 000,042,789 | ---- | M] () -- C:\Users\andi\Desktop\Logfiles_Limatu.zip
[2012.10.23 19:46:14 | 000,001,891 | ---- | M] () -- C:\Users\andi\Desktop\Logs - Verknüpfung.lnk
[2012.10.23 19:44:57 | 000,000,168 | ---- | M] () -- C:\Users\andi\defogger_reenable
[2012.10.23 17:24:45 | 000,001,056 | ---- | M] () -- C:\Users\andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.10.23 17:19:22 | 000,050,477 | ---- | M] () -- C:\Users\andi\Desktop\Defogger.exe
[2012.10.23 17:18:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\andi\Desktop\OTL.exe
[2012.10.23 17:07:53 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.10 19:24:22 | 000,002,486 | ---- | M] () -- C:\Users\andi\Desktop\Google Chrome.lnk
[2012.10.10 18:44:13 | 000,001,295 | ---- | M] () -- C:\Users\andi\Desktop\content - Verknüpfung.lnk
[2012.10.10 09:16:51 | 005,080,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.09 16:30:14 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.09 16:30:14 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.10.09 00:51:56 | 000,000,957 | ---- | M] () -- C:\Users\andi\Desktop\Yamb.lnk
[2012.10.09 00:15:03 | 000,300,428 | ---- | M] () -- C:\Users\andi\Desktop\2120254 Simone Maurer-Koch.pdf
[2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.26 22:01:56 | 000,000,512 | ---- | C] () -- C:\MBR.dat
[2012.10.25 17:10:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.25 17:10:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.25 17:10:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.25 17:10:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.25 17:10:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.23 20:31:51 | 000,042,789 | ---- | C] () -- C:\Users\andi\Desktop\Logfiles_Limatu.zip
[2012.10.23 19:46:14 | 000,001,891 | ---- | C] () -- C:\Users\andi\Desktop\Logs - Verknüpfung.lnk
[2012.10.23 19:44:57 | 000,000,168 | ---- | C] () -- C:\Users\andi\defogger_reenable
[2012.10.23 17:25:14 | 000,050,477 | ---- | C] () -- C:\Users\andi\Desktop\Defogger.exe
[2012.10.23 17:24:45 | 000,001,056 | ---- | C] () -- C:\Users\andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.10.23 17:07:53 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.10 18:44:13 | 000,001,295 | ---- | C] () -- C:\Users\andi\Desktop\content - Verknüpfung.lnk
[2012.10.09 00:51:56 | 000,000,957 | ---- | C] () -- C:\Users\andi\Desktop\Yamb.lnk
[2012.10.09 00:15:01 | 000,300,428 | ---- | C] () -- C:\Users\andi\Desktop\2120254 Simone Maurer-Koch.pdf
[2012.07.23 13:41:45 | 000,000,081 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MPluginConfiguration.xml
[2012.07.07 14:07:23 | 000,001,734 | ---- | C] () -- C:\Users\andi\.recently-used.xbel
[2012.07.04 09:59:42 | 000,041,993 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MBandPasspresets.xml
[2012.07.04 09:59:42 | 000,013,158 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MOscillatorpresets.xml
[2012.07.04 09:59:42 | 000,006,687 | ---- | C] () -- C:\Users\andi\AppData\Roaming\menvelopepresets.xml
[2012.07.04 09:59:42 | 000,005,622 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MNoiseGeneratorpresets.xml
[2012.07.04 09:59:42 | 000,004,624 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MGranularPitchSequencespresets.xml
[2012.07.04 09:59:42 | 000,002,820 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MEqualizerAreasEditorpresets.xml
[2012.07.04 09:59:42 | 000,002,492 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MSpectralAnalyzerPrefilterpresets.xml
[2012.07.04 09:59:42 | 000,001,235 | ---- | C] () -- C:\Users\andi\AppData\Roaming\mbasestyleconfigurationpresets.xml
[2012.07.04 09:59:42 | 000,001,011 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MValueToColor5presets.xml
[2012.07.04 09:59:42 | 000,000,894 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MGranularTransformationspresets.xml
[2012.05.27 13:02:25 | 000,000,106 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012.05.02 13:34:28 | 000,000,051 | ---- | C] () -- C:\Users\andi\.gtkrc-2.0
[2012.04.26 14:45:53 | 000,001,473 | ---- | C] () -- C:\Users\andi\AppData\Local\RecConfig.xml
[2012.03.27 16:44:48 | 000,000,088 | ---- | C] () -- C:\Users\andi\AppData\Roaming\SplineEQ Preferences.dat
[2012.03.06 17:56:42 | 000,001,824 | ---- | C] () -- C:\Windows\lightworks.ini
[2012.01.16 17:49:40 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.01.16 17:49:40 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.08 21:08:35 | 000,000,288 | ---- | C] () -- C:\Users\andi\AppData\Roaming\.backup.dm
[2011.11.29 17:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.11.22 11:50:14 | 000,000,507 | ---- | C] () -- C:\Users\andi\Galician
[2011.10.28 01:17:00 | 000,000,001 | ---- | C] () -- C:\Users\andi\AppData\Roaming\.sunvox_files_preview
[2011.10.28 01:16:55 | 000,000,111 | ---- | C] () -- C:\Users\andi\AppData\Roaming\.sunvox_opensample
[2011.10.28 01:09:19 | 000,000,087 | ---- | C] () -- C:\Users\andi\AppData\Roaming\.sunvox_song_s
[2011.10.28 00:38:04 | 000,000,005 | ---- | C] () -- C:\Users\andi\AppData\Roaming\.sunvox_pateditor
[2011.10.28 00:38:01 | 000,000,001 | ---- | C] () -- C:\Users\andi\AppData\Roaming\.sunvox_colortheme
[2011.08.09 15:26:04 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\_Z2
[2011.08.02 19:14:16 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.08.02 19:14:12 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.08.02 19:14:12 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.07.10 12:22:35 | 000,038,922 | ---- | C] () -- C:\Windows\4ORM-DEMO-DX.ini
[2011.03.24 03:07:35 | 017,244,204 | ---- | C] () -- C:\Users\andi\ts3_recording_11_03_24_2_7_33.wav
[2011.03.22 13:38:59 | 000,000,001 | -H-- | C] () -- C:\Windows\mulch200.ini
[2011.02.18 22:44:01 | 000,005,138 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MWaveShaperpresets.xml
[2011.02.18 22:44:01 | 000,003,771 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MRingModulatorpresets.xml
[2011.02.18 22:44:01 | 000,002,775 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MStereoExpanderpresets.xml
[2011.02.18 22:44:01 | 000,002,666 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MVibratopresets.xml
[2011.02.18 22:44:01 | 000,002,366 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MTremolopresets.xml
[2011.02.18 22:44:00 | 000,191,692 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MAnalyzerpresets.xml
[2011.02.18 22:44:00 | 000,013,964 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MFlangerpresets.xml
[2011.02.18 22:44:00 | 000,009,119 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MFreqShifterpresets.xml
[2011.02.18 22:44:00 | 000,007,130 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MEqualizerpresets.xml
[2011.02.18 22:44:00 | 000,006,444 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MCompressorpresets.xml
[2011.02.18 22:44:00 | 000,004,362 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MPhaserpresets.xml
[2011.02.18 22:44:00 | 000,001,907 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MAutopanpresets.xml
[2011.02.18 22:44:00 | 000,001,381 | ---- | C] () -- C:\Users\andi\AppData\Roaming\MLimiterpresets.xml
[2011.01.17 23:22:44 | 000,003,584 | ---- | C] () -- C:\Users\andi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.02 00:13:16 | 000,749,226 | ---- | C] () -- C:\Users\andi\Modes-Seite1.bmp
[2010.12.02 00:12:51 | 000,186,750 | ---- | C] () -- C:\Users\andi\Modes.sla
[2010.11.05 16:39:31 | 000,610,677 | ---- | C] () -- C:\Users\andi\.fonts.cache-1
[2010.10.19 16:20:49 | 000,008,956 | ---- | C] () -- C:\Users\andi\AppData\Local\Temp19.html
[2010.10.19 16:20:33 | 000,000,778 | ---- | C] () -- C:\Users\andi\AppData\Local\Temp1.html
[2010.10.02 02:20:32 | 000,000,092 | ---- | C] () -- C:\Users\andi\AppData\Local\fusioncache.dat
[2010.10.01 23:11:49 | 000,000,114 | ---- | C] () -- C:\ProgramData\.vslscantool_path
[2010.10.01 23:11:49 | 000,000,098 | ---- | C] () -- C:\ProgramData\.vsldaemon_path
 
