Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Win 8.1: Trojaner eingefangen (https://www.trojaner-board.de/171540-win-8-1-trojaner-eingefangen.html)

CptMw 25.09.2015 22:52
Win 8.1: Trojaner eingefangen
 
Hallo,

ich habe mir da blöderweise was eingefangen und wäre über Hilfestellung bei der Entfernung dankbar.

Ich habe eine .exe ausgeführt, blöderweise mit Admin-Rechten.

Nach meinen Recherchen handelt es sich um diesen süßen Fratz hxxp://www.virusradar.com/en/MSIL_Kryptik.DNN/description

https://www.virustotal.com/en/file/673cf41507f5809b25aeb30fccbcc4d85fe7d9d48e971080b5a2fb4df2fe954e/analysis/

https://malwr.com/analysis/OTQyYzViZGNiMjg5NDBjZTkyMTdiOWYzZTZhODY5MTI/

Das Teil hat sich nach AppData kopiert und einen Autorun-Eintrag angelegt (via Task Scheduler), welchen ich händisch entfernt habe.

Anschließend hat MBAM noch die Binary und 2 Registry-Einträge gelöscht.

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 25.09.2015
Scan Time: 22:44
Logfile: mbam.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.25.05
Rootkit Database: v2015.09.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: mongole

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 371471
Time Elapsed: 6 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE, Quarantined, [08118ba9f09b61d514ecf80efb09ce32],
Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE, Quarantined, [08118ba9f09b61d514ecf80efb09ce32],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Agent, C:\Users\mongole\AppData\Roaming\chrome.exe, Quarantined, [08118ba9f09b61d514ecf80efb09ce32],

Physical Sectors: 0
(No malicious items detected)


(end)
Hier nun die Logfiles.

Defogger

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:21 on 25/09/2015 (mongole)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST64

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
Ran by mongole (administrator) on MONGOMACHINE-8 (25-09-2015 23:40:42)
Running from B:\TEMP\mozOpenDownload
Loaded Profiles: mongole (Available Profiles: mongole)
Platform: Windows 8.1 Enterprise (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: "C:\Program Files\Pale Moon\palemoon.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() M:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.2\EMET_Service.exe
(SecureMix LLC) M:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(MSI) C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
(MSI) C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\ECO Center\ECO_Service.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(Microsoft Corporation) C:\Windows\System32\nfsclnt.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.2\EMET_Agent.exe
() M:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Greenshot) M:\Program Files\Greenshot\Greenshot.exe
(RaMMicHaeL) M:\Program Files (x86)\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
(alch) M:\Program Files (x86)\ClamWin\bin\ClamTray.exe
() M:\Program Files (x86)\ownCloud\owncloud.exe
() M:\Program Files\Ditto\Ditto.exe
(Andrea Russo - Italy) C:\Program Files (x86)\ClamSentinel\ClamSentinel.exe
(SecureMix LLC) M:\Program Files (x86)\GlassWire\GlassWire.exe
(VirtuaWin) C:\Program Files (x86)\VirtuaWin\VirtuaWin.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
() C:\Program Files (x86)\VirtuaWin\modules\WinList.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(TrueCrypt Foundation) M:\Program Files\TrueCrypt\TrueCrypt.exe
(SecureMix LLC) M:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(The Pidgin developer community) M:\Program Files (x86)\Pidgin\pidgin.exe
() M:\Program Files\HexChat\hexchat.exe
() M:\Program Files (x86)\qBittorrent\qbittorrent.exe
() M:\Program Files (x86)\Spaz\Spaz.exe
() M:\Program Files (x86)\SABnzbd\SABnzbd.exe
(Moonchild Productions) C:\Program Files\Pale Moon\palemoon.exe
(Valve Corporation) M:\Games\Steam\Steam.exe
(Valve Corporation) M:\Games\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) M:\Games\Steam\bin\steamwebhelper.exe
(Valve Corporation) M:\Games\Steam\bin\steamwebhelper.exe
(Sysinternals - www.sysinternals.com) M:\Programme\SysinternalsSuite\Autoruns.exe
(ConEmu-Maximus5) C:\Program Files\ConEmu\ConEmu64.exe
(ConEmu-Maximus5) C:\Program Files\ConEmu\ConEmu\ConEmuC64.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(EJIE Technology) C:\Program Files (x86)\Clover\clover.exe
(Moonchild Productions) C:\Program Files\FossaMail\FossaMail.exe
() C:\Program Files (x86)\VirusTotalUploader2\VirusTotalUploader2.2.exe
() B:\Downloads\Defogger.exe
(Malwarebytes Corporation) M:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() M:\Program Files (x86)\ClamWin\bin\clamscan.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-15] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14862456 2015-09-01] (Logitech Inc.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [OODefragTray] => M:\Program Files\OO Software\Defrag\oodtray.exe
HKLM\...\Run: [Greenshot] => m:\Program Files\Greenshot\Greenshot.exe [540672 2015-04-19] (Greenshot)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-08-09] (IvoSoft)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2715536 2015-04-10] (Dominik Reichl)
HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [735744 2013-02-27] (Creative Technology Ltd)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [GDataUsbProtection] => C:\Program Files (x86)\G DATA\USB KEYBOARD GUARD\GD2NDKBB.exe [1412216 2014-09-05] (G Data Software AG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [39175960 2015-08-14] (Dropbox, Inc.)
HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [830416 2015-08-03] (MSI)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [11328464 2015-09-11] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-06-18] (Malwarebytes Corporation)
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKLM\...\Command Processor: "C:\Program Files (x86)\clink\0.4.2\clink" inject --profile "~\clink" <======= ATTENTION
HKLM-x32\...\Command Processor: "C:\Program Files (x86)\clink\0.4.2\clink" inject --profile "~\clink" <======= ATTENTION
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [7 Taskbar Tweaker] => M:\Program Files (x86)\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [380416 2015-08-22] (RaMMicHaeL)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [ClamWin] => m:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2015-05-05] (alch)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [SandboxieControl] => m:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-06-23] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [Google Update] => C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [ownCloud] => M:\Program Files (x86)\ownCloud\owncloud.exe [1748494 2015-09-01] ()
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [Ditto] => m:\Program Files\Ditto\Ditto.exe [1975808 2015-01-10] ()
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [LoxCONTROL] => M:\Program Files (x86)\Loxone\LoxoneConfig\LoxCONTROL.exe [1865176 2014-05-07] (Loxone Electronics GmbH)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [f.lux] => C:\Users\mongole\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [Clam Sentinel] => C:\Program Files (x86)\ClamSentinel\ClamSentinel.exe [737280 2014-07-18] (Andrea Russo - Italy)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [GlassWire] => M:\Program Files (x86)\GlassWire\glasswire.exe [12771872 2015-07-30] (SecureMix LLC)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {00fc8422-4518-11e4-8264-0015833d0a57} - "Z:\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {07a2f1dc-dbb6-11e4-8291-97d8e33ee520} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0b248c5f-c9bc-11e4-8290-0015833d0a57} - "R:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0d1c3130-6b70-11e4-8273-0015833d0a57} - "J:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0d1c31a4-6b70-11e4-8273-0015833d0a57} - "J:\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0d1c31c9-6b70-11e4-8273-0015833d0a57} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0d1c3228-6b70-11e4-8273-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {14df6a04-0a84-11e5-82a0-0015833d0a57} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {162e6353-bf1e-11e4-828f-0015833d0a57} - "Q:\BvsC_Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {18bfff98-a6b1-11e4-8284-e65431e47091} - "R:\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {2df4f224-5338-11e5-82b8-c975e38b645c} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {2f6767ba-72b0-11e4-8277-0015833d0a57} - "P:\start.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {4ab32722-d8e7-11e4-8291-97d8e33ee520} - "H:\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {4ab327eb-d8e7-11e4-8291-97d8e33ee520} - "H:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {4ab328a3-d8e7-11e4-8291-97d8e33ee520} - "L:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {4fc9a4b0-580a-11e5-82ba-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {60881c93-86fc-11e4-827e-9f3555d7a4f3} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {642b4753-b3df-11e4-828e-a9ce0c2de137} - "P:\Autorun.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {642b4891-b3df-11e4-828e-a9ce0c2de137} - "P:\Autorun.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {714b828f-4260-11e5-82b7-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {762b7399-7812-11e4-827d-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {762b75e7-7812-11e4-827d-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {762b9426-7812-11e4-827d-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {83042a8e-617d-11e4-8273-0015833d0a57} - "J:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {83042bc2-617d-11e4-8273-0015833d0a57} - "J:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {83043e48-617d-11e4-8273-0015833d0a57} - "J:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {830440a0-617d-11e4-8273-0015833d0a57} - "K:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {83044447-617d-11e4-8273-0015833d0a57} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {89f42221-ff1a-11e4-82a0-0015833d0a57} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {9aada012-a252-11e4-8284-e65431e47091} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {9aadaf0b-a252-11e4-8284-e65431e47091} - "R:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {a4fef4da-5e67-11e5-82ba-0015833d0a57} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {a9a16c7d-0027-11e5-82a0-0015833d0a57} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {b22c0533-6397-11e5-82bc-0015833d0a57} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {b39f8cc0-1d22-11e5-82a9-0015833d0a57} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {d225db12-d660-11e4-8291-97d8e33ee520} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {d225e732-d660-11e4-8291-97d8e33ee520} - "H:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {dc266ba8-80b9-11e4-827d-0015833d0a57} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {dfac2b46-37c5-11e5-82b2-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e0617187-c45c-11e4-828f-0015833d0a57} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e06176a3-c45c-11e4-828f-0015833d0a57} - "R:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e54e06e4-b393-11e4-828e-a9ce0c2de137} - "H:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e54e0808-b393-11e4-828e-a9ce0c2de137} - "H:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e7b61e58-9e1a-11e4-8284-e65431e47091} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [{BF6DA836-4385-488D-8F01-89E886CAD41D}] => "B:\Killer_Network_Drivers_(driver_only)_1.1.50.1073\Killer\setup.exe"
HKU\S-1-5-18\...\Policies\system: [DisableLockWorkstation] 0
ShellIconOverlayIdentifiers: [  OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCErrorShared] -> {0960F091-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCOKShared] -> {0960F093-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCSyncShared] -> {0960F095-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCWarning] -> {0960F096-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCWarningShared] -> {0960F097-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BtProx.lnk [2015-03-29]
ShortcutTarget: BtProx.lnk -> C:\Program Files (x86)\BtProx\btprox.exe (BtProx)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Duplicati.lnk [2014-10-19]
ShortcutTarget: Duplicati.lnk -> M:\Program Files\Duplicati\Duplicati.exe (HexaD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-09-07]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)
Startup: C:\Users\mongole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk [2014-12-16]
ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)
Startup: C:\Users\mongole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VirtuaWin.lnk [2014-09-23]
ShortcutTarget: VirtuaWin.lnk -> C:\Program Files (x86)\VirtuaWin\VirtuaWin.exe (VirtuaWin)
BootExecute: autocheck autochk /m /P \Device\TrueCryptVolumeZautocheck autochk *
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{8F5EDCF9-F14F-4A0C-AEB1-5860B2A385C0}: [NameServer] 192.168.100.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-29] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-29] (Oracle Corporation)
BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> C:\Program Files (x86)\Clover\TabHelper64.dll [2014-01-23] (EJIE Technology)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> m:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-06-27] (FreeDownloadManager.ORG)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\mongole\AppData\Roaming\Mozilla\Firefox\Profiles\q1eucqck.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-29] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> m:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> m:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> m:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-11-27] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin HKU\S-1-5-21-3859236888-2619314948-3413747170-1001: @tools.google.com/Google Update;version=3 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-3859236888-2619314948-3413747170-1001: @tools.google.com/Google Update;version=9 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - m:\Program Files (x86)\Free Download Manager\Firefox\Extension
FF Extension: Free Download Manager plugin - m:\Program Files (x86)\Free Download Manager\Firefox\Extension [2014-09-25]
StartMenuInternet: FIREFOX.EXE - m:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
S2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [112640 2013-07-03] (Creative Technology Ltd)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-07-25] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-07-25] (Dropbox, Inc.)
R2 DirMngr; m:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2014-09-03] () [File not signed]
R2 EMET_Service; C:\Program Files (x86)\EMET 5.2\EMET_Service.exe [22680 2015-03-11] (Microsoft Corporation)
S3 FileZilla Server; m:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [794584 2015-06-12] (FileZilla Project)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [762272 2015-09-11] (Garmin Ltd. or its subsidiaries)
R2 GlassWire; M:\Program Files (x86)\GlassWire\GWCtlSrv.exe [7438880 2015-07-30] (SecureMix LLC)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 iked; m:\Program Files\ShrewSoft\VPN Client\iked.exe [1127736 2013-07-01] ()
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
S3 ipsecd; m:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-07-01] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-04-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [402432 2015-07-07] (Rivet Networks) [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [192120 2015-09-01] (Logitech Inc.)
S3 MBAMService; m:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MSIBIOSData_CC; C:\Program Files (x86)\MSI\Command Center\BIOSData\MSIBIOSDataService.exe [2106832 2015-06-29] (MSI)
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [4045264 2015-08-03] (MSI)
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2123216 2015-07-08] (MSI)
S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe [4177360 2015-07-07] (MSI)
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2002896 2015-07-28] (MSI)
R2 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2284496 2015-07-30] (MSI)
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2072528 2015-06-29] (MSI)
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [599504 2015-07-28] (MSI)
R2 MSI_ECOSERVICE; C:\Program Files (x86)\MSI\ECO Center\ECO_Service.exe [2266280 2015-03-27] (Micro-Star INT'L CO., LTD.)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1768912 2015-09-11] (Micro-Star INT'L CO., LTD.)
R2 NfsClnt; C:\Windows\system32\nfsclnt.exe [100352 2014-09-25] (Microsoft Corporation)
S3 OODefragAgent; M:\Program Files\OO Software\Defrag\oodag.exe [1660200 2014-08-29] (O&O Software GmbH)
S3 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S2 SbieSvc; m:\Program Files\Sandboxie\SbieSvc.exe [175752 2015-06-23] (Sandboxie Holdings, LLC)
S3 Synergy; M:\Program Files\Synergy\synergyd.exe [298496 2014-05-23] () [File not signed]
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
S2 uvnc_service; m:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe [1979136 2015-05-28] (UltraVNC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 MPlayerWWService; "M:\Programme\mplayer\tools\MPlayerWWService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [118320 2015-06-19] (Rivet Networks, LLC.)
R3 bthav; C:\Windows\system32\drivers\bthav.sys [40448 2008-07-10] (CSR, plc)
R3 cthda; C:\Windows\system32\drivers\cthda.sys [1060632 2013-07-03] (Creative Technology Ltd)
R3 cthdb; C:\Windows\system32\DRIVERS\cthdb.sys [34072 2013-07-03] (Creative Technology Ltd)
R0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [210632 2014-07-09] ()
S3 dvblink_tuner; C:\Windows\system32\drivers\dvblink_tuner.sys [78184 2013-10-24] (DVBLogic)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 GDKBBlocker; C:\Windows\system32\drivers\GDKBBlocker64.sys [30720 2015-03-04] (G Data Software AG)
R1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (SecureMix LLC)
S3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [126512 2015-03-18] (Qualcomm Atheros, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-25] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation)
R3 NfsRdr; C:\Windows\System32\drivers\nfsrdr.sys [261120 2014-09-25] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NTIOLib_ECO; C:\Program Files (x86)\MSI\ECO Center\NTIOLib_X64.sys [13808 2014-01-06] (MSI)
R3 NTIOLib_MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-26] (MSI)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-02-05] (NVIDIA Corporation)
S3 pbfilter; M:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
S3 PORTMON; M:\Programme\SysinternalsSuite\PORTMSYS.SYS [28656 2015-07-11] (Systems Internals) [File not signed]
R2 RAMDriv; C:\Windows\system32\DRIVERS\ramdriv.sys [81912 2012-12-27] (Micro-Star Int'l Co., Ltd.)
R3 RpcXdr; C:\Windows\System32\drivers\rpcxdr.sys [131072 2014-09-25] (Microsoft Corporation)
R3 SbieDrv; m:\Program Files\Sandboxie\SbieDrv.sys [190088 2015-06-23] (Sandboxie Holdings, LLC)
S3 UDST7000BDA; C:\Windows\system32\DRIVERS\TerraTecUsbBda.sys [917160 2012-08-20] (TerraTec Electronic GmbH.)
S3 UDST7000HID; C:\Windows\System32\drivers\TerraTecUsbHid.sys [26408 2012-08-20] (TerraTec Electronic GmbH.)
U5 UnlockerDriver5; c:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [146072 2015-07-09] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115208 2015-05-13] (Oracle Corporation)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [192344 2015-07-25] (IDRIX)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wod0205; C:\Windows\system32\DRIVERS\wod0205.sys [33160 2011-04-23] (WeOnlyDo Software)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
U0 xtcx; C:\Windows\System32\drivers\elqmjfvr.sys [79064 2015-09-25] (Malwarebytes Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
U3 kglcypob; \??\B:\TEMP\kglcypob.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-25 23:38 - 2015-09-25 23:40 - 00000000 ____D C:\FRST
2015-09-25 23:21 - 2015-09-25 23:21 - 00000000 _____ C:\Users\mongole\defogger_reenable
2015-09-25 22:51 - 2015-09-25 22:51 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\elqmjfvr.sys
2015-09-25 22:38 - 2015-09-25 22:50 - 00000000 ____D C:\Windows\System32\Tasks\Update
2015-09-25 22:38 - 2015-09-25 22:38 - 00000445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOMA.lnk
2015-09-25 22:38 - 2015-09-25 22:38 - 00000000 ____D C:\Users\mongole\AppData\Roaming\F3247B3C-E835-478E-8AA4-F9949F685480
2015-09-25 17:11 - 2015-09-25 17:11 - 00000021 _____ C:\Windows\S.dirmngr
2015-09-25 16:05 - 2015-08-22 15:42 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-09-25 16:05 - 2015-08-10 20:15 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-09-25 16:05 - 2015-08-10 20:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-09-25 16:05 - 2015-08-10 20:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-09-25 16:05 - 2015-08-10 19:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-09-25 16:05 - 2015-08-10 18:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-09-25 16:05 - 2015-08-10 18:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-09-25 16:05 - 2015-08-07 23:41 - 07460168 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-25 16:05 - 2015-08-07 23:40 - 01736520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-25 16:05 - 2015-08-07 23:40 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-25 16:05 - 2015-08-07 23:40 - 01134752 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-25 16:05 - 2015-08-07 23:40 - 00686960 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-25 16:05 - 2015-08-07 23:40 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-25 16:05 - 2015-08-07 16:13 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-25 16:05 - 2015-08-06 21:15 - 01658544 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-25 16:05 - 2015-08-06 21:15 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-09-25 16:05 - 2015-08-06 21:15 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-25 16:05 - 2015-08-06 21:15 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-09-25 16:05 - 2015-08-06 19:05 - 00669184 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2015-09-25 16:05 - 2015-08-06 18:47 - 04710400 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-09-25 16:05 - 2015-08-06 18:37 - 00536576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2015-09-25 16:05 - 2015-08-06 18:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-09-25 16:05 - 2015-07-16 20:58 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\NcdAutoSetup.dll
2015-09-23 21:06 - 2015-09-23 21:09 - 00000000 ____D C:\Users\mongole\AppData\Roaming\FRITZ!
2015-09-23 21:04 - 2015-09-23 21:04 - 00000726 _____ C:\Users\Public\Desktop\FRITZ!fax.lnk
2015-09-23 21:04 - 2015-09-23 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!
2015-09-23 21:04 - 2006-02-23 12:16 - 00047616 _____ (TODO: <Company name>) C:\Windows\system32\AvmColorFax.dll
2015-09-23 21:04 - 2006-02-23 11:35 - 00020480 _____ C:\Windows\system32\FritzColorPort64.dll
2015-09-23 21:04 - 2006-02-22 10:53 - 00043520 _____ (TODO: <Company name>) C:\Windows\system32\AvmFax.dll
2015-09-23 21:04 - 2006-02-22 10:51 - 00027136 _____ (AVM Berlin GmbH) C:\Windows\system32\FriDru64.dll
2015-09-23 21:04 - 2006-02-22 10:39 - 00020480 _____ C:\Windows\system32\FritzPort64.dll
2015-09-23 21:03 - 2015-09-23 21:03 - 00000000 ____D C:\ProgramData\ISDNWatch
2015-09-23 21:03 - 2015-09-23 21:03 - 00000000 ____D C:\ProgramData\FRITZ!fax für FRITZ!Box
2015-09-23 20:58 - 2015-09-23 20:58 - 00000174 _____ C:\Windows\setup.log
2015-09-22 20:35 - 2015-09-14 02:29 - 42840368 _____ C:\Windows\system32\nvcompiler.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 37819000 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 22525560 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 16637528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 14936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 13660648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 12514824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 12185344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 11096696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-09-22 20:35 - 2015-09-14 02:29 - 03530608 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 03116160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 02940024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 02627192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 01898288 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435598.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 01558832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435598.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 01105976 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 01074808 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 01064056 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00986232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00944760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00943712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00879000 _____ C:\Windows\system32\nvmcumd.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00512904 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00421544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00408184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00364152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-09-17 16:50 - 2015-09-17 16:50 - 00000000 ____D C:\Users\mongole\AppData\Roaming\XnView
2015-09-16 18:58 - 2015-09-16 18:58 - 00000000 ____D C:\Users\mongole\AppData\Roaming\TagScanner
2015-09-16 18:58 - 2015-09-16 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner
2015-09-15 23:24 - 2015-09-15 23:24 - 00000000 ____D C:\Users\mongole\AppData\Roaming\pdfforge
2015-09-15 23:24 - 2015-09-15 23:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-09-15 23:24 - 2015-06-04 10:36 - 00115592 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2015-09-15 04:12 - 2015-09-15 04:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-09-12 03:14 - 2015-09-12 03:14 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-12 03:14 - 2015-09-12 03:14 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-09-12 03:14 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-09-11 20:08 - 2015-09-11 20:08 - 00000711 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hatred.lnk
2015-09-11 01:21 - 2015-09-11 01:21 - 00000000 ____D C:\Users\mongole\AppData\Roaming\IrfanView
2015-09-11 01:21 - 2015-09-11 01:21 - 00000000 ____D C:\Program Files\IrfanView
2015-09-11 00:21 - 2015-09-25 17:11 - 00002070 _____ C:\Windows\setupact.log
2015-09-11 00:21 - 2015-09-11 00:21 - 00000000 _____ C:\Windows\setuperr.log
2015-09-10 22:18 - 2015-09-10 22:18 - 00000018 _____ C:\Users\mongole\start
2015-09-10 21:44 - 2015-09-10 22:18 - 00000018 _____ C:\Users\mongole\stop
2015-09-10 21:05 - 2015-09-14 02:29 - 14635600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-09-10 21:05 - 2015-08-25 20:46 - 01898288 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435582.dll
2015-09-10 21:05 - 2015-08-25 20:46 - 01558648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435582.dll
2015-09-10 20:57 - 2015-09-03 04:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-10 20:57 - 2015-09-03 04:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-10 20:57 - 2015-09-02 20:48 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-10 20:57 - 2015-09-02 19:09 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-10 20:57 - 2015-09-02 04:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-10 20:57 - 2015-09-02 04:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-10 20:57 - 2015-09-02 04:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-10 20:57 - 2015-09-02 04:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-10 20:57 - 2015-09-02 04:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-10 20:57 - 2015-08-27 04:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-10 20:57 - 2015-08-26 20:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-10 20:57 - 2015-08-26 20:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-10 20:57 - 2015-08-26 20:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-10 20:57 - 2015-08-26 20:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-10 20:57 - 2015-08-26 16:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-10 20:57 - 2015-08-26 16:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-10 20:57 - 2015-08-26 16:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-10 20:57 - 2015-08-26 16:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-09-10 20:57 - 2015-08-26 16:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-10 20:57 - 2015-08-26 16:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-10 20:57 - 2015-08-26 16:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-10 20:57 - 2015-08-22 20:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-10 20:57 - 2015-08-22 19:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-10 20:57 - 2015-08-22 19:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-10 20:57 - 2015-08-22 19:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-10 20:57 - 2015-08-22 19:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-10 20:57 - 2015-08-22 19:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-10 20:57 - 2015-08-22 18:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-10 20:57 - 2015-08-22 18:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-10 20:57 - 2015-08-22 18:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-09-10 20:57 - 2015-08-22 18:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-10 20:57 - 2015-08-22 18:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-09-10 20:57 - 2015-08-22 18:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-10 20:57 - 2015-08-22 18:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-10 20:57 - 2015-08-22 18:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-10 20:57 - 2015-08-22 18:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-10 20:57 - 2015-08-22 18:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-10 20:57 - 2015-08-22 18:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-10 20:57 - 2015-08-22 18:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-10 20:57 - 2015-08-22 18:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-09-10 20:57 - 2015-08-22 18:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-10 20:57 - 2015-08-22 18:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-09-10 20:57 - 2015-08-22 18:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-10 20:57 - 2015-08-22 18:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-10 20:57 - 2015-08-22 18:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-10 20:57 - 2015-08-22 18:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-10 20:57 - 2015-08-22 18:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-10 20:57 - 2015-08-22 18:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-10 20:57 - 2015-08-22 17:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-10 20:57 - 2015-08-22 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-10 20:57 - 2015-08-03 23:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-10 20:57 - 2015-08-03 23:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-10 20:57 - 2015-08-01 16:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-10 20:57 - 2015-08-01 05:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2015-09-10 20:57 - 2015-08-01 05:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2015-09-10 20:57 - 2015-08-01 05:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-10 20:57 - 2015-08-01 05:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2015-09-10 20:57 - 2015-08-01 05:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2015-09-10 20:57 - 2015-07-30 19:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-10 20:57 - 2015-07-30 18:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-10 20:57 - 2015-07-22 16:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-10 20:57 - 2015-07-22 16:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-09-10 20:57 - 2015-07-22 16:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-10 20:57 - 2015-07-22 16:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-09-10 20:57 - 2015-07-18 20:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2015-09-10 20:57 - 2015-07-18 20:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2015-09-10 20:57 - 2015-07-18 20:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2015-09-10 20:57 - 2015-07-18 20:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2015-09-07 01:18 - 2015-09-07 01:18 - 00002801 _____ C:\Users\Public\Desktop\Killer Network Manager.lnk
2015-09-07 01:18 - 2015-09-07 01:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Killer Networking
2015-09-07 01:18 - 2015-09-07 01:18 - 00000000 ____D C:\ProgramData\Killer
2015-09-07 01:18 - 2015-09-07 01:18 - 00000000 ____D C:\Program Files\Killer Networking
2015-09-05 17:51 - 2015-09-05 17:51 - 00000722 _____ C:\Users\mongole\Desktop\Act of Aggression.lnk
2015-09-05 17:51 - 2015-09-05 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Act of Aggression
2015-09-04 21:10 - 2015-09-04 21:12 - 00000000 ____D C:\Users\mongole\Documents\b1-keys
2015-09-04 21:10 - 2015-09-04 21:10 - 00000000 ____D C:\Users\mongole\b1-keys
2015-09-02 14:25 - 2015-09-02 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-02 13:36 - 2015-09-02 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.0
2015-08-30 19:57 - 2015-08-30 19:57 - 00000665 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2015-08-30 19:57 - 2015-08-30 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-08-30 19:57 - 2015-08-30 19:57 - 00000000 ____D C:\Program Files (x86)\WinPcap
2015-08-29 13:19 - 2015-08-29 13:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
2015-08-29 12:55 - 2015-08-29 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guacamelee! Super Turbo Championship Edition [GOG.com]
2015-08-29 12:24 - 2015-08-29 12:24 - 00000000 ____D C:\Users\mongole\AppData\Roaming\Sun
2015-08-29 12:24 - 2015-08-29 12:24 - 00000000 ____D C:\Users\mongole\.oracle_jre_usage
2015-08-27 20:17 - 2015-08-27 20:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2015-08-27 20:17 - 2015-08-27 20:17 - 00000000 ____D C:\Program Files\Classic Shell