========== ZeroAccess Check ==========
 
[2012.08.10 23:32:56 | 000,000,596 | ---- | M] () -- C:\Users\andi\AppData\Roaming\Thunderbird\Profiles\e2rct1wy.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0CFF5F08
@Alternate Data Stream - 1154 bytes -> C:\Users\andi\AppData\Local\A4YmXxh1nzQyCd:zO7x4VRAs5GTAlZERLdwY5nuk9OB
@Alternate Data Stream - 1145 bytes -> C:\ProgramData\Microsoft:5iWe1g3eByWUyKx9Swzvet
@Alternate Data Stream - 1141 bytes -> C:\Users\andi\AppData\Local\eDicRLhE1fGoJ:QmgfuY1ac9elqsEpw7CztYlil
@Alternate Data Stream - 1126 bytes -> C:\ProgramData\Microsoft:Puq5k0OFSXn8m5DJp1By1qH9
@Alternate Data Stream - 1081 bytes -> C:\Users\andi\AppData\Local\Temp:Yb5KS5M18fEVrqnpPcrYslq
@Alternate Data Stream - 1080 bytes -> C:\Users\andi\AppData\Local\Temp:D342CMV7XQsIsFO3nh3ealz0
@Alternate Data Stream - 1069 bytes -> C:\ProgramData\Microsoft:5fYWLFCYUplmxKNCy
@Alternate Data Stream - 1068 bytes -> C:\Users\andi\AppData\Local\Temp:rSLJYqbiC2ewwtbn4v21wdizW3
@Alternate Data Stream - 1019 bytes -> C:\ProgramData\Microsoft:QII3WIYAXZlFukjgoqNQu5RnI

< End of report >
         

Alt 27.10.2012, 18:58   #15
Limatu
 
Trojan.Delf in "C:\ProgramData\lsass.exe" - Standard

Trojan.Delf in "C:\ProgramData\lsass.exe"



Und hier das Extras-Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.10.2012 16:56:25 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\andi\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
12,00 Gb Total Physical Memory | 9,63 Gb Available Physical Memory | 80,27% Memory free
23,99 Gb Paging File | 20,45 Gb Available in Paging File | 85,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 314,38 Gb Free Space | 67,50% Space Free | Partition Type: NTFS
Drive D: | 465,15 Gb Total Space | 57,34 Gb Free Space | 12,33% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 465,76 Gb Total Space | 206,15 Gb Free Space | 44,26% Space Free | Partition Type: NTFS
Drive K: | 1,89 Gb Total Space | 1,89 Gb Free Space | 99,99% Space Free | Partition Type: FAT
 