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-25 23:40 - 2015-04-25 06:20 - 00000000 ____D C:\Program Files\McAfee
2015-09-25 23:40 - 2014-09-22 21:43 - 00000000 ____D C:\Users\mongole\AppData\Roaming\.purple
2015-09-25 23:39 - 2014-10-26 01:01 - 00000000 ____D C:\Users\mongole\AppData\Roaming\Ditto
2015-09-25 23:37 - 2014-10-17 18:44 - 00001158 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001UA.job
2015-09-25 23:30 - 2014-09-22 15:18 - 00070702 _____ C:\Users\mongole\Desktop\main.kdbx
2015-09-25 23:27 - 2015-04-25 06:20 - 00000000 ____D C:\Program Files\stinger
2015-09-25 23:22 - 2014-10-31 13:52 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-25 23:21 - 2014-09-21 21:21 - 00000000 ____D C:\Users\mongole
2015-09-25 22:54 - 2014-09-21 21:26 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3859236888-2619314948-3413747170-1001
2015-09-25 22:51 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\tracing
2015-09-25 22:48 - 2014-09-22 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ConEmu
2015-09-25 22:48 - 2014-09-22 21:39 - 00000000 ____D C:\Program Files\ConEmu
2015-09-25 22:41 - 2015-07-25 19:36 - 00001246 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-09-25 19:47 - 2014-09-21 21:27 - 01816717 _____ C:\Windows\WindowsUpdate.log
2015-09-25 19:41 - 2015-07-25 19:36 - 00001242 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-09-25 17:37 - 2014-10-12 20:02 - 00000000 ____D C:\Users\mongole\AppData\Roaming\qBittorrent
2015-09-25 17:17 - 2014-09-22 15:08 - 00763218 _____ C:\Windows\system32\perfh007.dat
2015-09-25 17:17 - 2014-09-22 15:08 - 00159364 _____ C:\Windows\system32\perfc007.dat
2015-09-25 17:17 - 2014-03-18 12:01 - 01780340 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-25 17:14 - 2014-09-23 01:24 - 00000000 ____D C:\Users\mongole\AppData\Roaming\HexChat
2015-09-25 17:13 - 2014-09-26 00:20 - 00006469 _____ C:\Windows\SysWOW64\Gms.log
2015-09-25 17:12 - 2014-09-24 22:03 - 00000000 ____D C:\Users\mongole\AppData\Roaming\Dropbox
2015-09-25 17:12 - 2014-09-21 21:21 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2015-09-25 17:11 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-25 16:55 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-09-25 16:54 - 2014-09-22 15:20 - 00000000 ____D C:\Users\mongole\AppData\Roaming\KeePass
2015-09-25 16:39 - 2014-10-17 18:44 - 00002452 _____ C:\Users\mongole\Desktop\Google Chrome Canary.lnk
2015-09-25 16:05 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-09-25 02:58 - 2014-10-02 21:17 - 00001780 _____ C:\Windows\Sandboxie.ini
2015-09-25 01:47 - 2014-09-25 15:33 - 00000000 ____D C:\Users\mongole\AppData\Roaming\foobar2000
2015-09-24 22:58 - 2014-10-05 20:45 - 00000000 ____D C:\Users\mongole\AppData\Roaming\vlc
2015-09-24 20:29 - 2014-09-22 23:04 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2015-09-24 20:29 - 2014-03-18 11:51 - 00083868 _____ C:\Windows\PFRO.log
2015-09-24 20:27 - 2014-09-22 23:04 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-09-24 20:27 - 2014-09-22 23:04 - 00006223 _____ C:\Windows\LkmdfCoInst.log
2015-09-24 20:27 - 2014-09-22 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-09-24 19:40 - 2014-10-30 11:15 - 00004208 __RSH C:\ProgramData\ntuser.pol
2015-09-24 13:12 - 2015-03-16 21:35 - 00000000 ____D C:\Program Files\Pale Moon
2015-09-24 04:37 - 2014-10-17 18:44 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001Core.job
2015-09-23 21:03 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\Help
2015-09-22 20:35 - 2014-09-24 01:32 - 00000000 ____D C:\Temp
2015-09-22 20:35 - 2014-09-22 15:15 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-22 20:34 - 2014-09-26 00:16 - 00000000 ____D C:\MSI
2015-09-22 20:34 - 2014-09-26 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2015-09-22 20:34 - 2014-09-26 00:12 - 00000000 ____D C:\Program Files (x86)\MSI
2015-09-15 04:32 - 2014-10-17 18:44 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001UA
2015-09-15 04:32 - 2014-10-17 18:44 - 00003728 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001Core
2015-09-15 04:12 - 2014-09-22 23:59 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2015-09-15 04:12 - 2014-09-22 23:59 - 00001906 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2015-09-15 04:12 - 2014-09-22 23:59 - 00000000 ____D C:\Program Files (x86)\Garmin
2015-09-15 04:12 - 2014-09-21 21:27 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-15 03:18 - 2013-08-22 17:38 - 00812008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-15 03:18 - 2013-08-22 17:38 - 00178152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-14 02:29 - 2015-02-21 21:30 - 18543736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-09-14 02:29 - 2014-11-17 00:00 - 15513208 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-09-14 02:29 - 2014-09-22 15:15 - 17082928 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-09-14 02:29 - 2014-09-22 15:15 - 00112760 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-09-14 02:29 - 2014-09-22 15:15 - 00105080 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-09-14 02:29 - 2014-09-22 15:15 - 00033079 _____ C:\Windows\system32\nvinfo.pb
2015-09-14 00:09 - 2014-09-22 15:15 - 06884984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-09-14 00:09 - 2014-09-22 15:15 - 03496056 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-09-14 00:09 - 2014-09-22 15:15 - 02558584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-09-14 00:09 - 2014-09-22 15:15 - 00937776 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-09-14 00:09 - 2014-09-22 15:15 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-09-14 00:09 - 2014-09-22 15:15 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-09-13 20:24 - 2014-09-22 22:51 - 00000000 ____D C:\Users\mongole\AppData\Roaming\gnupg
2015-09-11 14:17 - 2014-09-22 15:15 - 05231082 _____ C:\Windows\system32\nvcoproc.bin
2015-09-11 01:00 - 2014-10-24 23:29 - 00000038 _____ C:\Users\mongole\.lesshst
2015-09-11 00:33 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-09-11 00:23 - 2014-10-19 23:36 - 00000738 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ownCloud.lnk
2015-09-10 22:44 - 2014-10-02 21:44 - 00000912 __RSH C:\Users\mongole\ntuser.pol
2015-09-10 21:08 - 2013-08-22 16:44 - 00409384 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-10 21:07 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-10 21:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-09-10 20:58 - 2014-03-18 11:43 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-08 22:55 - 2014-09-22 21:36 - 00001771 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FossaMail.lnk
2015-09-08 22:55 - 2014-09-22 21:36 - 00000000 ____D C:\Program Files\FossaMail
2015-09-06 00:52 - 2015-06-22 22:15 - 00000992 _____ C:\Users\mongole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2015-09-05 20:14 - 2014-09-25 20:49 - 00000000 ____D C:\Users\mongole\Documents\My Games
2015-09-05 17:38 - 2014-10-24 23:35 - 00000000 ____D C:\Users\mongole\.VirtualBox
2015-09-05 09:16 - 2014-11-16 20:05 - 00000600 _____ C:\Users\mongole\AppData\Roaming\winscp.rnd
2015-09-04 19:49 - 2015-01-11 17:43 - 00034426 _____ C:\Users\mongole\Documents\default.xdb
2015-09-02 14:25 - 2015-07-25 19:36 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-08-31 23:15 - 2014-09-26 01:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPU-Z
2015-08-29 13:02 - 2015-01-16 03:24 - 00000000 ____D C:\Users\mongole\AppData\Roaming\Azureus
2015-08-29 12:55 - 2014-09-24 01:29 - 00384876 _____ C:\Windows\DirectX.log
2015-08-29 12:24 - 2015-01-19 22:50 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-08-29 12:24 - 2015-01-19 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-29 12:24 - 2014-10-02 16:27 - 00000000 ____D C:\Program Files\Java
2015-08-26 18:37 - 2014-09-23 00:29 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-26 11:36 - 2015-02-08 19:26 - 00000000 ____D C:\Program Files (x86)\TeamViewer

==================== Files in the root of some directories =======

2014-11-16 20:05 - 2015-09-05 09:16 - 0000600 _____ () C:\Users\mongole\AppData\Roaming\winscp.rnd
2014-09-24 04:01 - 2014-10-28 08:45 - 0005632 _____ () C:\Users\mongole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-22 14:53 - 2015-04-12 14:56 - 0000000 _____ () C:\Users\mongole\AppData\Local\Driver_LOM_8161Present.flag
2015-03-01 01:39 - 2015-03-01 01:39 - 0000000 ___SH () C:\Users\mongole\AppData\Local\LumaEmu
2014-11-24 20:59 - 2015-09-02 20:45 - 0000600 _____ () C:\Users\mongole\AppData\Local\PUTTY.RND
2014-09-26 12:29 - 2015-02-18 01:23 - 0007600 _____ () C:\Users\mongole\AppData\Local\resmon.resmoncfg
2014-10-13 07:21 - 2014-10-13 07:21 - 0004222 _____ () C:\Users\mongole\AppData\Local\Shrew Soft VPN.7z

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-23 02:12

==================== End of FRST.txt ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by mongole (2015-09-25 23:40:55)
Running from B:\TEMP\mozOpenDownload
Windows 8.1 Enterprise (X64) (2014-09-21 19:21:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3859236888-2619314948-3413747170-500 - Administrator - Disabled)
Guest (S-1-5-21-3859236888-2619314948-3413747170-501 - Limited - Disabled)
mongole (S-1-5-21-3859236888-2619314948-3413747170-1001 - Administrator - Enabled) => C:\Users\mongole