Computer Name: LIMATUII | User Name: andi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3536413052-1497961762-845648814-1001\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00519D1F-3E94-4A68-8F71-096AA17F0095}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{115633FC-9A8B-4C40-B23E-3EB5AA641D71}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{16533A39-43B6-4F96-821E-C2ECABB90B00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{18F48CEF-9C18-4E09-9BF4-0D1D3DB02913}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1C4A186F-46BF-480B-8039-60B096FE91B7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{1D8B2E6C-E47F-4B20-9C5C-F0999CBA7A9D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1E1E502C-CAAC-405E-971F-D169AF1E847F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{21D98E40-AA4B-45D1-B899-CB80C928CE3E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{38D952BC-AF71-430D-9FD3-3F453B51ACAA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4FFD8DC6-A2C4-4708-9423-61229DF5F02C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{50C00EC0-5E52-4A50-AA0B-DDD7BAB9CA23}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5A089E9F-4DF6-4855-B632-29EB3418B1E1}" = lport=56295 | protocol=17 | dir=in | name=pando media booster | 
"{6592165D-3041-4A54-B305-D0EBBD932D2F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6B340117-C645-42FE-BD27-5CEE33FBD428}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7E64B645-22B7-41DF-9DD1-F69FAF9E6C76}" = rport=139 | protocol=6 | dir=out | app=system | 
"{80290C4F-55B7-4620-A585-AA5CC91CE040}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{84A23465-77A1-4300-B027-0EEB8BBC3CF5}" = lport=56295 | protocol=17 | dir=in | name=pando media booster | 
"{9286C330-C53B-4280-B8DA-284386E7335F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{97622DF9-0761-4474-97A5-64D10422E479}" = lport=56295 | protocol=6 | dir=in | name=pando media booster | 
"{A61431DF-8D75-470B-B4E0-BC40C3AC2F4E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{AA54E879-6EE4-4405-99AF-B4DE42B1B123}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AFA8E610-DA27-49C4-84BF-F09AB115CD7E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B53E4509-1E81-4158-9C8E-4D407B2B1AB0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B84796DC-EE0C-4293-A3FD-6BA72CFF9BDD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BE216B02-BE74-463D-A577-01D042EA43A9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{BE5AC180-060E-4850-A1C0-0FEF7E2F8DCF}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{BF83858A-C4B3-4B12-B5F3-9BB2CA9BDBAC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C21214D3-568B-4697-B721-BFCF19E01894}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C9833E44-5E38-401F-BA09-5704E9341709}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DA553877-F536-4684-88EB-E085205679B1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E4187078-1192-452A-ACC1-5DD396C889A7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E4E25C6E-7AE4-45EA-BFF0-39D6E8FACA8E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E52548B3-B361-44EF-8F2F-CC5D87D25996}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F555653D-8E2B-4160-8066-8C5B9DDBDC5B}" = lport=56295 | protocol=6 | dir=in | name=pando media booster | 
"{F9BC5F8A-BD66-4814-859C-92EC7C8350C2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F9E18D3D-C808-41B9-A914-2E32CF19ECF7}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0104CF4F-634F-44FF-B551-78F99B546406}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{02569D7A-5626-484E-9F6C-DBDF3745388C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{0261138A-E398-46AA-8D08-110E54B2F6F6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{0275753B-4B70-4A6E-8B8F-23FBFF596736}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{05134907-6F8C-4AE9-A14D-6CCBCEEBB139}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{06C5BC6A-2C24-4181-A09C-D7E8FB1678D0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{07C41F1F-E692-42C1-9FA4-DF319ECE0F20}" = protocol=17 | dir=in | app=c:\users\andi\appdata\roaming\dropbox\bin\dropbox.exe | 
"{091F23E4-C23B-48C6-9619-B8934C474D2D}" = protocol=6 | dir=in | app=c:\program files (x86)\ejamming\ejammingaudiio\ejammingaudiio.exe | 
"{097ECABD-83D7-4CA5-AB9A-D6F6FE8BACD4}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{0EC8A1D7-DC26-4297-ACCC-09A5EAFC58CC}" = protocol=17 | dir=in | app=g:\spiele\dragon age\bin_ship\daupdatersvc.service.exe | 
"{1024CFC7-A713-4035-BC05-C01CD11A14B2}" = protocol=17 | dir=in | app=g:\spiele\dragon age\bin_ship\daorigins.exe | 
"{106B62AC-7BC4-4340-A2E4-9F5D6853844F}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe | 
"{15A92AB0-F3AE-4A33-9D19-FF96DFA75790}" = protocol=17 | dir=in | app=c:\program files (x86)\llcon\llcon.exe | 
"{168583B0-9D05-4E1B-9DEC-20652BC54396}" = protocol=17 | dir=in | app=c:\program files (x86)\ejamming\ejammingaudiio\ejammingaudiio.exe | 
"{17A2A586-0217-49EC-9DDA-ECFEA95D7521}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{1BBD0ED6-7EA9-4E6F-B621-25C8F8A21DB6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{1BF2D7C1-40B5-4E67-A330-230D13151576}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1DEBE5D3-A280-4FDB-86B1-7461E3C3F9AF}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{20BB5042-958C-4949-99D8-22C17468DCB9}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | 
"{21EE659C-0661-4447-93AA-8C28A2943403}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{22FB13D5-A160-4FA4-B651-2CB2D985A736}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{242DDD41-BBF2-471B-9D09-B31335A3BA7D}" = protocol=6 | dir=in | app=c:\users\andi\appdata\roaming\dropbox\bin\dropbox.exe | 
"{24E1454B-E970-496D-B249-8F9AD778FEDE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2770A4D3-6C65-464B-B4BD-8D7457417F7D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{29B397D6-4003-4B1A-8B17-C3FE30AB2E2E}" = protocol=17 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"{29D518F3-8BA4-49D4-82E9-D0F44B4F2352}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{2B544DAA-46A0-48AC-96D5-94CDD8B1022B}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe | 
"{2B927ADD-68F3-426B-A51A-39568EA40318}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{2E1F86A8-0BD9-420C-9A59-44E00A2CE99B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2E673550-4128-424A-8EAC-B459BCF34748}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{2EA3CB4B-F0F1-4695-8FCD-3F83AD76BE22}" = protocol=6 | dir=in | app=g:\spiele\wow 3.3\launcher.patch.exe | 
"{306648E3-5E20-4109-AAEF-A954E79542AA}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe | 
"{318E00C1-C9FE-473D-8061-0EBAAA3360B3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{320DB64D-2562-4932-A28D-E8D10CCC34E8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{32408159-92AD-472E-AEDC-974C2FE1F8C8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{33149C40-5616-409F-B161-48B51F0C6B4C}" = protocol=6 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"{33203BE1-6EEA-4967-BBCC-9122B8C76219}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe | 
"{353FBAE6-88A4-48FB-8780-8A8EA3D015DA}" = protocol=17 | dir=in | app=c:\program files (x86)\supercollider\scsynth.exe | 
"{3BB86562-9CA9-4F65-9176-2A69C3D1D4B0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3C3353C7-AE3D-4F1C-8626-AE23B6F82897}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3D684743-B4C2-40F8-B5B6-42E47598AD27}" = protocol=17 | dir=in | app=g:\spiele\s2g\s25client.exe | 
"{40699997-FD47-49AC-B43C-160DAC68568E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{42A60764-546E-410C-9FFF-FFEFACE78B8D}" = protocol=6 | dir=in | app=c:\users\andi\downloads\diablo-iii-setup-dede.exe | 
"{44148D9D-62FB-4D5A-9E1B-14149E06F4A9}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe | 
"{446B8C12-1FD6-43F4-92DD-73D95CC2F35B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{453A0CEE-AF28-48FB-AB21-33AB30F56156}" = protocol=17 | dir=in | app=c:\users\andi\downloads\diablo-iii-setup-dede.exe | 
"{474A1201-CEF5-46AB-90FF-2BC421B24726}" = protocol=6 | dir=in | app=c:\program files (x86)\titanium studio\plugins\com.appcelerator.titanium.python.win32_1.0.0.1312318466\python\python.exe | 
"{498F224F-5EFD-4523-A4D1-459A3C707931}" = protocol=17 | dir=in | app=c:\program files (x86)\resolume arena 4.0.1\arena.exe | 
"{5301EB8C-389E-46B5-8A82-2FC632088AE1}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe | 
"{543D3772-FCAA-44AE-9D68-C64B1D30AFF3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{5568F62C-9254-4FD8-A2D9-D7B0CA9BB0F2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{58147284-649A-4856-9517-F6BB3B38F3AE}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{58AD5B7E-C186-44DD-A8A8-60F2A2503EBD}" = protocol=6 | dir=in | app=g:\spiele\dragon age\daoriginslauncher.exe | 
"{5C40D7FC-E875-4914-A4C6-5402D4ABF741}" = protocol=6 | dir=in | app=c:\program files (x86)\resolume arena 4.0.1\arena.exe | 
"{5D5E0A64-756B-41D5-ABFA-1E36320C33DC}" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"{5D6A9DC7-C17B-4969-B380-C5652394B9AE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{5E398A89-B92F-45E8-AB7A-E25C410E6440}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{63DA849E-112F-47FB-B7D0-AF78D6EC8742}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{655B1082-8E32-44E5-8B55-514D84C9E105}" = protocol=17 | dir=in | app=c:\users\andi\appdata\roaming\dropbox\bin\dropbox.exe | 
"{65FD817B-0AFD-40C8-A3F7-22C0362A9E3D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{67EDA2DB-EC83-49D4-B15B-FCAB592F9ABD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6A88F3D3-AE02-44FA-9489-EFCEF66A7A53}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe | 
"{6BBE4C0A-850F-4866-95B2-624AA8C12B68}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6FEB6C07-E923-410D-882D-C1CC509408F9}" = protocol=6 | dir=in | app=g:\spiele\s2g\s25client.exe | 
"{70910855-9A5C-4439-90E8-A6E283F36366}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{7507CC90-2751-4770-89D4-F41A82B544D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{75E649F2-F968-4275-B5DA-9D284FE64235}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{768DA5D6-378D-4D1A-B464-CF4D77AB87C6}" = protocol=6 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe | 
"{78E79913-753C-46E3-8155-669CC0E731A5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{79443084-ADB3-4C8F-86B2-399F898D9360}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7A22D288-F722-4780-936F-B1DB2AA195A9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{7D5FE493-1A86-4A4A-B686-19F0825C086F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{81923FD3-691F-46AE-96FE-0A0C0F926585}" = protocol=17 | dir=in | app=g:\spiele\wow 3.3\launcher.exe | 
"{834C366E-5ACD-4C80-9472-4E382B1FC335}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{84F0C925-5ACA-4CB7-97E7-3FC146DB052E}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe | 
"{87DE59AF-905C-4F09-B813-49DAF06F3686}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{955E6C57-6AE8-4A7E-A627-1CEFFD53586E}" = protocol=6 | dir=in | app=g:\spiele\dragon age\bin_ship\daupdatersvc.service.exe | 
"{95D2BD0E-70E3-476C-831A-CEA523F99912}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{9873E61D-BF91-4398-B79B-9D3CCE4D6455}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{999142A6-3E08-4C15-A4FC-E03FD5073EB3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{9B8188AE-80C0-4397-AB7C-12340A469581}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{9E378F41-88AD-48E0-8CB7-356B3136C5CE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A35635C3-DA78-4919-88C4-3ACEE0745B52}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A3D4BD62-2E32-47B5-86A2-49F61BA976D6}" = protocol=17 | dir=in | app=g:\spiele\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{A57DEB50-99D7-4983-A1AD-2965AC1981BC}" = protocol=6 | dir=in | app=c:\program files (x86)\supercollider\supercollider.exe | 
"{AA5AF31E-94C8-489F-BAB8-99ED416159E3}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe | 
"{ACAAA1B8-D72D-4BC0-8F4D-45AA2FC3AAA4}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe | 