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7+ Taskbar Tweaker v5.0 (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\7 Taskbar Tweaker) (Version: 5.0 - RaMMicHaeL)
7-Zip 15.05 beta x64 (HKLM\...\7-Zip) (Version:  - )
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Act of Aggression (HKLM-x32\...\Act of Aggression_is1) (Version:  - )
Activision(R) (x32 Version: 1.00.0000 - Activision) Hidden
ADBGUI6 (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\979922cacf20f967) (Version: 6.0.1.22 - URGERO.ORG)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.8 - Sereby Corporation)
Among The Sleep (HKLM-x32\...\Among The Sleep_is1) (Version:  - )
And Yet It Moves (HKLM-x32\...\Steam App 18700) (Version:  - Broken Rules)
Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.3.3 - Angry IP Scanner)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Areca (HKLM-x32\...\Areca) (Version:  - )
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version:  - Studio Wildcard)
Assassins Creed Unity (HKLM-x32\...\QXNzYXNzaW5zQ3JlZWRVbml0eQ==_is1) (Version: 1 - )
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)
AxCrypt 1.7.3156.0 (HKLM\...\{8B49CDB9-824C-44D6-A5D3-D0235D3030B8}) (Version: 1.7.3156.0 - Axantum Software AB)
Battle vs. Chess (HKLM-x32\...\Battle vs. Chess_is1) (Version: 1.0 - Zuxxez Entertainment)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)
BIT.TRIP RUNNER (HKLM-x32\...\Steam App 63710) (Version:  - Gaijin Games)
Bitcoin Core (32-bit) (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Bitcoin Core (32-bit)) (Version: 0.10.1 - Bitcoin Core project)
Bitcoin Core (64-bit) (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Bitcoin Core (64-bit)) (Version: 0.11.0 - Bitcoin Core project)
BleachBit (HKLM-x32\...\BleachBit) (Version: 1.8 - BleachBit)
Bloodsports TV (HKLM-x32\...\Bloodsports TV_is1) (Version:  - )
Blur(TM) (HKLM-x32\...\InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}) (Version: 1.00.0000 - Activision)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
BtProx (HKLM-x32\...\BtProx) (Version:  - Uri Kogan)
Call of Duty - Advanced Warfare (HKLM-x32\...\Call of Duty - Advanced Warfare_is1) (Version:  - )
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Citrix AppCenter (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.Citrix AppCenter) (Version: 1.0 - Delivered by Citrix)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.2.0.10 - Citrix Systems, Inc.)
Citrix Terminalserver (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@TS.Citrix Terminalserver) (Version: 1.0 - Delivered by Citrix)
Clam Sentinel 1.22 (HKLM-x32\...\{060FE577-1BDF-4330-ACCA-B6760AB07191}_is1) (Version:  - Andrea Russo - Italy)
ClamWin Free Antivirus 0.98.7 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version:  - alch)
Classic Shell (HKLM\...\{E289B7DD-6732-4333-A47A-75A145D23EE3}) (Version: 4.2.4 - IvoSoft)
Clink v0.4.2 (HKLM-x32\...\clink_0.4.2) (Version: 0.4.2 - Martin Ridgers)
Closure (HKLM-x32\...\Steam App 72000) (Version:  - Eyebrow Interactive)
Clover 3.0 (HKLM-x32\...\Clover) (Version: 3.0 - EJIE Technology)
cmd (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.cmd) (Version: 1.0 - Delivered by Citrix)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
ConEmu (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.ConEmu) (Version: 1.0 - Delivered by Citrix)
ConEmu 150913.x64 (HKLM\...\{FE293547-3E5B-4E1F-B9A8-724C4881CA22}) (Version: 11.150.9130 - ConEmu-Maximus5)
Contagion (HKLM-x32\...\Steam App 238430) (Version:  - Monochrome, Inc)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version:  - Nexon)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CPUID CPU-Z 1.73 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DBOX2 Image-Flashing-Assistent 3.1 (HKLM-x32\...\DBOX2 Image-Flashing-Assistent_is1) (Version:  - Hallenberg.com)
Dead Island (HKLM-x32\...\Steam App 91310) (Version:  - Techland)
DEAD OR ALIVE 5 Last Round (HKLM-x32\...\REVBRE9SQUxJVkU1TGFzdFJvdW5k_is1) (Version: 1 - )
Dead Rising 3 (HKLM-x32\...\Dead Rising 3_is1) (Version:  - )
Depth (HKLM-x32\...\Steam App 274940) (Version:  - Digital Confectioners)
Desura (HKLM-x32\...\Desura) (Version: 100.59 - Desura)
DigiTweet (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\7d5aa0ba8fedecb4) (Version: 1.0.0.59 - Digiflare Inc.)
DiskCryptor 1.1 (HKLM\...\DiskCryptor_is1) (Version: 1.1 - hxxp://diskcryptor.net/)
DiskInternals Linux Reader (HKLM-x32\...\DiskInternals Linux Reader) (Version: 2.2 - DiskInternals Research)
Ditto (HKLM\...\Ditto_is1) (Version:  - Scott Brogden)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
DS Storage Manager 10 (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.DS Storage Manager 10) (Version: 1.0 - Delivered by Citrix)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
Duke Nukem 3D: Megaton Edition (HKLM-x32\...\Steam App 225140) (Version:  - 3D Realms)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version:  - Trendy Entertainment)
Duplicati (x64) (HKLM\...\{77BA8977-0BA6-4A83-A741-1DFAD23A6B23}) (Version: 1.3.4 - HexaD)
Dying Light (HKLM-x32\...\Dying Light_is1) (Version:  - )
Dying Light Update v1.4.0 (HKLM-x32\...\RHlpbmdMaWdodA==_is1) (Version: 1 - )
Elevated Installer (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
EMET 5.2 (HKLM-x32\...\{F4DCB44D-F072-43A1-B4A5-57619C7B22D2}) (Version: 5.2 - Microsoft Corporation)
Exact Audio Copy 1.1 (HKLM-x32\...\Exact Audio Copy) (Version: 1.1 - Andre Wiethoff)
f.lux (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Flux) (Version:  - )
Fahrenheit Indigo Prophecy Remastered (HKLM-x32\...\Fahrenheit Indigo Prophecy Remastered_is1) (Version:  - )
Far Cry 4 (HKLM-x32\...\Far Cry 4_is1) (Version:  - )
Far Cry 4 Valley of the Yeti Addon (HKLM-x32\...\RmFyQ3J5NA==_is1) (Version: 1 - )
FileZilla Client 3.12.0.2 (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\FileZilla Client) (Version: 3.12.0.2 - Tim Kosse)
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.53 - FileZilla Project)
Firefox (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.Firefox) (Version: 1.0 - Delivered by Citrix)
FlatOut: Ultimate Carnage (HKLM-x32\...\Steam App 12360) (Version:  - Bugbear Entertainment)
foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
FORCED (HKLM-x32\...\Steam App 249990) (Version:  - BetaDwarf)
FossaMail 25.1.7 (x64 en-US) (HKLM\...\FossaMail 25.1.7 (x64 en-US)) (Version: 25.1.7 - Mozilla)
Free Download Manager 3.9.6 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
FTPRush 2.1.8 (HKLM-x32\...\FTP Rush_is1) (Version: 2.1.8 - wftpserver.com)
G DATA USB KEYBOARD GUARD (HKLM-x32\...\{D8CBD59F-B29D-4E38-9D66-DEAEAB473FA9}) (Version: 1.1.0.4 - G DATA Software AG)
Garmin Express (HKLM-x32\...\{44d9dfc0-3a4a-4439-870f-f97550a9bc8d}) (Version: 4.1.8.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Geometry Dash (HKLM-x32\...\R2VvbWV0cnlEYXNo_is1) (Version: 1 - )
GlassWire 1.1 (remove only) (HKLM-x32\...\GlassWire 1.1) (Version: 1.1.21 - SecureMix LLC)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Chrome Canary (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Google Chrome SxS) (Version: 47.0.2518.0 - Google Inc.)
Gow (HKLM-x32\...\Gow) (Version:  - )
Gpg4win (2.2.4) (HKLM-x32\...\GPG4Win) (Version: 2.2.4 - The Gpg4win Project)
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Greenshot 1.2.6.7 (HKLM\...\Greenshot_is1) (Version: 1.2.6.7 - Greenshot)
Gtk# for .Net 2.12.22 (HKLM-x32\...\{06AF6533-F201-47C0-8675-AAAE5CB81B41}) (Version: 2.12.22 - Xamarin, Inc.)
Guacamelee! Super Turbo Championship Edition (HKLM-x32\...\1207665733_is1) (Version: 2.0.0.1 - GOG.com)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Halite (HKLM\...\{A6E8D850-4C28-4C6F-8B69-1109D0709F29}) (Version: 0.4.02 - BinaryNotions.com)
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
HashCheck Shell Extension (x86-32) (HKLM-x32\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
HashCheck Shell Extension (x86-64) (HKLM\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
Hatred Survival Addon (HKLM-x32\...\SGF0cmVk_is1) (Version: 1 - )
HexChat (HKLM\...\HexChat_is1) (Version: 2.10.2 - HexChat)
How to Survive (HKLM-x32\...\Steam App 250400) (Version:  - EKO Software)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.16.0.001 - HTC Corporation)
i2pd version 0.2.1 (HKLM\...\i2pd_is1) (Version: 0.2.1 - )
iNFekt NFO Viewer (HKLM\...\{B1AC8E6A-6C47-4B6D-A853-B4BF5C83421C}_is1) (Version: 0.9.5 - syndicode)
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{84A2B59B-6A7B-4C01-8592-15C9BFE6AC36}) (Version: 2.4.3 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
IrfanView 64 (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
Jamestown (HKLM-x32\...\Steam App 94200) (Version:  - Final Form Games)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Jitsi (HKLM\...\{1069D709-EDA7-472D-A5EE-97C8E3E398AB}) (Version: 2.8.5426 - Jitsi)
JSignPdf 1.6.1 (HKLM-x32\...\JSignPdf_is1) (Version: 1.6.1 - Josef Cacek)
KeePass Password Safe 2.29 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.29 - Dominik Reichl)
Killer Bandwidth Control Filter Driver (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer E220x Drivers (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer Network Manager (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.54.1095 - Qualcomm Atheros)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LibreOffice 5.0.1.2 (HKLM\...\{A18CF6D8-7CE1-46F2-85B9-D87B7197B2F6}) (Version: 5.0.1.2 - The Document Foundation)
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.8.6.2 - Hermann Schinagl)
Logitech Gaming Software 8.72 (HKLM\...\Logitech Gaming Software) (Version: 8.72.107 - Logitech Inc.)
Loxone Config (HKLM-x32\...\LoxoneConfig_is1) (Version: 6.3 - Loxone Electronics GmbH)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MediaInfo 0.7.77 (HKLM\...\MediaInfo) (Version: 0.7.77 - MediaArea.net)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.2 (HKLM-x32\...\{06C90FCC-4C95-4142-A0AF-D3A4C12882DE}_is1) (Version: 1.2 - Sam Rodberg)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Firefox 40.0.3 (x86 de) (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
MSI Command Center (HKLM-x32\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 1.0.1.00 - MSI)
MSI ECO Center (HKLM-x32\...\{1E55202F-4D31-498A-8F72-97DCBA9F2866}_is1) (Version: 1.0.0.35 - MSI)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.1.008 - MSI)
Mumble 1.3.0 (HKLM\...\{006B90FD-7E67-4908-A718-9B87B875DD04}) (Version: 1.3.0 - The Mumble team)
My Game Long Name (HKLM\...\UDK-348e5299-f952-4ecf-bb48-70a2184543c0) (Version:  - Epic Games, Inc.)
Namecoin 0.3.80 (HKLM-x32\...\Namecoin_is1) (Version:  - )
Next Car Game Sneak Peek 2.0 (HKLM-x32\...\Steam App 272860) (Version:  - Bugbear)
Next Car Game: Wreckfest (HKLM-x32\...\Steam App 228380) (Version:  - Bugbear)
Nidhogg (HKLM-x32\...\Steam App 94400) (Version:  - Messhof)
Nmap 6.47 (HKLM-x32\...\Nmap) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8 - Notepad++ Team)
NVIDIA Grafiktreiber 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.98 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
O&O Defrag Professional (HKLM\...\{46CD29D7-580C-4E2E-8469-BD7F7CB1CCF8}) (Version: 18.0.39 - O&O Software GmbH)
Oddworld - New 'n' Tasty (HKLM-x32\...\1424782569_is1) (Version: 2.0.0.1 - GOG.com)
OlliOlli (HKLM-x32\...\T2xsaU9sbGk=_is1) (Version: 1 - )
Online Plug-in (x32 Version: 14.2.0.10 - Citrix Systems, Inc.) Hidden
Oracle VM VirtualBox 5.0.0 (HKLM\...\{FCD0B365-2189-45F3-9AF2-2BCED86C121A}) (Version: 5.0.0 - Oracle Corporation)
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - Robot Entertainment)
Ori and the Blind Forest (HKLM-x32\...\Ori and the Blind Forest_is1) (Version:  - )
ownCloud (HKLM-x32\...\ownCloud) (Version: 2.0.1.5446 - ownCloud)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Pale Moon 25.7.0 (x64 en-US) (HKLM\...\Pale Moon 25.7.0 (x64 en-US)) (Version: 25.7.0 - Moonchild Productions)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge)
PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.312.1 - Tracker Software Products (Canada) Ltd.)
PeaZip 5.7.0 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Peerunity (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Peerunity) (Version: 0.1.0.0 - Peerunity project)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.11 - )
pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
Pillars of Eternity (HKLM-x32\...\1207666813_is1) (Version: 2.0.0.1 - GOG.com)
PNGGauntlet (HKLM-x32\...\{B2D251E2-A78B-42C2-9D94-695A8CCC17E9}) (Version: 3.1.1 - Ben Hollis)
PokerTH (HKLM-x32\...\PokerTH 1.1.1) (Version: 1.1.1 - www.pokerth.net)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version:  - Running With Scissors)
Pro Evolution Soccer 2015 GERMAN (HKLM-x32\...\UHJvRXZvbHV0aW9uU29jY2VyMjAxNQ==_is1) (Version: 1 - )
Process Hacker 2.36 (r6153) (HKLM\...\Process_Hacker2_is1) (Version: 2.36.0.6153 - wj32)
Psi (remove only) (HKLM-x32\...\Psi) (Version:  - )
Putty (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.Putty) (Version: 1.0 - Delivered by Citrix)
qBittorrent 3.2.3 (HKLM-x32\...\qBittorrent) (Version: 3.2.3 - The qBittorrent project)
QNAP Qfinder (HKLM-x32\...\QNAP_FINDER) (Version: 5.0.1.0225 - QNAP Systems, Inc.)
QuickSFV (Remove only) (HKLM\...\QuickSFV) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.5 - Rockstar Games)
SABnzbd 0.7.20 (HKLM-x32\...\SABnzbd) (Version: 0.7.20 - The SABnzbd Team)
Saints Row: Gat out of Hell (HKLM-x32\...\U2FpbnRzUm93R2F0b3V0b2ZIZWxs_is1) (Version: 1 - )
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.51.00(19.06.2014) - Samsung Electronics Co., Ltd.)
Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.05.07 (20.07.2012) - Samsung Electronics Co., Ltd.)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.05.00 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.19.0 - Samsung Electronics Co., Ltd.)
Sandboxie 4.20 (64-bit) (HKLM\...\Sandboxie) (Version: 4.20 - Sandboxie Holdings, LLC)
Self-Service Plug-in (x32 Version: 4.2.0.2495 - Citrix Systems, Inc.) Hidden
SERVER-MGMT Desktop (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.SERVER-MGMT Desktop) (Version: 1.0 - Delivered by Citrix)
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version:  - )
Sir You Are Being Hunted v1.3 64BiT version 1.3 (HKLM-x32\...\Sir You Are Being Hunted v1.3 64BiT_is1) (Version: 1.3 - WaLMaRT)
SOMA (HKLM\...\U09NQQ==_is1) (Version: 1 - )
Sonic & All-Stars Racing Transformed (HKLM-x32\...\Steam App 212480) (Version:  - Sumo Digital)
Sound Blaster Z-Series (HKLM-x32\...\{47F19FB5-6878-4AE4-9313-446335E334D8}) (Version: 1.00.24 - Creative Technology Limited)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Spaz (HKLM-x32\...\Spaz.AIR.16CB261D461B1CA2027F7C39946115FA2DC8CD7F.1) (Version: 0.9.24 - UNKNOWN)
Spaz (x32 Version: 0.9.24 - UNKNOWN) Hidden
Spintires (HKLM-x32\...\Spintires_is1) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.9811 - Krzysztof Kowalczyk)
Synergy (64-bit) (HKLM\...\{FDD88467-9C61-4E2D-BA69-2A89735A21CC}) (Version: 1.5.0 - The Synergy Project)
System Shock 2 (HKLM-x32\...\Steam App 238210) (Version:  - Irrational Games)
TagScanner 5.1.668 (HKLM-x32\...\TagScanner_is1) (Version:  - Sergey Serkov)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45862 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Tembo the Badass Elephant (HKLM-x32\...\Tembo the Badass Elephant_is1) (Version:  - )
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Evil Within (HKLM-x32\...\VGhlRXZpbFdpdGhpbg==_is1) (Version: 1 - )
The Vanishing of Ethan Carter (HKLM-x32\...\The Vanishing of Ethan Carter_is1) (Version:  - )
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)
The Witcher 3 Wild Hunt (HKLM-x32\...\The Witcher 3 Wild Hunt_is1) (Version:  - )
TOXIKK (HKLM-x32\...\Steam App 324810) (Version:  - Reakktor Studios)
TrackMania² Stadium (HKLM-x32\...\Steam App 232910) (Version:  - Nadeo)
Transmission Remote GUI 5.0.1 (HKLM-x32\...\transgui_is1) (Version:  - Yury Sidorov)
Trials Fusion - After the Incident (HKLM-x32\...\Trials Fusion - After the Incident_is1) (Version:  - )
Trials Fusion - Fire in the Deep (HKLM-x32\...\Trials Fusion - Fire in the Deep_is1) (Version:  - )
Trials Fusion (HKLM-x32\...\Trials Fusion_is1) (Version:  - )
Trine 3 The Artifacts of Power (HKLM-x32\...\Trine 3 The Artifacts of Power_is1) (Version:  - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TV-Browser 3.4.1.0 (HKLM-x32\...\tvbrowser) (Version: 3.4.1.0 - TV-Browser Team)
Ultratron (HKLM-x32\...\Steam App 219190) (Version:  - Puppygames)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.2.0.6 - uvnc bvba)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Universal Management Suite Administrator (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.Universal Management Suite Administrat) (Version: 1.0 - Delivered by Citrix)
Universal Management Suite Console (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.Universal Management Suite Console) (Version: 1.0 - Delivered by Citrix)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Unreal Tournament: Game of the Year Edition (HKLM-x32\...\Steam App 13240) (Version:  - Epic Games, Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.0f-2 - IDRIX)
Vim 7.4.711 (HKLM-x32\...\Vim) (Version:  - )
VirtuaWin Unicode v4.4 (HKLM-x32\...\VirtuaWin_is1) (Version:  - )
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware vSphere Client (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.VMware vSphere Client) (Version: 1.0 - Delivered by Citrix)
VNC (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.VNC) (Version: 1.0 - Delivered by Citrix)
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
WATCH_DOGS Update v1.04.497 (HKLM-x32\...\V0FUQ0hfRE9HUw==_is1) (Version: 1 - )
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 3.6 - Bazis)
WinDirStat 1.1.2 (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\WinDirStat) (Version:  - )
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinSCP 5.7.4 (HKLM-x32\...\winscp3_is1) (Version: 5.7.4 - Martin Prikryl)
Wippien 2.5 (HKLM\...\A4DA3EE7-C6FC-44AD-9E47-9A4D3B0099D3_is1) (Version:  - )
Wireshark 1.12.7 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.7 - The Wireshark developer community, hxxp://www.wireshark.org)
Worms Reloaded (HKLM-x32\...\Steam App 22600) (Version:  - Team17 Software Ltd.)
XCA (X Certificate and Key Management) (HKLM-x32\...\xca) (Version: 1.2.0 - Christian Hohnstaedt <christian@hohnstaedt.de>)
YubiKey Personalization Tool (HKLM-x32\...\yubikey-personalization-gui) (Version: 3.1.18 - Yubico AB)

CptMw 25.09.2015 22:53
Code:
==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{1BEAC3E3-B852-44F4-B468-8906C062422E}\localserver32 -> C:\Users\mongole\AppData\Local\Google\Chrome SxS\Application\47.0.2518.0\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{65713842-C410-4f44-8383-BFE01A398C90}\InprocServer32 -> m:\Program Files (x86)\ClamWin\bin\ExpShell64.dll ()
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> M:\Program Files\MediaInfo\MediaInfo_InfoTip.dll (MediaArea.net)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{B3F5EDE0-4267-49eb-A775-799895476453}\InprocServer32 -> m:\Program Files\iNFekt\infekt-nfo-shell.dll (syndicode)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{B8D080EE-9541-460f-A1AE-7C43CDA96C0F}\InprocServer32 -> m:\Program Files\iNFekt\infekt-nfo-shell.dll (syndicode)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2015-09-11 01:01 - 00002659 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 a-0001.a-msedge.net
127.0.0.1 choice.microsoft.com
127.0.0.1 choice.microsoft.com.nsatc.net
127.0.0.1 compatexchange.cloudapp.net
127.0.0.1 corp.sts.microsoft.com
127.0.0.1 corpext.msitadfs.glbdns2.microsoft.com
127.0.0.1 cs1.wpc.v0cdn.net
127.0.0.1 df.telemetry.microsoft.com
127.0.0.1 diagnostics.support.microsoft.com
127.0.0.1 fe2.update.microsoft.com.akadns.net
127.0.0.1 feedback.microsoft-hohm.com
127.0.0.1 feedback.search.microsoft.com
127.0.0.1 feedback.windows.com
127.0.0.1 i1.services.social.microsoft.com
127.0.0.1 i1.services.social.microsoft.com.nsatc.net
127.0.0.1 oca.telemetry.microsoft.com
127.0.0.1 oca.telemetry.microsoft.com.nsatc.net
127.0.0.1 pre.footprintpredict.com
127.0.0.1 redir.metaservices.microsoft.com
127.0.0.1 reports.wes.df.telemetry.microsoft.com
127.0.0.1 services.wes.df.telemetry.microsoft.com
127.0.0.1 settings-sandbox.data.microsoft.com
127.0.0.1 sls.update.microsoft.com.akadns.net
127.0.0.1 sqm.df.telemetry.microsoft.com
127.0.0.1 sqm.telemetry.microsoft.com
127.0.0.1 sqm.telemetry.microsoft.com.nsatc.net
127.0.0.1 statsfe1.ws.microsoft.com
127.0.0.1 statsfe2.update.microsoft.com.akadns.net
127.0.0.1 statsfe2.ws.microsoft.com