"{ADA2FC9D-6567-4BCF-A1CD-DB23248D8A68}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AF2866D3-7E62-4AAE-8A5A-AD755756D7D0}" = protocol=17 | dir=in | app=c:\program files (x86)\titanium studio\plugins\com.appcelerator.titanium.python.win32_1.0.0.1312318466\python\python.exe | 
"{AF8E68BF-31D7-465D-9F7B-D518BCDE69BF}" = protocol=17 | dir=in | app=c:\program files\autodesk\maya2012\bin\maya.exe | 
"{B0089A06-0FC7-483E-9D25-80B57B058BB1}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe | 
"{B0D94B9E-D1A3-49A7-B26D-BE2BC70F19B9}" = protocol=17 | dir=in | app=g:\programme\pd\bin\pd.exe | 
"{B1161120-3BE0-4D85-8F97-924FD774C5B6}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{B863FB8C-0F1D-431B-A5A3-CFF45C5E8503}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{BDD23699-0B08-4B0F-B39F-E194882487E2}" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe | 
"{BF091B5F-6490-4456-93A7-3B559734908A}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{C381B82A-DB89-423A-A67A-97D26D76BF1C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{C3CF2161-574B-4CBA-AF9E-586E0DBE8DFA}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutlauncher.exe | 
"{C497D22C-81C0-49C2-9789-AC379F0BD9F4}" = protocol=6 | dir=in | app=c:\program files (x86)\llcon\llcon.exe | 
"{C507394B-C162-4070-9819-1179B478AA07}" = protocol=17 | dir=in | app=g:\spiele\wow 3.3\launcher.patch.exe | 
"{CB7693A6-30D8-473A-970D-C8FEFD2005FE}" = dir=in | app=c:\program files (x86)\tobias erichsen\rtpmidi\rtpmidisvc.exe | 
"{CD78B4B0-DCB4-4A8A-BFF2-94D4DA49F23E}" = protocol=6 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"{CFAA9A35-7043-4F8C-94B6-22F6B49D7702}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{D02706E6-E35B-4891-B8C2-561A41F630E0}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe | 
"{D06F223F-F6D6-4E41-9A42-5E58F627B320}" = protocol=6 | dir=out | app=system | 
"{D10AE5FD-6ECD-4792-844C-E55FCCD337F8}" = protocol=17 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"{D36FCFE7-850D-4B66-9E04-7AC54CE175FD}" = protocol=17 | dir=in | app=c:\program files (x86)\titanium studio\titaniumstudio.exe | 
"{D48AC1DA-2F03-485A-B780-3CB0C9CA2FFB}" = protocol=6 | dir=in | app=g:\spiele\wow 3.3\launcher.exe | 
"{D55D1871-FFAE-412A-9D3F-5762B46C6A36}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{D8314EED-0397-4E0C-84AE-B149614AF476}" = protocol=6 | dir=in | app=g:\spiele\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{D8BB7AAB-5702-471C-B6C4-2ED7520E49B2}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{D9ED6927-111B-49A5-865A-2B60E7CC84D4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{DA427389-67D6-44A9-A0BD-E3C0368FEA39}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{DBD25050-D9C6-4D0D-B8E6-BF50FFBD5184}" = protocol=6 | dir=in | app=g:\spiele\dragon age\bin_ship\daorigins.exe | 
"{DCDA2C48-A78B-44FB-B090-4A0E2DA34E16}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | 
"{DDCAB741-9371-4942-A3D7-1008AB22825F}" = protocol=17 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe | 
"{DDF5EE21-B10F-4885-AA93-E17FE39102A1}" = protocol=6 | dir=in | app=g:\programme\pd\bin\pd.exe | 
"{DE0F355B-D24E-461C-81E4-81A42A65F0A3}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{E0294EDA-5A06-4CFC-A29D-8BBABC0AC7B3}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E3B4F17C-ECEA-44B1-87F8-C2CDCC838B68}" = protocol=17 | dir=in | app=g:\spiele\dragon age\daoriginslauncher.exe | 
"{E506CCAE-4AE7-4770-B370-3436741A1461}" = protocol=6 | dir=in | app=c:\program files (x86)\titanium studio\titaniumstudio.exe | 
"{EB28C41E-368B-4AA1-8499-F71B76DC2C3B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{EE7A7C91-BDF0-481B-88A8-771046B94DC4}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{F1A249DF-9714-4EA3-A028-5835F328E816}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F2D9217B-7321-4D84-921F-05EDDE7159F7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{F5198846-ADF9-43EF-8B5E-582F738D091C}" = protocol=6 | dir=in | app=c:\program files (x86)\supercollider\scsynth.exe | 
"{F5AD0FC0-073D-4671-9D2E-66CA5660133D}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{F8C781A7-4F3D-43C3-B163-9CFEFD0D00EE}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe | 
"{FD2D3748-F8C5-4B23-8D27-11DE63BD245E}" = protocol=6 | dir=in | app=c:\users\andi\appdata\roaming\dropbox\bin\dropbox.exe | 
"{FD560388-EDD5-4889-8C67-3096F2296A40}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\burnout(tm) paradise the ultimate box\burnoutparadise.exe | 
"{FDA77B1F-7B60-47F3-921C-E3F85AA5A9E2}" = protocol=17 | dir=in | app=c:\program files (x86)\supercollider\supercollider.exe | 
"{FDB5F3A8-7095-40D8-98CC-F301C194A3D2}" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe | 
"{FE04700A-DDA2-480D-9408-31C0439E978F}" = protocol=6 | dir=in | app=c:\program files\autodesk\maya2012\bin\maya.exe | 
"{FE601A38-B25B-4071-ABC2-F7BF6E74AD3F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{FF8DE50F-3B04-4AC5-94F3-3028D9EBEF25}" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{0A6B471D-CA89-4571-AA0A-CD1277C906A4}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{1053968D-1850-44F7-B6AE-AF4B803C9ADD}G:\spiele\wow 3.3\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.0.1.2210-enus-tools-downloader.exe | 
"TCP Query User{192F0673-C4C1-4B4E-B3F6-CF8A257064C7}C:\program files\steinberg\cubase 5\cubase5.exe" = protocol=6 | dir=in | app=c:\program files\steinberg\cubase 5\cubase5.exe | 
"TCP Query User{1AACCDF7-B271-4797-A25D-C54F25CDFECD}C:\program files\steinberg\cubase 5\components\vstbridgeapp.exe" = protocol=6 | dir=in | app=c:\program files\steinberg\cubase 5\components\vstbridgeapp.exe | 
"TCP Query User{1CF4208A-F19D-45ED-A807-880E718A2A1F}G:\spiele\wow 3.3\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"TCP Query User{2FD19F1F-EC23-4BB7-8E0A-B86B8CDC6F37}G:\spiele\wow 3.3\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"TCP Query User{3D1288EF-3BA7-49AE-AED1-5F8EF2C8B28A}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{3E3F71FB-3849-4317-8681-8D590CBDC355}C:\program files (x86)\titanium studio\titaniumstudio.exe" = protocol=6 | dir=in | app=c:\program files (x86)\titanium studio\titaniumstudio.exe | 
"TCP Query User{3E8340A3-0D3F-4D98-ACE8-FF728E55F10B}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe | 
"TCP Query User{3F8B992C-409B-4DC3-B296-4AF3EF2E8258}G:\spiele\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=g:\spiele\dragon age\bin_ship\daorigins.exe | 
"TCP Query User{4156993C-B349-42EE-AB7A-9F7A04AF051C}C:\program files (x86)\browser\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\browser\mozilla firefox\firefox.exe | 
"TCP Query User{43D4D33F-6635-4B19-9C79-063E34DA52A6}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"TCP Query User{451663A4-5C73-4AD2-9187-25F13A0F8455}C:\program files (x86)\resolume arena 4.0.1\arena.exe" = protocol=6 | dir=in | app=c:\program files (x86)\resolume arena 4.0.1\arena.exe | 
"TCP Query User{46266D2B-93C8-4E4B-AD15-CA6DB1AC3B01}C:\program files\autodesk\maya2012\bin\maya.exe" = protocol=6 | dir=in | app=c:\program files\autodesk\maya2012\bin\maya.exe | 
"TCP Query User{570291F4-02E7-400F-90CF-B21BD771F624}C:\program files (x86)\novation\automap\automapserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\novation\automap\automapserver.exe | 
"TCP Query User{67CF12DB-BC0D-4AE0-BBED-BA5486488E4B}C:\program files (x86)\supercollider\supercollider.exe" = protocol=6 | dir=in | app=c:\program files (x86)\supercollider\supercollider.exe | 
"TCP Query User{68854F91-657C-4D58-9C41-C4A813B83BEE}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"TCP Query User{6B61D72C-CC47-4FD6-8C4D-FB72582506D7}G:\spiele\wow 3.3\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.1.0.2317-enus-tools-downloader.exe | 
"TCP Query User{7F892D91-253D-44B6-8434-330A9A1489F8}C:\program files (x86)\steinberg\cubase 5\cubase5.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steinberg\cubase 5\cubase5.exe | 
"TCP Query User{808D57F8-5728-4390-B795-4C0A73E10825}G:\spiele\wow 3.3\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 
"TCP Query User{85571439-433A-43EA-B5A9-61FAEBD00A9C}C:\users\andi\downloads\diablo-iii-setup-dede.exe" = protocol=6 | dir=in | app=c:\users\andi\downloads\diablo-iii-setup-dede.exe | 
"TCP Query User{87C8C450-16B5-41B9-B945-EAC69D22B6D5}G:\focusnatura\wp-portable-3-0 - kopie (2)\bin\mysql\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=g:\focusnatura\wp-portable-3-0 - kopie (2)\bin\mysql\bin\mysqld-nt.exe | 
"TCP Query User{8A8ABD29-4890-4FAC-8101-0882347899A2}G:\spiele\s2g\s25client.exe" = protocol=6 | dir=in | app=g:\spiele\s2g\s25client.exe | 
"TCP Query User{8C2ECF2C-02D3-4F31-B710-F1053D1C1B5A}G:\programme\pd\bin\pd.exe" = protocol=6 | dir=in | app=g:\programme\pd\bin\pd.exe | 
"TCP Query User{8D8C7FF8-A0CE-46C2-899A-80764B90FA6B}C:\program files (x86)\ejamming\ejammingaudiio\ejammingaudiio.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ejamming\ejammingaudiio\ejammingaudiio.exe | 
"TCP Query User{8EA3E7D1-EB69-4831-89A4-11FC0FBE4D57}G:\spiele\lotro\lotroclient.exe" = protocol=6 | dir=in | app=g:\spiele\lotro\lotroclient.exe | 
"TCP Query User{968E1D23-ED12-458B-866D-5F07B55664DD}C:\program files (x86)\titanium studio\plugins\com.appcelerator.titanium.python.win32_1.0.0.1312318466\python\python.exe" = protocol=6 | dir=in | app=c:\program files (x86)\titanium studio\plugins\com.appcelerator.titanium.python.win32_1.0.0.1312318466\python\python.exe | 
"TCP Query User{982FF87E-52E0-461D-A714-82B78658DD7E}G:\spiele\wow 3.3\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=6 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe | 
"TCP Query User{A0FF5AA6-F45A-4E38-91E4-94736244F898}C:\program files (x86)\unity\editor\unity.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe | 
"TCP Query User{A477D3EF-C82A-4AEC-9EB2-1B0F4AC17C1C}G:\spiele\wow 3.3\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.0.0.2104-enus-tools-downloader.exe | 
"TCP Query User{A5379AD3-3EF0-4A5A-892F-ACF297137EF9}G:\spiele\wow 3.3\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 
"TCP Query User{AF25638B-BFCF-406F-8F60-FFEA94BF5CCB}G:\focusnatura\wp-portable-3-0\bin\mysql\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=g:\focusnatura\wp-portable-3-0\bin\mysql\bin\mysqld-nt.exe | 
"TCP Query User{B2E9525D-A8E8-4851-9155-CDEF58B07523}C:\program files (x86)\mediacoder\mediacoder.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediacoder\mediacoder.exe | 
"TCP Query User{B4C3AC87-95A6-40E5-A1BC-2E8B213D920B}G:\focusnatura\wp-portable-3-0\bin\apache2\bin\httpd-wpp.exe" = protocol=6 | dir=in | app=g:\focusnatura\wp-portable-3-0\bin\apache2\bin\httpd-wpp.exe | 
"TCP Query User{BB964709-B58E-4354-B48D-F30BD6CDAAD7}C:\users\andi\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\andi\appdata\local\google\chrome\application\chrome.exe | 
"TCP Query User{C9B0EAF5-5B73-4069-921B-0F5FA5BE2D36}G:\spiele\wow 3.3\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"TCP Query User{D39C2A1C-A0BC-4BFC-B19B-D6D63D93E2B4}G:\spiele\wow 3.3\blizzard downloader.exe" = protocol=6 | dir=in | app=g:\spiele\wow 3.3\blizzard downloader.exe | 
"TCP Query User{D55910BD-7625-495C-9773-B6B195F6DB98}C:\program files (x86)\llcon\llcon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\llcon\llcon.exe | 
"TCP Query User{E118D66C-0AB3-4057-B820-545C9A06CD79}C:\program files (x86)\browser\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\browser\mozilla firefox\plugin-container.exe | 
"TCP Query User{E47FCD71-9223-4430-920B-AB44DA3688D2}C:\program files (x86)\supercollider\scsynth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\supercollider\scsynth.exe | 
"TCP Query User{EF34D796-DCBD-49BC-B66A-EE090C942778}C:\program files (x86)\novation\automap\automapserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\novation\automap\automapserver.exe | 
"TCP Query User{F2B2F985-C67D-450F-B525-4080CEE9F241}G:\focusnatura\wp-portable-3-0 - kopie (2)\bin\apache2\bin\httpd-wpp.exe" = protocol=6 | dir=in | app=g:\focusnatura\wp-portable-3-0 - kopie (2)\bin\apache2\bin\httpd-wpp.exe | 
"TCP Query User{F31FE3B8-E641-49C0-A823-4464B3470DD0}G:\spiele\wow 3.3\backgrounddownloader.exe" = protocol=6 | dir=in | app=g:\spiele\wow 3.3\backgrounddownloader.exe | 
"TCP Query User{F41C7209-4D8B-41BD-B9A1-DF288BBFC80B}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{FB11C145-470A-4BE1-A96F-DB93EB455DAD}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe | 
"UDP Query User{013AF885-B279-48B1-8C26-9D501B47A08A}C:\program files (x86)\titanium studio\plugins\com.appcelerator.titanium.python.win32_1.0.0.1312318466\python\python.exe" = protocol=17 | dir=in | app=c:\program files (x86)\titanium studio\plugins\com.appcelerator.titanium.python.win32_1.0.0.1312318466\python\python.exe | 
"UDP Query User{06654836-D8F8-4850-BD52-0F02534A7D05}G:\focusnatura\wp-portable-3-0\bin\apache2\bin\httpd-wpp.exe" = protocol=17 | dir=in | app=g:\focusnatura\wp-portable-3-0\bin\apache2\bin\httpd-wpp.exe | 
"UDP Query User{070FC759-1778-49B7-8E4A-F4D14879BBBC}G:\spiele\wow 3.3\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=17 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe | 
"UDP Query User{1431537B-DA4A-46DA-B318-A0B02AE6121E}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"UDP Query User{155BC496-EA88-4B52-B345-0904753C2D6E}G:\focusnatura\wp-portable-3-0\bin\mysql\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=g:\focusnatura\wp-portable-3-0\bin\mysql\bin\mysqld-nt.exe | 
"UDP Query User{2344C94C-DF58-4188-A9FD-A4026A825FDD}C:\users\andi\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\andi\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{3699BF9A-2EED-4A02-B0BA-CFAFD90D71AC}G:\spiele\lotro\lotroclient.exe" = protocol=17 | dir=in | app=g:\spiele\lotro\lotroclient.exe | 
"UDP Query User{384462A1-79DB-4B6E-8304-6926090367C9}G:\spiele\wow 3.3\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 
"UDP Query User{45990B92-AD3B-447A-B89F-56ADAC9DC9B2}C:\program files (x86)\ejamming\ejammingaudiio\ejammingaudiio.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ejamming\ejammingaudiio\ejammingaudiio.exe | 
"UDP Query User{4872CFFB-B5BE-4F98-85F6-BE5CAF03CE8C}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe | 
"UDP Query User{53FA5F3C-A357-401B-9DC0-8FB199E6DFFE}C:\program files (x86)\browser\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\browser\mozilla firefox\plugin-container.exe | 
"UDP Query User{59251942-1738-4269-A0D1-260CFAB6485C}G:\spiele\s2g\s25client.exe" = protocol=17 | dir=in | app=g:\spiele\s2g\s25client.exe | 
"UDP Query User{59A385FC-BC17-457E-8720-B095A18DDBD3}C:\program files (x86)\supercollider\scsynth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\supercollider\scsynth.exe | 
"UDP Query User{63937EB9-38E7-4709-86F0-C5CFB9756D34}C:\program files (x86)\browser\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\browser\mozilla firefox\firefox.exe | 
"UDP Query User{6B824D05-C1D9-4AF4-9D71-1EF3994DD895}C:\program files\steinberg\cubase 5\components\vstbridgeapp.exe" = protocol=17 | dir=in | app=c:\program files\steinberg\cubase 5\components\vstbridgeapp.exe | 
"UDP Query User{6D29F3F4-C186-44B6-9376-8F06CE17F966}C:\program files (x86)\novation\automap\automapserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\novation\automap\automapserver.exe | 
"UDP Query User{6F3AACBC-7EEA-4ADA-8784-E22125827108}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{79E2917A-FABE-4D32-938B-D630459E65A5}C:\program files (x86)\supercollider\supercollider.exe" = protocol=17 | dir=in | app=c:\program files (x86)\supercollider\supercollider.exe | 
"UDP Query User{853A1501-5322-4A7A-B80A-81C0F1A79773}G:\focusnatura\wp-portable-3-0 - kopie (2)\bin\apache2\bin\httpd-wpp.exe" = protocol=17 | dir=in | app=g:\focusnatura\wp-portable-3-0 - kopie (2)\bin\apache2\bin\httpd-wpp.exe | 
"UDP Query User{85DC5074-328F-43F9-9005-ADF347CB614E}C:\program files (x86)\resolume arena 4.0.1\arena.exe" = protocol=17 | dir=in | app=c:\program files (x86)\resolume arena 4.0.1\arena.exe | 
"UDP Query User{9A3B9B49-2B10-4545-A370-83135010C783}C:\program files (x86)\llcon\llcon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\llcon\llcon.exe | 
"UDP Query User{9A9375AF-F579-4BB6-B75C-7819B7881A9A}G:\spiele\wow 3.3\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.0.1.2210-enus-tools-downloader.exe | 
"UDP Query User{9CD544A6-D923-44C0-9E7A-5005E0F00983}C:\program files (x86)\novation\automap\automapserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\novation\automap\automapserver.exe | 
"UDP Query User{A3338740-8954-4FC8-AB67-19A2F85DF0C0}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{B59B08E0-E98C-4532-A91B-1F4A366E1ED2}C:\program files (x86)\unity\editor\unity.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe | 
"UDP Query User{B94BA4C2-09C0-4A4C-955D-5D5B6911AA42}C:\program files\autodesk\maya2012\bin\maya.exe" = protocol=17 | dir=in | app=c:\program files\autodesk\maya2012\bin\maya.exe | 
"UDP Query User{BAACBAF5-F222-4CC3-B93E-0FA0A1FCB131}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{BDF1D948-3CDA-41C2-B71F-459A3929ED87}C:\program files (x86)\mediacoder\mediacoder.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediacoder\mediacoder.exe | 
"UDP Query User{C0BE6BF9-12F1-4A18-BE49-C5995F937BFE}G:\spiele\wow 3.3\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"UDP Query User{CB905EBE-56D8-4D9B-956C-95DF39D5CADA}G:\focusnatura\wp-portable-3-0 - kopie (2)\bin\mysql\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=g:\focusnatura\wp-portable-3-0 - kopie (2)\bin\mysql\bin\mysqld-nt.exe | 
"UDP Query User{CC0BE077-C201-405A-A5A8-B7CBBA764EA9}G:\spiele\wow 3.3\blizzard downloader.exe" = protocol=17 | dir=in | app=g:\spiele\wow 3.3\blizzard downloader.exe | 
"UDP Query User{CC363F5A-A986-4BBA-AB7E-CBD52704C71A}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"UDP Query User{CE212E79-6818-4702-93DA-F7CAFC491CB3}C:\program files (x86)\titanium studio\titaniumstudio.exe" = protocol=17 | dir=in | app=c:\program files (x86)\titanium studio\titaniumstudio.exe | 
"UDP Query User{D306600A-BF36-4B3B-A965-2F0745BFCFA9}G:\spiele\wow 3.3\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.1.0.2317-enus-tools-downloader.exe | 
"UDP Query User{D3EFC400-BFD0-49AB-835A-6D3AC45738FA}G:\spiele\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=g:\spiele\dragon age\bin_ship\daorigins.exe | 
"UDP Query User{D502ABA0-89FC-4AE6-BFA4-AC8D9896FB10}G:\spiele\wow 3.3\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"UDP Query User{DD1DD994-3D6C-4E94-9A3B-A8BC8ED5EE1C}G:\spiele\wow 3.3\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 
"UDP Query User{E28DBE2B-00B5-48F9-986D-485A43A6F1AC}G:\spiele\wow 3.3\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"UDP Query User{E7849150-ACD1-47F7-A74F-D03FB15F0494}G:\programme\pd\bin\pd.exe" = protocol=17 | dir=in | app=g:\programme\pd\bin\pd.exe | 
"UDP Query User{EC1A4C86-84B0-4538-9663-36CDABCD5587}G:\spiele\wow 3.3\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=g:\spiele\wow 3.3\temp\wow-4.0.0.2104-enus-tools-downloader.exe | 
"UDP Query User{F13ACA2C-1519-4F22-98D3-5B00C12C2EDD}C:\users\andi\downloads\diablo-iii-setup-dede.exe" = protocol=17 | dir=in | app=c:\users\andi\downloads\diablo-iii-setup-dede.exe | 
"UDP Query User{F2FF2D8C-90C4-4974-A7CB-D9151EEC81E5}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe | 
"UDP Query User{F3B40540-80A2-4409-81FF-837216DC0670}C:\program files (x86)\steinberg\cubase 5\cubase5.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steinberg\cubase 5\cubase5.exe | 
"UDP Query User{F45B8F6E-EF71-43A2-B2DE-BC2F49AF5086}C:\program files\steinberg\cubase 5\cubase5.exe" = protocol=17 | dir=in | app=c:\program files\steinberg\cubase 5\cubase5.exe | 
"UDP Query User{F66458FD-8CC6-4036-A2B7-0A804C0CA516}G:\spiele\wow 3.3\backgrounddownloader.exe" = protocol=17 | dir=in | app=g:\spiele\wow 3.3\backgrounddownloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9}" = Native Instruments Guitar Rig 5
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0E086923-AAA3-4F98-A6E2-48B64CE27553}" = Native Instruments Reaktor Factory Selection
"{183C740A-0406-380F-A235-2EC2F8A28D13}" = Microsoft Windows SDK MSHelp (30514)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1DAF5307-E4E2-41F2-9903-863102C84A77}" = Native Instruments Skanner
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{2B7F5983-7076-4D6E-9207-D9D05722502F}" = Smart Technology Programming Software 7.0.2.7
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{3165EA9B-36CC-499B-96FF-36FC30E10EF4}" = License Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4529F749-C362-4119-AFA0-0A3F1CA924AB}" = Autodesk MatchMover 2012 64-bit
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5962F0C0-4719-1E0F-BCBA-3C2AF06C239C}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{639673E9-D53F-44F4-A046-485C8A6ADA16}" = Paint.NET v3.5.6
"{6438691E-D44E-4A18-B6C4-D1EB26281D6A}" = Native Instruments Mikro Prism
"{64A3A4F4-B792-11D6-A78A-00B0D0160250}" = Java(TM) SE Development Kit 6 Update 25 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0170010}" = Java(TM) SE Development Kit 7 Update 1 (64-bit)
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{69B583CE-463B-4B61-AEF6-C0166045A9EA}" = Blue Cat's Gain Suite VST-x64 3.01
"{6BED4DFE-C527-463E-B93A-6F6848B74DD0}" = Native Instruments Battery 3
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{743C5D75-6BC8-4881-BF7D-E7DF29F155F4}" = Steinberg HALionOne 64bit
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89026002-A893-42D9-9E20-6829B844735E}" = Application Verifier (x64)
"{8A9065DA-0293-41DA-A349-16E1A2605F64}" = Steinberg Cubase 5 64bit
"{8BE6BF06-8557-11DF-8EEF-13B3DFD72085}_is1" = Zen 1.6.6
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9BA2F491-A10D-4266-905B-61C549B35D97}_is1" = 4U Goniometer & Korrelator Version 1.0.2
"{9E6BB4E4-0B20-4922-AA37-260FA5ACFBA5}" = Autodesk Maya 2012 64-bit
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{AC07B5F9-BF11-4221-9E85-87A6F33BCBB3}" = Steinberg VST Classics 2 64bit
"{AC3E3746-8F18-4F8A-9521-1493022C6E0A}" = Autodesk DirectConnect 2012 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B307C60F-2DF4-8AA9-4215-6352F105F10B}" = ccc-utility64
"{B653153C-B4C7-45D0-B2EE-037A9F635FB0}" = Yamaha USB-MIDI Driver
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C1FB650C-FE43-84D6-942F-33767F4A90B8}" = AMD AVIVO64 Codecs
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D21540A9-37AC-40FC-8106-15A4C1A2DD1A}" = Oracle VM VirtualBox 4.1.4
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{DC045263-336D-4915-9170-E9A9AE1F2ADB}_is1" = 4U Meter, Fader & MS-Pan Version 1.0.2
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
"{EA234BC3-39FE-4734-B72F-076086889F6D}" = Composite 2012 64-bit
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FC4AD39F-9DCE-4BD0-B7D0-7C81CEB9F04B}" = NVIDIA PhysX Plug-in for Autodesk Maya 2012 64 bit
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"48DA9D7CD0A60ABE8FAF9B0BD6C99935B024BEA7" = Windows-Treiberpaket - LOUD Technologies Inc. (MackieAudio) MEDIA  (12/15/2009 1.7.0.1)
"Autodesk DirectConnect 2012 64-bit" = Autodesk DirectConnect 2012 64-bit
"Autodesk Maya 2012 64-bit" = Autodesk Maya 2012 64-bit
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1304
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Matrox VFW Software Codecs" = Matrox VFW Software Codecs, build 1.0.0.31 
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Novation USB Audio Driver_is1" = Novation USB Audio Driver 2.3
"REAPER" = REAPER (x64)
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"Sibelius 7.0.0.23_is1" = Sibelius 7.0.0.23
"SP6" = Logitech SetPoint 6.32
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"USB_AUDIO_DEusb-audio.deTTATMIDI" = MIDI USB driver
"Vienna Instruments_is1" = Vienna Instruments 4.1
"WhoCrashed_is1" = WhoCrashed 2.10
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0191D1AE-DB97-A3CB-9E50-61AC6D829760}" = CCC Help Spanish
"{02EBDD2F-58B6-D059-9889-1DA39B4E4BA6}" = CCC Help Swedish
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{045D4EDF-8DC1-43D7-BAFC-7AAEF99C7168}" = Adobe Creative Suite 6 Production Premium