There are 14 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03AA455F-D91A-487D-91C6-2E460B1F5E08} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-25] (Dropbox, Inc.)
Task: {2E2385AA-5866-465A-8E65-9F4B95924710} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-08-13] ()
Task: {3930A1E9-B5C5-4B6C-A1E4-460A2E7CF383} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-09-11] ()
Task: {613F8E20-CB4F-4A29-A577-4785ED6840B1} - System32\Tasks\iSCSIAgentAutoStartup => m:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe [2015-02-25] ()
Task: {615C2D13-ECEC-4A3E-911F-12FF2E00F912} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001UA => C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {7EAD4639-8D71-41EC-A19B-50076B0EA426} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-04-09] ()
Task: {81721326-32A8-497D-B7E2-EAA4F81A8C59} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {88BFD09E-2004-42B8-8D29-4B8325C763B5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001Core => C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A361FEBF-4CF1-4B2D-9111-ADFE0688E332} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-25] (Dropbox, Inc.)
Task: {D6E457A3-1C07-467F-AF60-227380CA1A9B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-04-09] ()
Task: {FA5CB74E-0F3C-414F-BEB4-975BBF5C279C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001Core.job => C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001UA.job => C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-09-23 21:04 - 2006-02-23 11:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2015-09-23 21:04 - 2006-02-22 10:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll
2014-10-02 18:47 - 2014-04-16 10:22 - 00029184 _____ () C:\Windows\System32\usp01l.dll
2014-09-03 13:07 - 2014-09-03 13:07 - 00216576 _____ () m:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2015-03-11 16:43 - 2015-03-11 16:43 - 00157344 _____ () C:\Program Files (x86)\EMET 5.2\HelperLib.dll
2015-03-11 16:43 - 2015-03-11 16:43 - 00018584 _____ () C:\Program Files (x86)\EMET 5.2\ReportingSubsystem.dll
2015-03-11 16:43 - 2015-03-11 16:43 - 00052384 _____ () C:\Program Files (x86)\EMET 5.2\PKIPinningSubsystem.dll
2015-03-11 16:43 - 2015-03-11 16:43 - 00035992 _____ () C:\Program Files (x86)\EMET 5.2\TrayIconSubsystem.dll
2015-03-11 16:43 - 2015-03-11 16:43 - 00036504 _____ () C:\Program Files (x86)\EMET 5.2\TelemetrySubsystem.dll
2014-03-19 13:31 - 2014-03-19 13:31 - 00348160 _____ () C:\Program Files (x86)\EMET 5.2\DevExpress.UserSkins.HighContrast.dll
2015-07-25 19:54 - 2015-02-25 08:15 - 01739952 _____ () m:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe
2012-03-09 09:58 - 2012-03-09 09:58 - 00462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 09:58 - 2012-03-09 09:58 - 00057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2015-09-01 16:41 - 2015-09-01 16:41 - 01748494 _____ () M:\Program Files (x86)\ownCloud\owncloud.exe
2015-07-25 20:06 - 2015-01-10 14:45 - 01975808 _____ () M:\Program Files\Ditto\Ditto.exe
2014-09-23 00:48 - 2012-10-09 23:32 - 00015360 _____ () C:\Program Files (x86)\VirtuaWin\modules\WinList.exe
2015-03-07 02:07 - 2015-03-07 02:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-09-01 20:27 - 2015-09-01 20:27 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-09-01 20:27 - 2015-09-01 20:27 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-10-02 18:49 - 2013-10-04 06:53 - 00734720 _____ () C:\Windows\system32\SnMinDrv.dll
2013-11-26 11:05 - 2013-11-26 11:05 - 00091136 _____ () C:\Windows\system32\SSDEVM64.DLL
2014-12-26 03:56 - 2014-11-25 20:09 - 00741888 _____ () M:\Program Files\HexChat\hexchat.exe
2014-12-26 03:56 - 2014-11-22 20:50 - 01394688 _____ () M:\Program Files\HexChat\cairo.dll
2014-12-26 03:56 - 2014-11-22 20:48 - 00076288 _____ () M:\Program Files\HexChat\zlib1.dll
2014-12-26 03:56 - 2014-11-22 20:48 - 00225280 _____ () M:\Program Files\HexChat\libpng16.dll
2014-12-26 03:56 - 2014-11-22 20:48 - 00682496 _____ () M:\Program Files\HexChat\fontconfig.dll
2014-12-26 03:56 - 2014-11-22 20:48 - 00028160 _____ () M:\Program Files\HexChat\iconv.dll
2014-12-26 03:56 - 2014-11-22 20:49 - 00613888 _____ () M:\Program Files\HexChat\pixman-1.dll
2014-12-26 03:56 - 2014-11-22 20:48 - 01502720 _____ () M:\Program Files\HexChat\libxml2.dll
2014-12-26 03:56 - 2014-11-22 20:50 - 00783360 _____ () M:\Program Files\HexChat\harfbuzz.dll
2014-12-26 03:56 - 2014-11-22 20:51 - 00056832 _____ () M:\Program Files\HexChat\lib\gtk-2.0\i686-pc-vs10\engines\libwimp.dll
2014-12-26 03:56 - 2014-11-22 20:50 - 00287744 _____ () M:\Program Files\HexChat\lib\enchant\libenchant_myspell.dll
2014-12-26 03:56 - 2014-11-25 20:09 - 00014848 _____ () M:\Program Files\HexChat\plugins\hcfishlim.dll
2014-12-26 03:56 - 2014-11-25 20:09 - 00011264 _____ () M:\Program Files\HexChat\plugins\hcupd.dll
2015-08-02 15:29 - 2015-08-02 15:29 - 14844416 _____ () M:\Program Files (x86)\qBittorrent\qbittorrent.exe
2014-11-08 05:43 - 2014-11-08 05:43 - 00142336 _____ () M:\Program Files (x86)\Spaz\Spaz.exe
2015-05-14 23:53 - 2015-05-14 23:53 - 00104960 _____ () m:\Program Files (x86)\SABnzbd\SABnzbd.exe
2015-03-16 21:35 - 2015-08-27 23:19 - 04091904 _____ () C:\Program Files\Pale Moon\mozjs.dll
2015-06-19 03:31 - 2015-06-19 03:31 - 00059392 _____ () m:\Program Files (x86)\ownCloud\shellext\OCUtil_x64.dll
2004-09-30 20:15 - 2004-09-30 20:15 - 00192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2015-07-09 19:32 - 2015-07-09 19:32 - 00043480 _____ () m:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () c:\Program Files\Unlocker\UnlockerCOM.dll
2014-09-23 00:28 - 2008-04-19 16:35 - 00080384 _____ () m:\Program Files (x86)\ClamWin\bin\ExpShell64.dll
2015-04-15 22:13 - 2015-04-15 22:13 - 00222720 _____ () m:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-09-22 21:36 - 2015-08-27 13:28 - 04089344 _____ () C:\Program Files\FossaMail\mozjs.dll
2014-09-22 21:36 - 2015-08-27 13:30 - 00219136 _____ () C:\Program Files\FossaMail\NSLDAP32V60.dll
2014-09-22 21:36 - 2015-08-27 13:30 - 00018944 _____ () C:\Program Files\FossaMail\NSLDAPPR32V60.dll
2013-09-30 12:45 - 2013-09-30 12:45 - 00172544 _____ () C:\Program Files (x86)\VirusTotalUploader2\VirusTotalUploader2.2.exe
2015-09-25 23:19 - 2015-09-25 23:19 - 00050477 _____ () B:\Downloads\Defogger.exe
2015-07-08 22:56 - 2015-05-05 09:42 - 00098304 _____ () m:\Program Files (x86)\ClamWin\bin\clamscan.exe
2014-09-03 12:53 - 2014-09-03 12:53 - 00221184 _____ () m:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2014-09-03 12:41 - 2014-09-03 12:41 - 00050176 _____ () m:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2014-09-03 12:53 - 2014-09-03 12:53 - 00069632 _____ () m:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2014-09-03 12:56 - 2014-09-03 12:56 - 00742400 _____ () m:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2014-09-03 12:48 - 2014-09-03 12:48 - 00038400 _____ () m:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2015-07-30 08:09 - 2015-07-30 08:09 - 00246304 _____ () M:\Program Files (x86)\GlassWire\GeoIP.dll
2015-09-22 20:34 - 2005-07-18 13:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2014-12-15 00:43 - 2005-02-08 18:23 - 00979005 _____ () M:\Program Files (x86)\ClamWin\bin\python23.dll
2014-12-15 00:43 - 2004-11-20 04:27 - 00069632 _____ () M:\Program Files (x86)\ClamWin\lib\win32api.pyd
2014-12-15 00:43 - 2004-10-11 21:21 - 00094208 _____ () M:\Program Files (x86)\ClamWin\lib\pywintypes23.dll
2014-12-15 00:43 - 2004-05-25 22:18 - 00057401 _____ () M:\Program Files (x86)\ClamWin\lib\_sre.pyd
2014-12-15 00:43 - 2004-11-20 04:27 - 00086016 _____ () M:\Program Files (x86)\ClamWin\lib\win32gui.pyd
2014-12-15 00:43 - 2004-11-20 04:27 - 00024576 _____ () M:\Program Files (x86)\ClamWin\lib\win32event.pyd
2014-12-15 00:43 - 2004-11-20 04:27 - 00036864 _____ () M:\Program Files (x86)\ClamWin\lib\win32process.pyd
2014-12-15 00:43 - 2004-05-25 22:18 - 00049212 _____ () M:\Program Files (x86)\ClamWin\lib\_socket.pyd
2014-12-15 00:43 - 2004-05-25 22:18 - 00495616 _____ () M:\Program Files (x86)\ClamWin\lib\_ssl.pyd
2014-12-15 00:43 - 2004-05-25 22:20 - 00036864 _____ () M:\Program Files (x86)\ClamWin\lib\_winreg.pyd
2014-12-15 00:43 - 2004-10-11 21:22 - 00315392 _____ () M:\Program Files (x86)\ClamWin\lib\pythoncom23.dll
2014-12-15 00:43 - 2004-11-20 04:27 - 00106496 _____ () M:\Program Files (x86)\ClamWin\lib\shell.pyd
2014-12-15 00:43 - 2004-11-20 04:27 - 00065536 _____ () M:\Program Files (x86)\ClamWin\lib\win32security.pyd
2014-12-15 00:43 - 2004-01-15 15:45 - 00061440 _____ () M:\Program Files (x86)\ClamWin\lib\_ctypes.pyd
2014-12-15 00:43 - 2004-11-20 04:27 - 00077824 _____ () M:\Program Files (x86)\ClamWin\lib\win32file.pyd
2014-12-15 00:43 - 2004-11-20 04:27 - 00024576 _____ () M:\Program Files (x86)\ClamWin\lib\win32pipe.pyd
2014-12-15 00:43 - 2003-10-01 14:40 - 02240512 _____ () M:\Program Files (x86)\ClamWin\lib\wxc.pyd
2014-12-15 00:43 - 2003-10-01 12:43 - 03239936 _____ () M:\Program Files (x86)\ClamWin\lib\wxmsw24h.dll
2014-12-15 00:43 - 2003-08-10 10:14 - 00061440 _____ () M:\Program Files (x86)\ClamWin\lib\mxDateTime.pyd
2014-12-15 00:43 - 2004-05-25 22:17 - 00622651 _____ () M:\Program Files (x86)\ClamWin\lib\_bsddb.pyd
2014-12-15 00:43 - 2004-05-25 22:19 - 00045117 _____ () M:\Program Files (x86)\ClamWin\lib\datetime.pyd
2015-09-01 16:41 - 2015-09-01 16:41 - 00670222 _____ () M:\Program Files (x86)\ownCloud\libocsync.dll
2015-09-01 16:41 - 2015-09-01 16:41 - 00971278 _____ () M:\Program Files (x86)\ownCloud\libowncloudsync.dll
2015-08-06 09:59 - 2015-08-06 09:59 - 00097326 _____ () M:\Program Files (x86)\ownCloud\libgcc_s_sjlj-1.dll
2015-08-06 09:59 - 2015-08-06 09:59 - 00922727 _____ () M:\Program Files (x86)\ownCloud\libstdc++-6.dll
2015-08-06 17:48 - 2015-08-06 17:48 - 00051095 _____ () M:\Program Files (x86)\ownCloud\libqt5keychain.dll
2015-08-06 09:10 - 2015-08-06 09:10 - 00085548 _____ () M:\Program Files (x86)\ownCloud\zlib1.dll
2015-08-06 09:21 - 2015-08-06 09:21 - 02197765 _____ () M:\Program Files (x86)\ownCloud\icui18n53.dll
2015-08-06 09:21 - 2015-08-06 09:21 - 01308778 _____ () M:\Program Files (x86)\ownCloud\icuuc53.dll
2015-08-06 09:11 - 2015-08-06 09:11 - 00148117 _____ () M:\Program Files (x86)\ownCloud\libpcre16-0.dll
2015-08-06 09:16 - 2015-08-06 09:16 - 01366986 _____ () M:\Program Files (x86)\ownCloud\libGLESv2.dll
2015-08-06 09:14 - 2015-08-06 09:14 - 00209711 _____ () M:\Program Files (x86)\ownCloud\libpng16-16.dll
2015-08-06 09:21 - 2015-08-06 09:21 - 21539975 _____ () M:\Program Files (x86)\ownCloud\icudata53.dll
2015-08-06 09:16 - 2015-08-06 09:16 - 00154982 _____ () M:\Program Files (x86)\ownCloud\libEGL.dll
2015-08-06 09:14 - 2015-08-06 09:14 - 00350662 _____ () M:\Program Files (x86)\ownCloud\libjpeg-8.dll
2015-08-06 09:17 - 2015-08-06 09:17 - 00689339 _____ () M:\Program Files (x86)\ownCloud\libsqlite3-0.dll
2015-08-06 11:35 - 2015-08-06 11:35 - 00247540 _____ () M:\Program Files (x86)\ownCloud\libwebp-4.dll
2015-08-06 09:26 - 2015-08-06 09:26 - 01169416 _____ () M:\Program Files (x86)\ownCloud\libxml2-2.dll
2015-08-06 11:38 - 2015-08-06 11:38 - 00231727 _____ () M:\Program Files (x86)\ownCloud\libxslt-1.dll
2015-09-25 17:12 - 2015-09-25 17:12 - 00071168 _____ () b:\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6hljue.dll
2015-07-25 19:37 - 2015-08-05 07:26 - 00012800 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-07-25 19:37 - 2015-08-05 07:26 - 00779776 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-25 19:37 - 2015-08-05 07:26 - 00056320 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-07-25 19:37 - 2015-08-05 07:26 - 00012288 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
2014-11-10 12:12 - 2014-11-10 12:12 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00036878 _____ () M:\Program Files (x86)\Pidgin\libssp-0.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00671031 _____ () M:\Program Files (x86)\Pidgin\exchndl.dll
2014-09-22 21:42 - 2014-09-22 21:42 - 00904525 _____ () M:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll
2014-09-22 21:42 - 2014-09-22 21:42 - 00100352 _____ () M:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll
2014-09-22 21:42 - 2014-09-22 21:42 - 00279059 _____ () M:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll
2014-09-22 21:42 - 2014-09-22 21:42 - 00553382 _____ () M:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll
2014-09-22 21:42 - 2014-09-22 21:42 - 00216992 _____ () M:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll
2014-11-23 19:33 - 2014-11-23 19:33 - 01274655 _____ () M:\Program Files (x86)\Pidgin\libxml2-2.dll
2014-09-22 21:42 - 2014-09-22 21:42 - 00177586 _____ () M:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00475580 _____ () M:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00021075 _____ () M:\Program Files (x86)\Pidgin\plugins\.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00020997 _____ () M:\Program Files (x86)\Pidgin\plugins\autoaccept.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00013253 _____ () M:\Program Files (x86)\Pidgin\plugins\buddynote.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00024924 _____ () M:\Program Files (x86)\Pidgin\plugins\convcolors.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00015702 _____ () M:\Program Files (x86)\Pidgin\plugins\extplacement.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00014147 _____ () M:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00018882 _____ () M:\Program Files (x86)\Pidgin\plugins\history.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00012865 _____ () M:\Program Files (x86)\Pidgin\plugins\iconaway.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00019043 _____ () M:\Program Files (x86)\Pidgin\plugins\idle.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00018555 _____ () M:\Program Files (x86)\Pidgin\plugins\joinpart.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00015074 _____ () M:\Program Files (x86)\Pidgin\plugins\libaim.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00311021 _____ () M:\Program Files (x86)\Pidgin\liboscar.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00092398 _____ () M:\Program Files (x86)\Pidgin\plugins\libbonjour.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00328186 _____ () M:\Program Files (x86)\Pidgin\plugins\libgg.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00016005 _____ () M:\Program Files (x86)\Pidgin\plugins\libicq.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00107365 _____ () M:\Program Files (x86)\Pidgin\plugins\libirc.dll
2014-11-23 19:33 - 2014-11-23 19:33 - 00190464 _____ () M:\Program Files (x86)\Pidgin\libsasl.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00374169 _____ () M:\Program Files (x86)\Pidgin\plugins\libmsn.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00150598 _____ () M:\Program Files (x86)\Pidgin\plugins\libmxit.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00106671 _____ () M:\Program Files (x86)\Pidgin\plugins\libmyspace.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00123540 _____ () M:\Program Files (x86)\Pidgin\plugins\libnovell.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00116071 _____ () M:\Program Files (x86)\Pidgin\plugins\libsametime.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00152852 _____ () M:\Program Files (x86)\Pidgin\libmeanwhile-1.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00171123 _____ () M:\Program Files (x86)\Pidgin\plugins\libsilc.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 02097721 _____ () M:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00818985 _____ () M:\Program Files (x86)\Pidgin\libsilcclient-1-1-3.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00055880 _____ () M:\Program Files (x86)\Pidgin\plugins\libsimple.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00486400 _____ () M:\Program Files (x86)\Pidgin\sqlite3.dll
2014-11-05 20:34 - 2014-11-05 20:34 - 00062090 _____ () M:\Program Files (x86)\Pidgin\plugins\libsteam-1.4.dll
2014-11-05 20:57 - 2014-11-05 20:57 - 00278906 _____ () M:\Program Files (x86)\Pidgin\libjson-glib-1.0.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00021337 _____ () M:\Program Files (x86)\Pidgin\plugins\libxmpp.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00417758 _____ () M:\Program Files (x86)\Pidgin\libjabber.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00022832 _____ () M:\Program Files (x86)\Pidgin\plugins\libyahoo.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00236666 _____ () M:\Program Files (x86)\Pidgin\libymsg.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00019793 _____ () M:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00047934 _____ () M:\Program Files (x86)\Pidgin\plugins\log_reader.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00021795 _____ () M:\Program Files (x86)\Pidgin\plugins\markerline.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00013456 _____ () M:\Program Files (x86)\Pidgin\plugins\newline.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00029225 _____ () M:\Program Files (x86)\Pidgin\plugins\notify.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00017023 _____ () M:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll
2012-09-09 15:17 - 2012-09-09 15:17 - 00472576 _____ () M:\Program Files (x86)\Pidgin\plugins\pidgin-otr.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00029256 _____ () M:\Program Files (x86)\Pidgin\plugins\pidginrc.dll
2011-01-12 22:11 - 2011-01-12 22:11 - 00084816 _____ () M:\Program Files (x86)\Pidgin\plugins\pidgin_gpg.dll
2014-09-03 13:29 - 2014-09-03 13:29 - 00249344 _____ () m:\Program Files (x86)\GNU\GnuPG\libgpgme-11.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00015380 _____ () M:\Program Files (x86)\Pidgin\plugins\psychic.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00015429 _____ () M:\Program Files (x86)\Pidgin\plugins\relnot.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00015045 _____ () M:\Program Files (x86)\Pidgin\plugins\sendbutton.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00069625 _____ () M:\Program Files (x86)\Pidgin\plugins\spellchk.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00031993 _____ () M:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00012004 _____ () M:\Program Files (x86)\Pidgin\plugins\ssl.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00015978 _____ () M:\Program Files (x86)\Pidgin\plugins\statenotify.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00030353 _____ () M:\Program Files (x86)\Pidgin\plugins\themeedit.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00032020 _____ () M:\Program Files (x86)\Pidgin\plugins\ticker.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00018399 _____ () M:\Program Files (x86)\Pidgin\plugins\timestamp.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00023851 _____ () M:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00029791 _____ () M:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00030771 _____ () M:\Program Files (x86)\Pidgin\plugins\winprefs.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00037191 _____ () M:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00044494 _____ () M:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll
2014-11-23 19:33 - 2014-11-23 19:33 - 00102400 _____ () M:\Program Files (x86)\Pidgin\sasl2\saslANONYMOUS.dll
2014-11-23 19:33 - 2014-11-23 19:33 - 00115712 _____ () M:\Program Files (x86)\Pidgin\sasl2\saslCRAMMD5.dll
2014-11-23 19:33 - 2014-11-23 19:33 - 00140288 _____ () M:\Program Files (x86)\Pidgin\sasl2\saslDIGESTMD5.dll
2014-11-23 19:33 - 2014-11-23 19:33 - 00102912 _____ () M:\Program Files (x86)\Pidgin\sasl2\saslLOGIN.dll
2014-11-23 19:33 - 2014-11-23 19:33 - 00102912 _____ () M:\Program Files (x86)\Pidgin\sasl2\saslPLAIN.dll
2014-09-22 21:42 - 2014-09-22 21:42 - 00090496 _____ () M:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
2015-09-25 19:59 - 2015-09-25 19:59 - 04887224 _____ () C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit.dll
2015-05-14 23:53 - 2015-05-14 23:53 - 00053248 _____ () m:\Program Files (x86)\SABnzbd\lib\_socket.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00671744 _____ () m:\Program Files (x86)\SABnzbd\lib\_ssl.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00294912 _____ () m:\Program Files (x86)\SABnzbd\lib\_hashlib.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00102400 _____ () m:\Program Files (x86)\SABnzbd\lib\win32api.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00118784 _____ () m:\Program Files (x86)\SABnzbd\lib\pywintypes25.dll
2015-05-14 23:53 - 2015-05-14 23:53 - 00013824 _____ () m:\Program Files (x86)\SABnzbd\lib\win32event.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00036864 _____ () m:\Program Files (x86)\SABnzbd\lib\win32service.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00057344 _____ () m:\Program Files (x86)\SABnzbd\lib\OpenSSL.crypto.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00007168 _____ () m:\Program Files (x86)\SABnzbd\lib\OpenSSL.rand.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00037888 _____ () m:\Program Files (x86)\SABnzbd\lib\OpenSSL.SSL.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00086016 _____ () m:\Program Files (x86)\SABnzbd\lib\_ctypes.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00049152 _____ () m:\Program Files (x86)\SABnzbd\lib\_sqlite3.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00546205 _____ () m:\Program Files (x86)\SABnzbd\lib\sqlite3.dll
2015-05-14 23:53 - 2015-05-14 23:53 - 00008192 _____ () m:\Program Files (x86)\SABnzbd\lib\select.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00009728 _____ () m:\Program Files (x86)\SABnzbd\lib\_yenc.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00012288 _____ () m:\Program Files (x86)\SABnzbd\lib\Cheetah._namemapper.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00135168 _____ () m:\Program Files (x86)\SABnzbd\lib\pyexpat.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00040960 _____ () m:\Program Files (x86)\SABnzbd\lib\win32process.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00110592 _____ () m:\Program Files (x86)\SABnzbd\lib\win32file.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00014848 _____ () m:\Program Files (x86)\SABnzbd\lib\win32evtlog.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00024576 _____ () m:\Program Files (x86)\SABnzbd\lib\servicemanager.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00019968 _____ () m:\Program Files (x86)\SABnzbd\lib\win32pipe.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00155648 _____ () m:\Program Files (x86)\SABnzbd\lib\win32gui.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00176128 _____ () m:\Program Files (x86)\SABnzbd\lib\winxpgui.pyd
2015-09-25 22:29 - 2015-09-21 22:01 - 00778240 _____ () m:\games\Steam\SDL2.dll
2015-07-05 13:05 - 2015-07-03 18:12 - 04962816 _____ () m:\games\Steam\v8.dll
2015-09-25 22:29 - 2015-09-25 01:36 - 02422464 _____ () m:\games\Steam\video.dll
2015-07-05 13:05 - 2015-07-03 18:12 - 01556992 _____ () m:\games\Steam\icui18n.dll
2015-07-05 13:05 - 2015-07-03 18:12 - 01187840 _____ () m:\games\Steam\icuuc.dll
2015-09-25 22:29 - 2015-09-24 02:33 - 02549248 _____ () m:\games\Steam\libavcodec-56.dll
2015-09-25 22:29 - 2015-09-24 02:33 - 00491008 _____ () m:\games\Steam\libavformat-56.dll
2015-09-25 22:29 - 2015-09-24 02:33 - 00332800 _____ () m:\games\Steam\libavresample-2.dll
2015-09-25 22:29 - 2015-09-24 02:33 - 00442880 _____ () m:\games\Steam\libavutil-54.dll
2015-09-25 22:29 - 2015-09-24 02:33 - 00485888 _____ () m:\games\Steam\libswscale-3.dll
2015-09-25 22:29 - 2015-09-25 01:36 - 00704192 _____ () M:\Games\Steam\bin\chromehtml.DLL
2015-09-25 22:29 - 2015-09-14 22:20 - 00193536 _____ () m:\games\Steam\bin\openvr_api.dll
2015-09-25 22:29 - 2015-09-24 02:33 - 44931464 _____ () M:\Games\Steam\bin\libcef.dll
2015-09-25 22:29 - 2015-09-25 01:56 - 00119208 _____ () m:\games\Steam\winh264.dll
2015-07-09 19:32 - 2015-07-09 19:32 - 00039384 _____ () m:\Program Files\FileZilla FTP Client\fzshellext.dll
2004-09-30 19:09 - 2004-09-30 19:09 - 00155648 _____ () C:\Program Files\LinkShellExtension\32\RockallDLL.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk"
HKLM\...\StartupApproved\StartupFolder: => "BtProx.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Duplicati.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "OODefragTray"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "Command Center"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKLM\...\StartupApproved\Run32: => "CitrixReceiver"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\StartupApproved\StartupFolder: => "Citrix Receiver.lnk"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\StartupApproved\Run: => "LoxCONTROL"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{93A9D61A-C2CC-45FF-9736-23793DA77273}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{EA127691-ADB9-4F0B-B0FD-AB5EB632C67B}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{8F4D2F0C-BD4C-4B4D-90B3-77B222762829}] => (Allow) M:\Games\Steam\Steam.exe
FirewallRules: [{4E343A9F-EC5D-4F7A-8CF1-A750E276C07E}] => (Allow) M:\Games\Steam\Steam.exe
FirewallRules: [{03902AB5-B25F-45BB-8C16-90E425BC2AC2}] => (Allow) M:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{CC3563A8-7E9C-4CAF-8936-7B50032964E1}] => (Allow) M:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{D93BFC92-376E-42BD-A029-95D881FE2B20}] => (Block) M:\Games\Among The Sleep\Among the Sleep.exe
FirewallRules: [TCP Query User{CAE86FAE-9634-437F-958D-172A40D9404E}M:\program files\hexchat\hexchat.exe] => (Allow) M:\program files\hexchat\hexchat.exe
FirewallRules: [UDP Query User{FE4563EA-3D80-47A8-9586-E5C4EC0C6091}M:\program files\hexchat\hexchat.exe] => (Allow) M:\program files\hexchat\hexchat.exe
FirewallRules: [TCP Query User{0CB8D9BD-342F-4B68-BD34-EB0E126ABF8A}M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe] => (Allow) M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe
FirewallRules: [UDP Query User{6F261233-0EAF-4602-921B-0E348756F6B6}M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe] => (Allow) M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe
FirewallRules: [{719F55C5-3B05-428D-96A8-5B992A9FA14D}] => (Block) M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe
FirewallRules: [{5F409192-87EA-4082-9F85-245A307D55F7}] => (Block) M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe
FirewallRules: [{D5ACBDDB-67C1-49A2-8DD2-A912B57697E6}] => (Allow) M:\Games\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{B93FC633-5D81-4906-B52D-992178B5A689}] => (Allow) M:\Games\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{5750AFC2-4E6C-44ED-8940-A0FB8632D288}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Next Car Game.exe
FirewallRules: [{A966AA43-3589-4B86-9F65-D76F57E936D3}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Next Car Game.exe
FirewallRules: [{E8CB60F1-2C74-461C-BC20-8C3CF692EAEB}] => (Allow) M:\Games\Steam\SteamApps\common\Next Car Game Sneak Peek 2.0\Next Car Game Technology Sneak Peek.exe
FirewallRules: [{5CE349E4-8246-4224-8DBB-20676A117AA4}] => (Allow) M:\Games\Steam\SteamApps\common\Next Car Game Sneak Peek 2.0\Next Car Game Technology Sneak Peek.exe
FirewallRules: [{0E5E3A5F-1470-43D5-8183-A413609E76F6}] => (Allow) M:\Games\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [{B05D355A-5BDF-4A17-9416-D4F8509096BF}] => (Allow) M:\Games\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [{1DC7625F-FFD6-4C6A-81C4-10DF996F4983}] => (Allow) M:\Games\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
FirewallRules: [{FDCB3062-A859-4F1F-B8C2-D1C7B61DD02E}] => (Allow) M:\Games\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
FirewallRules: [{24B729FF-C01B-4FFA-B936-F6B312CA1E54}] => (Allow) M:\Games\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [{B9E06E7D-CBBE-4B5A-AF0C-64C519220453}] => (Allow) M:\Games\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [TCP Query User{AE566132-E296-40EC-B222-BA8946B8B0BA}C:\users\mongole\downloads\elemental\elemental\windowsnoeditor\elemental\binaries\win64\elemental.exe] => (Block) C:\users\mongole\downloads\elemental\elemental\windowsnoeditor\elemental\binaries\win64\elemental.exe
FirewallRules: [UDP Query User{57B759ED-0472-4B12-905F-FD888F0BC24F}C:\users\mongole\downloads\elemental\elemental\windowsnoeditor\elemental\binaries\win64\elemental.exe] => (Block) C:\users\mongole\downloads\elemental\elemental\windowsnoeditor\elemental\binaries\win64\elemental.exe
FirewallRules: [{D9FD30EB-C8EE-4679-8631-82DA268DCDD1}] => (Block) M:\Games\WATCH_DOGS\bin\watch_dogs.exe
FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-UDP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe
FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-TCP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe
FirewallRules: [TCP Query User{E04BA44D-E370-4EAA-9F3E-E484073EC533}M:\program files (x86)\ftprush\ftprush.exe] => (Allow) M:\program files (x86)\ftprush\ftprush.exe
FirewallRules: [UDP Query User{B3FA4B4F-5058-4652-9ECF-7A45B1ED2283}M:\program files (x86)\ftprush\ftprush.exe] => (Allow) M:\program files (x86)\ftprush\ftprush.exe
FirewallRules: [{187BB2E4-41B5-4F8C-BA26-B6F5187611FB}] => (Block) M:\Games\Trials Fusion\datapack\trials_fusion.exe
FirewallRules: [{DF7EBA93-CD1B-41F7-9817-2711459CC6BE}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{CC547B3F-96A2-4889-8F80-E2B1E7761801}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher64.exe
FirewallRules: [{1572EA49-ADE2-4C38-B281-79ADA014E6BA}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe
FirewallRules: [{DD90AC4E-1894-4727-9669-3A2599B31227}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\UplayCrashReporter.exe
FirewallRules: [{C58F9CFE-6A73-4F16-BF2C-42100D2E24A9}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\UplayService.exe
FirewallRules: [{CE0A13B8-58DC-4E41-A17F-60BEC59C6D5C}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