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0489621E-DE2A-11E0-93EA-F04DA23A5C58}" = DVD Architect Studio 5.0
"{053C7D32-3566-452B-9A37-D42B4F4C5379}" = WaveAgent
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{106F9A11-6D38-4FDF-9A0A-BD6461C459F8}_is1" = TrainYourEars EQ Edition version 1.0
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15F02176-0D12-4FAF-B2CD-2767C7781427}" = Google SketchUp 8
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{1D111953-3C70-48E3-BB62-B669C724585C}" = Steinberg CC121 Extension 64bit
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216A560D-EE1D-553F-A512-FB3E48C066AB}" = CCC Help Dutch
"{237AE7F6-5BE0-06C0-1C5D-3F15B17836E6}" = CCC Help Chinese Traditional
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2C60BF08-3604-95BE-4E2C-2B253A1FF05F}" = CCC Help Russian
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{34A32F81-9779-8091-2AC6-251A99797F83}" = CCC Help Portuguese
"{36C0C3FC-6B7E-467A-81DB-6E4532B44374}" = Catalyst Control Center - Branding
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{405ACF62-2C40-956B-ED88-9BDBB8E7E6AB}" = CCC Help Japanese
"{42EB63A2-8D42-F70C-B7F7-A821CF4C4CBA}" = Catalyst Control Center Core Implementation
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{5755EBD2-BCB8-8C9F-B5F6-F8C7E3F4D772}" = CCC Help Greek
"{599D5FDA-304B-B6F9-7109-D14D98D0AEF8}" = CCC Help Finnish
"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C16E81-327C-49B6-9643-4F5EFD8A6B2D}" = winLAME 2010 beta 2
"{6632608D-DE22-000A-AF96-A3426B2F1AC5}" = Catalyst Control Center Localization All
"{68544F92-4A85-48F2-9997-40E02EFB2305}" = eJammingAUDiiO
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{6B4BE918-CA10-4CB4-AA34-295379CA4E5A}" = VSTPlayer
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7242AD09-AE6B-7B45-DE28-69CFD54B6AC6}" = Catalyst Control Center InstallProxy
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73D766DC-C79D-11DD-9A42-A17956D89593}" = SuperCollider
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B10D7BF-02B7-F510-EA11-92733B1AA947}" = CCC Help Norwegian
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{81BBE880-5409-11E1-BF7F-F04DA23A5C58}" = Vegas Movie Studio HD Platinum 11.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8CA1C3B5-BEF7-CA11-5465-264361B86A9C}" = ccc-core-static
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{91000001-C561-4E32-99EB-3C5AD3683A70}" = Waves Complete V9r5
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{93249DC5-F4BC-4AF7-B4BF-E52927302B5E}" = AKME FFmpeg 0.7.9
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9B7602DF-4A71-77E3-B714-834D3B377981}" = Catalyst Control Center Graphics Light
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D217983-0D17-6DF9-6004-BE7370F4CAF7}" = Catalyst Control Center Graphics Previews Vista
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A6457851-5EA9-45B0-AF1D-D2A0A4781CFB}" = MIDI-OX
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1" = Bass Station 1.6
"{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}" = MIDI-OX
"{AC6199F7-4411-09B7-2E14-8A8829ABEA46}" = Catalyst Control Center Graphics Full Existing
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{BFB51B96-BBED-3BCD-2910-FCF8E692FA2D}" = CCC Help Hungarian
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C2AF7B2D-7018-414B-9B8B-D3C9F3BED04F}" = Visual C++ Redistributables
"{C2F545C0-6FE6-E4D4-2B08-F48200467799}" = CCC Help Chinese Standard
"{C5B5A5FE-875C-0C7A-0AF6-B5096176F4DE}" = CCC Help Thai
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB8327D1-8F9E-E9C8-C42A-33F45DF06FD3}" = CCC Help Polish
"{CC89DAB5-10F6-9C2D-AA56-0AA5213BA000}" = CCC Help Italian
"{CD2FE3BE-784C-0967-A63A-C4C5E1EA04A3}" = CCC Help Korean
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2019967-5858-364E-6269-F85FD2C9D16E}" = CCC Help Turkish
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D5242CDB-8BD8-61EB-3CA3-DB87C4B4F2B3}" = Catalyst Control Center Graphics Previews Common
"{D73D0110-3C7C-BF4F-0904-6779B327C343}" = CCC Help Czech
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DBF4BC99-53F1-4C97-84C3-7557D103E182}" = Steinberg Groove Agent ONE Vintage Beatboxes
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEA491FB-48BC-4B6B-8902-FCD4BAB069BE}" = iLok Client Helper
"{E00AD25B-8D96-BE0A-BC90-318098FE0684}" = CCC Help French
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4480875-3E39-B8F5-4AEC-F19F2BF6AE0D}" = CCC Help English
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{E7463B84-E3FB-5659-D75E-BB0A311E4871}" = CCC Help Danish
"{EBAEEE00-5412-11E1-B144-001676AB6D60}" = MSVCRT Redists
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEB52713-AEED-2462-CDD4-AE42CCB3AD23}" = CCC Help German
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F88116EE-FFA7-D0C9-553C-AF5C5684A966}" = Catalyst Control Center Graphics Full New
"{FBE64702-E893-4D55-BA5C-514AAF11CCC4}" = Sibelius 7 OpenType Fonts
"{FD937297-84C3-41A5-B5DF-1FAEEE669D68}" = rtpMIDI
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"6140-2535-4985-4395" = Impro-Visor 5.08
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Android SDK Tools" = Android SDK Tools
"AudioMulch Interactive Music Studio_is1" = AudioMulch Interactive Music Studio 2.1.1
"Avira AntiVir Desktop" = Avira Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BloXpander Demo" = BloXpander Demo 1.3.0
"Camel Audio Alchemy64" = Camel Audio Alchemy64
"Cantabile 2.0 Lite" = Cantabile 2.0 Lite
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Lite" = DAEMON Tools Lite
"DarkWave Studio" = DarkWave Studio 3.3.2
"Death Rally" = Death Rally for Windows
"Diablo III" = Diablo III
"DVD Flick_is1" = DVD Flick 1.3.0.7
"eLicenser Control" = eLicenser Control
"FBackup 4_is1" = FBackup 4
"FileZilla Client" = FileZilla Client 3.5.0
"Filtrate LE" = Filtrate LE 1.004
"FLAC" = FLAC 1.2.1b (remove only)
"FMOD Designer" = FMOD Designer
"FMOD Sandbox" = FMOD Sandbox (remove only)
"FreeFileSync" = FreeFileSync 5.6
"GNU Solfege_is1" = GNU Solfege 3.20.6.1
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"Heroes of Might and Magic II Gold" = Heroes II Gold
"Inkscape" = Inkscape 0.48.1 
"InstallShield_{053C7D32-3566-452B-9A37-D42B4F4C5379}" = WaveAgent
"InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}" = License Support
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C2AF7B2D-7018-414B-9B8B-D3C9F3BED04F}" = Visual C++ Redistributables
"InstallShield_{DEA491FB-48BC-4B6B-8902-FCD4BAB069BE}" = iLok Client Helper
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"iZotope Nectar_is1" = iZotope Nectar
"LenMus" = lenmus v4.2.2
"Live 8.0.9" = Live 8.0.9
"Live 8.2.2" = Live 8.2.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MediaCoder" = MediaCoder 2011
"MeldaProduction Free VST Effects" = MeldaProduction Free VST Effects
"MeldaProduction MFreeEffectsBundle64 6" = MeldaProduction MFreeEffectsBundle64 6
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MuseScore" = MuseScore 1.2 MuseScore score typesetter
"Native Instruments Battery 3" = Native Instruments Battery 3
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Guitar Rig 5" = Native Instruments Guitar Rig 5
"Native Instruments Mikro Prism" = Native Instruments Mikro Prism
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Reaktor Factory Selection" = Native Instruments Reaktor Factory Selection
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Skanner" = Native Instruments Skanner
"NCLauncher_GameForge" = NC Launcher (GameForge)
"OpenAL" = OpenAL
"OpenLibraries" = OpenLibraries
"Pencil" = Pencil
"PriMus Free_is1" = PriMus Free 1.1 (Build 10152)
"PSP PianoVerb 1.7.1 64bit" = PSP PianoVerb 1.7.1 64bit
"PunkBusterSvc" = PunkBuster Services
"Raidcall" = Raidcall
"ReaPlugs" = ReaPlugs
"Registry Repair" = Registry Repair 4.1.0.388
"Resolume Arena 4.0.1_is1" = Resolume Arena 4.0.1
"Reverberate LE" = Reverberate LE 1.007
"RSSOwl" = RSSOwl
"Saitek Dual Analog Rumble Pad" = Saitek Dual Analog Rumble Pad
"Screen Capturer Recorder_is1" = Screen Capturer Recorder uninstall
"Scribus 1.3.3.14" = Scribus 1.3.3.14
"shortcircuit" = shortcircuit
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"Steam App 28050" = Deus Ex: Human Revolution
"SubtitleWorkshop" = Subtitle Workshop 2.51
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Titanium Studio" = Titanium Studio
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Unity" = Unity
"uTorrent" = µTorrent
"virtual audio capture grabber device_is1" = virtual audio capture grabber device uninstall
"VLC media player" = VLC media player 1.1.5
"Wild Tangent - Fate" = Wild Tangent - Fate
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"World of Warcraft" = World of Warcraft
"YAMB" = YAMB
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3536413052-1497961762-845648814-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dexpot" = Dexpot
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager
"Flux" = F.lux
"Free Alpha 3" = Free Alpha 3
"Google Chrome" = Google Chrome
"Torpedo PI-FREE" = Torpedo PI-FREE 1.0.12
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.10.2012 02:03:48 | Computer Name = LimatuII | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\Composite
 2012\python\lib\distutils\command\wininst-8_d.exe".  Die abhängige Assemblierung 
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 01.10.2012 02:54:43 | Computer Name = LimatuII | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Waves\Applications\wlc.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files (x86)\Waves\Applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST"
 in Zeile  8.  Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
 angeforderten Komponente überein.  Verweis: WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition:
 WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Verwenden
 Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 01.10.2012 02:54:49 | Computer Name = LimatuII | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Waves\Applications\GTRSolo 3.5.exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Waves\Applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST"
 in Zeile  8.  Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
 angeforderten Komponente überein.  Verweis: WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition:
 WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Verwenden
 Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 01.10.2012 02:54:49 | Computer Name = LimatuII | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Waves\Applications\GTR 3.5.exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Waves\Applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST"
 in Zeile  8.  Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
 angeforderten Komponente überein.  Verweis: WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition:
 WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Verwenden
 Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 01.10.2012 05:00:08 | Computer Name = LimatuII | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Waves\Applications\wlc.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files (x86)\Waves\Applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST"
 in Zeile  8.  Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
 angeforderten Komponente überein.  Verweis: WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition:
 WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Verwenden
 Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 01.10.2012 06:27:04 | Computer Name = LimatuII | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Bridge.exe, Version: 5.0.1.21, Zeitstempel:
 0x50226378  Name des fehlerhaften Moduls: atio6axx.dll, Version: 6.14.10.9551, Zeitstempel:
 0x4b68f993  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000001c53  ID des fehlerhaften
 Prozesses: 0x1ba0  Startzeit der fehlerhaften Anwendung: 0x01cd9fbef4597570  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\atio6axx.dll  Berichtskennung: 8a9ecd92-0bb2-11e2-a9f3-b8ac6f480875
 