FirewallRules: [{6467AF19-0EE0-449E-8267-AE1CD9FE6C86}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{5E71C38C-12C2-4525-8368-140E9B0651AD}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{0553671B-D681-465E-8217-729E0B9F5C08}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{7355E8BA-3A49-4D2A-A914-EDDCD09092C0}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{FE8477E1-BFB5-453B-863E-18C87C49DCBD}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{92253110-3C21-46F0-8956-04F4818BB5D4}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{9AEE164A-094B-4D25-8C64-9B7312BF8F71}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{91376A69-DDA3-4AFD-B0D3-9FC1FB13118A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{F3706D39-519D-4DC5-A6F0-03ED0353321D}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{6A291437-DBEF-41BF-82FA-20FE0F40FFD5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{596DE404-29BE-48C7-8E0C-6F13A916F82E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{DDB25983-DA26-4F5D-B66A-E761589812EF}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{8B657919-489F-4601-A7FA-A2C6882D5FBB}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{2E8EAB9A-4AE2-4749-98B3-F4738A3DCF8A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{5F93B048-8BE3-42D9-8C18-95860B649000}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{3AC94CCE-9D93-4B37-AF99-D3B91E6C41E8}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{03888570-F02F-4B35-9B7A-7F824E874BC6}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{29F927E9-7C77-418E-AE49-6C49E7AB9938}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{F6A58D82-03B3-42D4-8572-307AB1778ADF}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
FirewallRules: [{D6BE42DA-F290-428D-8B53-B4D9A123D3A6}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{0DA83BAE-4CA8-48BB-994E-C5734FCD17BA}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{22500A13-0509-46B6-A1EA-DD384F13EFFC}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{A4C092C3-FD50-4497-9B03-2B986FD0610A}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{89B65D33-CB91-48E4-BB0F-7196148D003A}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{225FCD44-2F72-459E-A061-61C61B6BFB96}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{031901DB-691B-4225-AAEB-3B3012E0944B}] => (Block) M:\Games\Dead Rising 3\deadrising3.exe
FirewallRules: [{2FAA661B-FFE6-4E30-A795-45F4AFB1B5A3}] => (Allow) M:\Program Files\ShrewSoft\VPN Client\ipseca.exe
FirewallRules: [{A44800DD-9F6E-423E-A920-F28BF6394155}] => (Allow) M:\Program Files\ShrewSoft\VPN Client\ipseca.exe
FirewallRules: [{41A10A08-83DA-4902-AF3C-DFC140F9C2C1}] => (Allow) M:\Program Files\ShrewSoft\VPN Client\ipseca.exe
FirewallRules: [{548FF84B-1FD0-4B4B-B59F-6C4480ADA871}] => (Allow) M:\Program Files\ShrewSoft\VPN Client\ipseca.exe
FirewallRules: [TCP Query User{0B0F6C9B-A509-4A31-BDD0-DA090D38544A}M:\program files\bitcoin\bitcoin-qt.exe] => (Allow) M:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{D0F9293A-D5F9-4176-942A-14B0EE6FEFE2}M:\program files\bitcoin\bitcoin-qt.exe] => (Allow) M:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [TCP Query User{BA7F7F90-0A5D-4836-886C-7945BF025249}M:\program files (x86)\peerunity\peerunity.exe] => (Allow) M:\program files (x86)\peerunity\peerunity.exe
FirewallRules: [UDP Query User{593D609D-BB99-4C92-ACFA-2242B473087F}M:\program files (x86)\peerunity\peerunity.exe] => (Allow) M:\program files (x86)\peerunity\peerunity.exe
FirewallRules: [TCP Query User{353B3934-877C-444F-BB0F-05353D29F238}M:\games\rayman legends\rayman legends.exe] => (Block) M:\games\rayman legends\rayman legends.exe
FirewallRules: [UDP Query User{9E489310-FB55-422F-B256-C07A6B3464B9}M:\games\rayman legends\rayman legends.exe] => (Block) M:\games\rayman legends\rayman legends.exe
FirewallRules: [{7C448746-1ABA-4171-92D1-B3C1AEE15EBB}] => (Allow) M:\Games\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{52BA6252-B166-4F45-A26E-C3B5AABBDBEE}] => (Allow) M:\Games\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{3DCF4608-5EAA-49A7-A339-352A5D3088B8}] => (Allow) M:\Games\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{CDFD4323-40AF-4BAB-88A1-98CD9DACA9E6}] => (Allow) M:\Games\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{741DCFA0-D75A-4400-9429-AB0E47BA78AB}] => (Allow) M:\Games\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{C033527A-5BEA-412A-91A3-A7B812159165}] => (Allow) M:\Games\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{6D6FD5E4-BEEB-4E3C-8ED6-EC25A7FA8D90}] => (Allow) M:\Games\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{424FC9EB-D860-43BC-9F4C-CA7DF1D47A1F}] => (Allow) M:\Games\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [TCP Query User{A007A484-31C1-423A-9741-EF0F102E0A04}M:\program files (x86)\dbox_ifa\dbox_ifa.exe] => (Allow) M:\program files (x86)\dbox_ifa\dbox_ifa.exe
FirewallRules: [UDP Query User{F8D760CE-F07C-4D75-A223-7D3030BA4191}M:\program files (x86)\dbox_ifa\dbox_ifa.exe] => (Allow) M:\program files (x86)\dbox_ifa\dbox_ifa.exe
FirewallRules: [TCP Query User{B3D764C2-6B42-4AE0-BB14-E57855C49C81}M:\program files\ditto\ditto.exe] => (Block) M:\program files\ditto\ditto.exe
FirewallRules: [UDP Query User{2208B81E-9862-45CE-BF00-E06B06FE42FC}M:\program files\ditto\ditto.exe] => (Block) M:\program files\ditto\ditto.exe
FirewallRules: [TCP Query User{B118B254-1E4A-45DB-8896-42FE882592CE}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [UDP Query User{3E3D3325-65CD-4204-9FB0-7A6BC89025CD}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [{37A7B427-CA8B-436B-948B-201604E87AD3}] => (Allow) M:\Games\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{F0EB2202-4591-410F-BEF5-EACB99F653BB}] => (Allow) M:\Games\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{77B53A83-3F0C-4BE1-9B34-3942C55AEFF3}] => (Allow) M:\Games\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{567CA49D-EF01-4354-A9C0-A94A8C3DEB04}] => (Allow) M:\Games\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{22489C17-4A10-47E6-9DDB-40A465130AB7}] => (Allow) M:\Games\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{6F3316D0-397D-4AF4-94B5-146DCED31F04}] => (Allow) M:\Games\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{6E18E2EC-EB19-434D-A845-71DF8B3A0254}] => (Allow) M:\Games\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{635EC92B-D555-4026-B744-280CFA96E10B}] => (Allow) M:\Games\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{BE9DB318-4890-4372-856E-41EC1D7EECD2}] => (Allow) M:\Games\Blur(TM)\Blur.exe
FirewallRules: [{EA2E5CD4-23B2-4AF6-B156-3A573CAAED7D}] => (Allow) M:\Games\Blur(TM)\Blur.exe
FirewallRules: [{C5E3C8F5-A371-4923-9449-8092826FED5A}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Wreckfest.exe
FirewallRules: [{49E3C0FF-AD6A-4AEC-93B4-2B7E1BC9C30C}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Wreckfest.exe
FirewallRules: [{2D8BE52D-6E74-41E7-8588-8C529C454005}] => (Allow) M:\Games\Steam\SteamApps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{1DB302D7-6BF1-4DA4-BB7A-C8CF7C4BCAA2}] => (Allow) M:\Games\Steam\SteamApps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{EF65FD05-429F-486A-BE80-CAA534F858BB}] => (Block) M:\Games\The Vanishing of Ethan Carter\Binaries\Launcher.exe
FirewallRules: [{70DC3DBF-8E54-4852-AF6B-CA74585DDA34}] => (Block) M:\Games\The Vanishing of Ethan Carter\Binaries\Win32\AstronautsGame-Win32-Shipping.exe
FirewallRules: [{3CFBC750-DEBE-4991-B4F7-98EC7E5E110A}] => (Block) M:\Games\The Vanishing of Ethan Carter\Binaries\Win64\AstronautsGame-Win64-Shipping.exe
FirewallRules: [TCP Query User{DA619417-710D-4B45-AD6E-517A45D28327}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{9462B7D4-F5FB-489A-8C57-2D9CB066A4D0}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{B34AA0A5-85B1-418F-A075-CD9E6F6D16BD}M:\program files\i2pd\i2pd.exe] => (Allow) M:\program files\i2pd\i2pd.exe
FirewallRules: [UDP Query User{605315F6-8373-4389-BF68-C5A8EEF0AEAD}M:\program files\i2pd\i2pd.exe] => (Allow) M:\program files\i2pd\i2pd.exe
FirewallRules: [{AB1A890A-2AC5-4123-B154-4EF5B2AEB26B}] => (Block) M:\Games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{2E47CA85-99A9-4F88-B23A-8E12B8997BFF}] => (Block) M:\Games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{3089E656-5C03-4363-83C3-E7FA683A8F51}] => (Block) M:\Games\Assassin's Creed Unity\ACU.exe
FirewallRules: [{BDBF07E9-5DB8-4F48-BB53-58A9F7A6DFEA}] => (Block) M:\Games\Call of Duty - Advanced Warfare\s1_sp64_ship.exe
FirewallRules: [TCP Query User{248ED716-F16E-44DB-9AD4-B058324DE469}M:\program files (x86)\foobar2000\foobar2000.exe] => (Allow) M:\program files (x86)\foobar2000\foobar2000.exe
FirewallRules: [UDP Query User{481E01E6-2DCF-4B07-B4F0-CFE2A9B94A35}M:\program files (x86)\foobar2000\foobar2000.exe] => (Allow) M:\program files (x86)\foobar2000\foobar2000.exe
FirewallRules: [{994A1CE8-2287-416F-B04B-1AE713189E34}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4F951DC3-AE7F-4752-9A28-D7FE188CFE72}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A2657D70-93EE-4889-ADED-399F97137134}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AFC3D7CC-6E4A-43DA-9CD5-F84CF71A4AEF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{14BB8CD7-7D9B-4692-96EF-3424D851621F}] => (Allow) M:\Games\Steam\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{8697AC22-942A-473D-91DC-2927AF54E181}] => (Allow) M:\Games\Steam\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{49A9219E-D6A1-4331-959A-F8225D224646}] => (Block) M:\Games\Emergency 5\bin\x64r\emergency5.exe
FirewallRules: [{24D0EDF5-3D35-4BC6-A11C-0EA80F5B15C5}] => (Block) M:\Games\Emergency 5\bin\em5_launcher.exe
FirewallRules: [{3A5CE854-47D2-478F-A416-2A0D75D807A8}] => (Block) M:\Games\Pro Evolution Soccer 2015\PES2015.exe
FirewallRules: [{364E73A1-3F3A-48D2-BFC3-9EAA3BA8FCB7}] => (Allow) M:\Games\Steam\SteamApps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [{7D9BDA86-4F5F-4A0D-BC52-43FB70631D9C}] => (Allow) M:\Games\Steam\SteamApps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [{434C59DE-4EF6-421C-A076-377BA4555A78}] => (Allow) M:\Games\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{BD9A86DE-A41C-4D3C-8938-625D38B4AA2B}] => (Allow) M:\Games\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{5BC67C73-3F89-4144-88DE-851A05C5A7F5}] => (Allow) M:\Games\Steam\SteamApps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{E22BDA91-8BE1-4B58-ABE2-312B69F5F92E}] => (Allow) M:\Games\Steam\SteamApps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{91417446-187E-4267-B32C-C059EF295953}] => (Allow) M:\Games\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{6C4A73F7-42B8-4145-9570-5CD92BE6B74E}] => (Allow) M:\Games\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0F0C0F0D-5AB2-469B-8068-5E8BC056651D}] => (Block) M:\Games\Metal Gear Solid V Ground Zeroes\MgsGroundZeroes.exe
FirewallRules: [{AC9B1FCB-C8C2-4E45-B77E-E3B2D57AC311}] => (Allow) M:\Games\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanet.exe
FirewallRules: [{7AC59EA4-65D8-43BE-ACBA-2E57801BD21D}] => (Allow) M:\Games\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanet.exe
FirewallRules: [{BFBC1A6D-9314-4E9E-9673-FF0FB1F1384A}] => (Allow) M:\Games\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{9C5C78ED-A765-454B-9FAB-3F93D91B9B86}] => (Allow) M:\Games\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{5D9C1722-FBDD-4C74-87C0-A94AB690A075}] => (Allow) M:\Games\Steam\SteamApps\common\FlatOut Ultimate Carnage\launcher.exe
FirewallRules: [{F44B4D68-2890-4DB1-BBE8-018CD747B1BE}] => (Allow) M:\Games\Steam\SteamApps\common\FlatOut Ultimate Carnage\launcher.exe
FirewallRules: [TCP Query User{BFB0493B-F9B2-4DEC-BAE3-C685C9019F0F}C:\program files (x86)\qtdsync\bin\rsync.exe] => (Allow) C:\program files (x86)\qtdsync\bin\rsync.exe
FirewallRules: [UDP Query User{BFA826F7-C0C0-4238-997C-2FB753CE6FB2}C:\program files (x86)\qtdsync\bin\rsync.exe] => (Allow) C:\program files (x86)\qtdsync\bin\rsync.exe
FirewallRules: [{35D61A5D-9977-4F07-9CC3-30B4FA52B1D0}] => (Block) C:\program files (x86)\qtdsync\bin\rsync.exe
FirewallRules: [{A9E99EF8-F7EA-42C4-8425-4180640D9C7B}] => (Block) C:\program files (x86)\qtdsync\bin\rsync.exe
FirewallRules: [{B579E7C8-7067-4018-94B5-53DFFC0F86AC}] => (Allow) m:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{714671A4-D83E-4843-8200-5EF35EEB6071}] => (Allow) m:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{8C9DED58-3E6C-4F1E-89E2-2B6CC8869C08}] => (Allow) M:\Games\Steam\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{70C6E6DF-16D1-4397-A00A-FD7FC9D5837B}] => (Allow) M:\Games\Steam\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [TCP Query User{B1294E6B-9A5F-4016-8B09-AB4DB9317ED8}M:\retroshare\retroshare.exe] => (Allow) M:\retroshare\retroshare.exe
FirewallRules: [UDP Query User{62B71617-8077-4ACC-BAE7-84C9B01C11DB}M:\retroshare\retroshare.exe] => (Allow) M:\retroshare\retroshare.exe
FirewallRules: [{4B7EECCA-3EA2-406D-A351-ACECAA053534}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{344ABB5D-B36B-4A47-AAF5-7ADD539C9819}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{A1230E38-BC6B-4423-884E-7C04AC6EAC4D}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{6137CAEF-525D-477E-B6F0-AE8653E9B9E6}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{552F8607-4925-48F5-BE29-AA29716535CD}] => (Allow) M:\Games\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{F0AF273C-F0D8-49B6-B5D0-140BAB3C20C8}] => (Allow) M:\Games\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [TCP Query User{129DA68C-10D5-4A54-AF78-FE14626F89FA}M:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) M:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{C96FEB0A-D1EC-4E8A-9D67-A9B88FFBCCE4}M:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) M:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{90635068-74C0-4A5E-89D7-A1002938EC7F}] => (Allow) M:\Games\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{DBFC02B6-D19F-4687-9775-9FC9C684EFFC}] => (Allow) M:\Games\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{86E9F973-34FA-45FC-B29F-10D355AC9A51}C:\users\mongole\appdata\roaming\tonido\tonido.exe] => (Allow) C:\users\mongole\appdata\roaming\tonido\tonido.exe
FirewallRules: [UDP Query User{5071F1DA-BC94-4605-8817-969D0BFD4F8C}C:\users\mongole\appdata\roaming\tonido\tonido.exe] => (Allow) C:\users\mongole\appdata\roaming\tonido\tonido.exe
FirewallRules: [{BBD735BF-2935-41CE-803D-F951C13DF71B}] => (Allow) M:\Program Files\Vuze\Azureus.exe
FirewallRules: [{182E01A8-6389-4022-90B0-F77DAD0D3A2D}] => (Allow) M:\Program Files\Vuze\Azureus.exe
FirewallRules: [{96093A0B-AE70-4943-BBA1-A1C943E10B1D}] => (Block) M:\Games\Saints Row Gat out of Hell\SaintsRowGatOutOfHell.exe
FirewallRules: [{C697EC6B-941F-4972-80A4-20BF80ADE92D}] => (Allow) M:\Program Files\Synergy\synergys.exe
FirewallRules: [{ED48CF50-3137-4FA0-AAA6-5129EBDE836B}] => (Block) F:\Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{AEB39B74-EA27-4022-9E46-5AF81D6A6A40}] => (Block) F:\Games\Dragon Age Inquisition\Launcher.exe
FirewallRules: [{5E27A642-B227-4D97-BF24-FB6531F7428A}] => (Block) F:\Games\Trials Fusion - Fire in the Deep\datapack\trials_fusion.exe
FirewallRules: [{06AECA0B-4B68-4A6C-BD7D-793672D2CFDB}] => (Block) F:\Games\3DMGAME-OMSI.2.Cracked-3DM\OMSI 2\Omsi.exe
FirewallRules: [{1F3E9DB3-03E8-4A19-9C64-9B1CC5CFCA35}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [{D39DA46A-34CE-4CDC-91E3-B23FCBB3CCF7}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [TCP Query User{9D01AC1A-8587-4434-9378-0AE4F03A5597}M:\program files (x86)\pidgin\pidgin.exe] => (Allow) M:\program files (x86)\pidgin\pidgin.exe