Error - 01.10.2012 12:01:51 | Computer Name = LimatuII | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Cubase5.exe, Version: 5.5.0.602, 
Zeitstempel: 0x4c061a50  Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161,
 Zeitstempel: 0x4dace4e7  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000001e401
ID
 des fehlerhaften Prozesses: 0x1f6c  Startzeit der fehlerhaften Anwendung: 0x01cd9fede951db61
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Steinberg\Cubase 5\Cubase5.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\MSVCR90.dll
Berichtskennung:
 4f6acce1-0be1-11e2-a9f3-b8ac6f480875
 
Error - 01.10.2012 15:18:28 | Computer Name = LimatuII | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\Composite
 2012\python\lib\distutils\command\wininst-8_d.exe".  Die abhängige Assemblierung 
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 02.10.2012 03:17:08 | Computer Name = LimatuII | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\Composite
 2012\python\lib\distutils\command\wininst-8_d.exe".  Die abhängige Assemblierung 
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 02.10.2012 04:11:01 | Computer Name = LimatuII | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AfterFX.exe, Version: 11.0.1.12, 
Zeitstempel: 0x4fab6f50  Name des fehlerhaften Moduls: AfterFXLib.dll, Version: 0.0.0.0,
 Zeitstempel: 0x4fab92e1  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000004ad0a7
ID
 des fehlerhaften Prozesses: 0xe74  Startzeit der fehlerhaften Anwendung: 0x01cda07163861b7c
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Adobe\Adobe After Effects CS6\Support
 Files\AfterFX.exe  Pfad des fehlerhaften Moduls: C:\Program Files\Adobe\Adobe After
 Effects CS6\Support Files\AfterFXLib.dll  Berichtskennung: b3f4d39e-0c68-11e2-9401-b8ac6f480875
 
[ System Events ]
Error - 23.10.2012 11:13:58 | Computer Name = LimatuII | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFD  avipbb  avkmgr  CSC  DfsC  discache  NetBIOS  NetBT  nsiproxy  Psched  rdbss  spldr  tdx  VBoxDrv  VBoxUSBMon
Wanarpv6
WfpLwf
 
Error - 23.10.2012 11:24:05 | Computer Name = LimatuII | Source = DCOM | ID = 10005
Description = 
 
Error - 23.10.2012 11:24:05 | Computer Name = LimatuII | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 23.10.2012 11:24:05 | Computer Name = LimatuII | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 25.10.2012 11:20:53 | Computer Name = LimatuII | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 25.10.2012 11:25:46 | Computer Name = LimatuII | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 25.10.2012 11:27:26 | Computer Name = LimatuII | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 25.10.2012 12:34:45 | Computer Name = LimatuII | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 26.10.2012 15:38:29 | Computer Name = LimatuII | Source = LSI_SAS | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden.
 
Error - 26.10.2012 15:38:49 | Computer Name = LimatuII | Source = LSI_SAS | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden.
 
 
< End of report >
         
Danke und schöne Grüße,
Limatu

Antwort

Themen zu Trojan.Delf in "C:\ProgramData\lsass.exe"
anti-malware, appdata, board, brauch, bytes, code, computer, fund, geblockt, installiert, lsass.exe, malware, malware bytes, meldung, polizei virus, problem, quarantäne, richtig, screen, start, start von windows, temp, trojan.delf, trojaner, trojaner board, update, verwendet, virus, windows



Ähnliche Themen: Trojan.Delf in "C:\ProgramData\lsass.exe"


  1. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  2. Windows Vista-Servicepack 1: Auf Webseiten erscheint "Fehler: Server nicht gefunden". Ursache: Virus ProgramData, Wprotectmanager, IePlugin
    Log-Analyse und Auswertung - 06.11.2014 (12)
  3. TR/BProtector.Gen in C:\ProgramData\BitGuard\2.7.1832.68\{61d8b74e-8d89-46ff-afa6-33382 , nach "In Quarantäne verschieben" kommt Blue Screen
    Log-Analyse und Auswertung - 13.04.2014 (11)
  4. RegSvR32: Das Modul "C:\ProgramData\troddoa.dat" konnte nicht geladen werden
    Plagegeister aller Art und deren Bekämpfung - 27.02.2014 (5)
  5. Trojan.delf in C:\ProgramData\lsass.exe und Trojan. Ransom.Gem. Was tun?
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (2)
  6. Bei Systemstart Trojaner mit Webcam (lsass.exe / ctfmon.lnk / Trojan.Delf)
    Plagegeister aller Art und deren Bekämpfung - 19.10.2012 (1)
  7. "Licensevalidator.exe" u.A.: ESET meldet "Win32/Kryptik.ADPW trojan" sowie "Win32/Gataka.A trojan"
    Log-Analyse und Auswertung - 12.04.2012 (21)
  8. viren "Trojan:Win32/Bumat!rts" und "Exploit Java/CVE-2010-0840.ew" auf Laptop
    Plagegeister aller Art und deren Bekämpfung - 05.10.2011 (8)
  9. Malwarereinigung: "TR/Kazy.25747.40", "Trojan.Downloader..." und "Backdoor: Win32Cycbot.B"
    Log-Analyse und Auswertung - 09.06.2011 (1)
  10. "muxyi.exe" und Fehler bei Rechte zu "C:\ProgramData\Microsoft\Windows"
    Plagegeister aller Art und deren Bekämpfung - 08.01.2011 (5)
  11. "0.05870814618642739.exe" ("Win32:Trojan-gen") in "C:\Users\***\AppData\Local\Temp\"
    Plagegeister aller Art und deren Bekämpfung - 02.01.2011 (25)
  12. "Trojan.Vundo-Variant/F" in Datei "C:\Windows\Syswow64\avsredirect.dll" + vorher weitere Schädlinge
    Plagegeister aller Art und deren Bekämpfung - 19.12.2010 (15)
  13. Programm "sdfsdf" (lsass.exe) erscheint beim Herunterfahren
    Plagegeister aller Art und deren Bekämpfung - 23.07.2010 (8)
  14. SystemProc\lsass.ece | ProgramData\ds32gt32.dll |ProgramData\dskquoto32.dll | uvm.
    Plagegeister aller Art und deren Bekämpfung - 06.06.2010 (10)
  15. AVG findet "Trojan horse Generic15.EAM", Antimalware "Trojan.Agent" + "Rootkit.Agent"
    Plagegeister aller Art und deren Bekämpfung - 03.11.2009 (13)
  16. fehler beim win boot: "lsass.exe - systemfehler ...."
    Alles rund um Windows - 24.05.2007 (8)
  17. PC fährt automatisch herunter "lsass.exe"
    Plagegeister aller Art und deren Bekämpfung - 27.08.2005 (7)

Zum Thema Trojan.Delf in "C:\ProgramData\lsass.exe" - Hallo liebes Trojaner Board Team, ich habe ein Problem mit dem "Polizei Virus". Beim Start von Windows erscheint nach kurzer Zeit eine Meldung am Screen, das ich 100€ bezahlen soll - Trojan.Delf in "C:\ProgramData\lsass.exe"...
Archiv
Du betrachtest: Trojan.Delf in "C:\ProgramData\lsass.exe" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.