FirewallRules: [UDP Query User{5B6510ED-491C-4992-890F-2AFEF91BA430}M:\program files (x86)\pidgin\pidgin.exe] => (Allow) M:\program files (x86)\pidgin\pidgin.exe
FirewallRules: [TCP Query User{79003072-7204-4FD4-A113-F26A93E6666F}C:\program files (x86)\namecoin\namecoin-qt.exe] => (Allow) C:\program files (x86)\namecoin\namecoin-qt.exe
FirewallRules: [UDP Query User{79209835-BB21-48E2-88D3-2B4BBC0F3C7D}C:\program files (x86)\namecoin\namecoin-qt.exe] => (Allow) C:\program files (x86)\namecoin\namecoin-qt.exe
FirewallRules: [TCP Query User{4808077D-D942-4D3B-B786-201B96987BC5}C:\program files\psi\psi.exe] => (Allow) C:\program files\psi\psi.exe
FirewallRules: [UDP Query User{72C89448-729D-4574-8CDD-2D154030E0D6}C:\program files\psi\psi.exe] => (Allow) C:\program files\psi\psi.exe
FirewallRules: [{A8D44089-9785-43A4-9DC7-D27C5A79DC31}] => (Block) F:\Gamez\BroForce.v2014.10.07.Build.2598.Steam.Workshop.Update-TPTB\TPTB-BROF\TPTB-BROF\Broforce October Update\BROFORCE_Beta.exe
FirewallRules: [{736CB91D-01D2-46D3-B0A2-D3BE74141EE2}] => (Block) F:\Games\Dying Light\DyingLightGame.exe
FirewallRules: [{CD88DD7D-65A1-49CD-A9A4-885A38FDEA8A}] => (Block) F:\Games\Rockstar Games\Grand Theft Auto IV\GTAIV.exe
FirewallRules: [{AC11F986-70E8-4B52-AA75-40BE1BBF4EB7}] => (Block) F:\Games\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [TCP Query User{6F45770F-CC60-4B45-B987-6FFF5BCAC5C2}C:\users\mongole\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\mongole\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{C53BE3F0-1538-42CF-920E-70BC0FE9F2F0}C:\users\mongole\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\mongole\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{0E43AE6C-F566-441F-96DD-B2EC395A4B74}] => (Allow) B:\TEMP\_ISTMP1.DIR\_ISTMP0.DIR\igd_finder.exe
FirewallRules: [{BEF016FB-4A83-428F-AE38-F4CC47A8E977}] => (Allow) B:\TEMP\_ISTMP1.DIR\_ISTMP0.DIR\igd_finder.exe
FirewallRules: [{3ACC59E7-64E4-48BD-95DB-CEC3493EAD56}] => (Allow) LPort=5031
FirewallRules: [{985DEDCD-8156-49C2-A98C-0F5D568955C3}] => (Allow) B:\TEMP\_ISTMP1.DIR\_INS5576._MP
FirewallRules: [{3C8DF17D-7E92-4FE4-A012-90F339DBA74A}] => (Allow) B:\TEMP\_ISTMP1.DIR\_INS5576._MP
FirewallRules: [{9E35948F-1B11-4193-99FF-008033B75385}] => (Block) F:\Games\Battle vs. Chess\battlevschess.exe
FirewallRules: [{B35AEF73-DAB2-40F1-A36A-74686E90E011}] => (Block) F:\Games\Battle vs. Chess\Activation.exe
FirewallRules: [TCP Query User{2FDE19C3-BD20-4A2C-ADD7-176EB09056F0}M:\games\blur(tm)\blur.exe] => (Block) M:\games\blur(tm)\blur.exe
FirewallRules: [UDP Query User{558AA483-C8E2-4E0A-A7C7-B4188F6801BE}M:\games\blur(tm)\blur.exe] => (Block) M:\games\blur(tm)\blur.exe
FirewallRules: [TCP Query User{B37A88D8-AE18-4F67-A0D5-C8370A3CDEB1}M:\games\rayman legends\rayman legends.exe] => (Block) M:\games\rayman legends\rayman legends.exe
FirewallRules: [UDP Query User{696A7DD7-A729-4D59-A679-13A94CEEF629}M:\games\rayman legends\rayman legends.exe] => (Block) M:\games\rayman legends\rayman legends.exe
FirewallRules: [TCP Query User{05D25445-45D5-47B0-BDFC-D38C1618EDCE}C:\program files\pale moon\plugin-container.exe] => (Allow) C:\program files\pale moon\plugin-container.exe
FirewallRules: [UDP Query User{D6A37DB2-C5DD-41AA-A8F4-3624A8892794}C:\program files\pale moon\plugin-container.exe] => (Allow) C:\program files\pale moon\plugin-container.exe
FirewallRules: [{5D731F2D-E351-4A43-A2E5-E19D15A83FD8}] => (Block) F:\Gamez\The.Talos.Principle.Build.220996.Incl.DLC-TPTB\TPTB-TLOS\Steam\SteamApps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{D60796AB-0E37-4B2C-BCD2-3A0135FCC88B}] => (Block) F:\Games\Fahrenheit Indigo Prophecy Remastered\Fahrenheit.exe
FirewallRules: [{D1065750-03A4-4CE8-B5CD-6AD7E9CE0A2E}] => (Block) F:\Games\Oddworld - New 'n' Tasty\NNT.exe
FirewallRules: [TCP Query User{A7A7E28E-8338-4353-AC74-0E7D2A7EA058}M:\program files\ditto\ditto.exe] => (Block) M:\program files\ditto\ditto.exe
FirewallRules: [UDP Query User{6C3779EB-AFD3-414E-ACB7-B3BEEBEC2CEB}M:\program files\ditto\ditto.exe] => (Block) M:\program files\ditto\ditto.exe
FirewallRules: [{B4577D29-771C-48CD-A1E7-65339FE68945}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{4DB29EAC-77E7-41EC-99EB-570E5597E310}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [TCP Query User{A965A841-AE03-42FC-9F36-9BE27DA91E59}C:\program files\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\java.exe
FirewallRules: [UDP Query User{573A76E3-7DF7-4FAD-AEF0-67FDE6452099}C:\program files\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\java.exe
FirewallRules: [{34C111C1-EBAA-4987-AFD8-83EE4B0D0FD4}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [{DB2F5B50-E8F4-451C-B246-84561FAD53DA}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [TCP Query User{C70BBCDA-5126-4E1B-82C1-0A34064B2DEF}F:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) F:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{65D6FCA4-7447-4B0C-A805-F48B13CE81D4}F:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) F:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [{39BD05E6-034C-414E-8492-9A78F82FADD4}] => (Allow) M:\Games\Steam\SteamApps\common\SS2\Shock2.exe
FirewallRules: [{7E24D3D2-C045-43AA-8468-940A1423E5A1}] => (Allow) M:\Games\Steam\SteamApps\common\SS2\Shock2.exe
FirewallRules: [{A91A2A3D-69FE-478D-95DF-8E13C0A6F3BD}] => (Block) F:\Games\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{B08B78C4-702C-402E-9342-9F7FF8D98A97}] => (Block) F:\Games\Trials Fusion - After the Incident\datapack\trials_fusion.exe
FirewallRules: [{C76E1CA4-3F96-400F-A90A-87B12EF0417A}] => (Block) F:\Games\DEAD OR ALIVE 5 Last Round\game.exe
FirewallRules: [{2083F763-2AB4-4B67-9754-0D84DEF43F2C}] => (Block) F:\Games\DEAD OR ALIVE 5 Last Round\startup_setting.exe
FirewallRules: [{779CB0C0-93C8-40A1-9EA7-0227EF5E3309}] => (Block) F:\Games\Bloodsports TV\bloodsports.exe
FirewallRules: [TCP Query User{9FE9ED83-9B64-4FD4-AEBF-67739A0E27C7}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{B14740C1-962F-4B73-BF1B-6F892C6013B2}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{D44D9DE4-4333-493F-8612-D50976EFD424}] => (Block) F:\Games\Ori and the Blind Forest\ori.exe
FirewallRules: [{CE062D04-75A1-4186-9F23-EC9A12CE7715}] => (Allow) M:\Program Files\Wippien\Wippien.exe
FirewallRules: [{971FF926-DFC9-4AC2-B8D5-7AF50EA5AE63}] => (Allow) M:\Program Files\Wippien\Wippien.exe
FirewallRules: [{AECBF9FB-0FBB-4E78-8616-D5E91EAD280E}] => (Allow) C:\Users\mongole\AppData\Local\Maelstrom\Application\chrome.native.torrent.exe
FirewallRules: [{88E1287D-00D7-406A-96AB-5F593B01A404}] => (Allow) C:\Users\mongole\AppData\Local\Maelstrom\Application\chrome.native.torrent.exe
FirewallRules: [{CF7C1938-2A8A-46EB-AC5A-FEEDC692EC91}] => (Allow) M:\Games\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{16E625D0-D511-4E5D-BF1C-71F5DC0888FA}] => (Allow) M:\Games\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{641D6791-3FBC-4D66-BA37-0828F7A3DF4C}M:\games\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) M:\games\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{5E3155A6-D119-408B-B5CE-544F0B9E908A}M:\games\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) M:\games\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{73AD9C2C-228E-41B1-86DB-554541EE7022}] => (Block) M:\games\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{D4661D20-C5E0-4B2F-9B49-D355B2E44FDA}] => (Block) M:\games\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{CB34AD36-031F-43F7-A7B0-DBA351DAA6F2}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{127FE993-610A-4EE5-8D1E-DB2FF9F13367}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{1213E8AB-23AC-4820-B5C2-92F537D8F8E2}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{8D30DB3A-B89E-4C03-B1BA-A1C04C778825}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{11203B2E-2219-4493-9A4B-663998506188}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{D88E7769-DAD5-4764-9AEE-A5382D36FC6E}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{1A166CDC-F18D-49CB-B768-ED86C22697AC}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\Paradise Lost\System\ParadiseLost.exe
FirewallRules: [{5EF3BE44-4F20-42DF-9DD5-118EA597DEAB}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\Paradise Lost\System\ParadiseLost.exe
FirewallRules: [TCP Query User{EFE008D3-79C7-4413-B298-1A8C13399889}M:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) M:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CA960FFF-09E6-4DBF-9FEC-30078E7E18F7}M:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) M:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{05A367DC-A9AD-480C-A486-F0FDCB8A6CE0}] => (Block) M:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{318A177A-0184-4FF2-BAFD-2C3B0D2E7AC7}] => (Block) M:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{D77AAA5D-49E2-4562-AAA9-9A6789F4F407}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{CBF933FA-01D5-4200-85D8-90958F02DFAF}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{65B58FCE-85C8-4B19-B747-0C067DEAA68C}] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{F50DEFA1-AB04-4665-8620-E74261B95C31}] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{CB23A8B5-7631-44A5-A8A7-3B338917814F}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{52801A91-0552-494F-9891-472499331805}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{6759AF2D-B7BA-4662-9A18-24123561DBFA}] => (Allow) M:\Games\Steam\SteamApps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{25FFBEF5-EDBB-4AFE-A0E7-AFDFAD49EB60}] => (Allow) M:\Games\Steam\SteamApps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [TCP Query User{12A981BD-E07E-4110-BE87-A1AC5EF2C1B2}M:\program files (x86)\sabnzbd\sabnzbd.exe] => (Allow) M:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [UDP Query User{0DFEEF7D-5ABC-4AFF-A927-AD169872BC1B}M:\program files (x86)\sabnzbd\sabnzbd.exe] => (Allow) M:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [{52DA281E-9821-406D-A286-01C75E04A30B}] => (Block) M:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [{AB9BBED0-1FF8-486E-BCC9-E2C80BFE724E}] => (Block) M:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [{17382AC5-9476-4618-B108-4568A910BC63}] => (Block) G:\The Witcher 3 Wild Hunt\bin\x64\witcher3.exe
FirewallRules: [{1F0EDA63-387A-4E84-ACF6-C3CD2E0F49E6}] => (Allow) M:\Program Files (x86)\TV-Browser\tvbrowser.exe
FirewallRules: [{B1E3AF09-708F-46E0-91EA-D06A10529903}] => (Allow) M:\Program Files (x86)\TV-Browser\tvbrowser.exe
FirewallRules: [{4B091B33-232D-4E3B-BFDD-BED29239717C}] => (Allow) M:\Program Files (x86)\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{74C07DD3-D6E7-46D8-B311-D7F32E310458}] => (Allow) M:\Program Files (x86)\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{96AF514A-5398-45B6-BC6E-DE4420836BFA}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_45\bin\java.exe
FirewallRules: [{7138359E-C5DC-49F4-B8B3-193007C43EF9}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_45\bin\java.exe
FirewallRules: [{970B83BE-4ED5-4BB9-B20B-8F8B499F41BD}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{E440A275-5762-4E80-99E1-C3E9728ECAF3}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{8EB0BA31-7B99-4181-AFAE-C526D34AA2EC}] => (Block) G:\Hatred\Hatred\Binaries\Win64\Hatred-Win64-Shipping.exe
FirewallRules: [{89947782-B01B-489D-B391-1EBF191BFA53}] => (Block) F:\Gamez\Trine.3.The.Artifacts.of.Power.v0.06.Cracked-3DM\Trine 3\trine3_launcher.exe
FirewallRules: [{507F57F6-A191-4901-AC71-B6913F535D36}] => (Block) F:\Gamez\Trine.3.The.Artifacts.of.Power.v0.06.Cracked-3DM\Trine 3\trine3_64bit.exe
FirewallRules: [{90DE4BC8-1043-4DE3-9220-662E3444A074}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{06CB0103-7652-47F1-BDE8-FE744E614A48}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{11A69F30-6FBE-4C71-AD3A-3BE743364533}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{308744F5-3D25-4870-A6F6-99149F34AA3B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{45A10B15-5D3F-4267-B46F-8CD4D9CE4EF3}] => (Allow) M:\Games\Steam\SteamApps\common\Nidhogg\Nidhogg.exe
FirewallRules: [{2FE605A5-0756-4724-AC1F-24C64F04316A}] => (Allow) M:\Games\Steam\SteamApps\common\Nidhogg\Nidhogg.exe
FirewallRules: [{71764963-7970-4916-9E52-EEE8F9A590C5}] => (Allow) M:\Games\Steam\SteamApps\common\FORCED\FORCED.exe
FirewallRules: [{D8E79390-5873-4DA8-9A34-4429A18E062D}] => (Allow) M:\Games\Steam\SteamApps\common\FORCED\FORCED.exe
FirewallRules: [{66E4CD1B-797D-43A0-AD47-16F9F607FCF5}] => (Allow) M:\Games\Steam\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{33D865C0-874F-43CF-B308-18D3BA938064}] => (Allow) M:\Games\Steam\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{1F8B8068-4215-4F04-B340-D5E72C00CA69}] => (Allow) M:\Games\Steam\SteamApps\common\And Yet It Moves\And Yet It Moves.exe
FirewallRules: [{BACAE36C-F4C7-44B4-9866-D47900B4688B}] => (Allow) M:\Games\Steam\SteamApps\common\And Yet It Moves\And Yet It Moves.exe
FirewallRules: [{5C1E7824-B02C-4FCC-A39F-9F1D263A079A}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{4A674C27-C404-4E2A-98C3-61DCD39C0DC5}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{BD88A5D0-576A-48C2-84BB-9FC5306D4E91}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{E629AB3E-863F-4E04-A962-69D844A6DA10}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{6B9B3657-81CD-4F66-AE00-8BA5AF84C23D}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{D3E3A14D-4AE7-4D6E-A24C-E5E2E2BA37AE}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [TCP Query User{D9753E3C-9082-462F-AF67-922F33F2DECB}M:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) M:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [UDP Query User{B5F6FA34-9057-49F5-BCE2-6F250F08D27C}M:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) M:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [{065F22E2-E281-402C-85D8-A7E4DA317DF3}] => (Allow) M:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{16139CE7-9FAE-434A-8951-AE36A5672C35}] => (Allow) M:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{051289DE-CFC1-4850-B197-E523E3C340E1}] => (Allow) M:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{57501666-57BF-4A5A-8099-09157351DAE1}] => (Allow) M:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{61A8946B-D000-48CC-B097-0DCB32246503}] => (Allow) M:\Games\Steam\SteamApps\common\Jamestown\Jamestown.exe
FirewallRules: [{8C18E07B-3F1E-4B87-9BD9-E7102C7EBA68}] => (Allow) M:\Games\Steam\SteamApps\common\Jamestown\Jamestown.exe
FirewallRules: [{505362FB-C4C7-45C7-87BE-6C8E4229EF8B}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Wreckfest_x64.exe
FirewallRules: [{74BFEB60-AAA2-41DE-A381-15B9E8C3A44C}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Wreckfest_x64.exe
FirewallRules: [{F975DE6E-91DD-4EC6-805A-D2EF82169F40}] => (Allow) M:\Games\Steam\SteamApps\common\Contagion\contagion.exe
FirewallRules: [{87DCA32C-F9F5-423E-99B3-3233D44F1B4D}] => (Allow) M:\Games\Steam\SteamApps\common\Contagion\contagion.exe
FirewallRules: [{D7DED483-1733-4F91-BB0E-0487D7D7B266}] => (Allow) M:\Games\Steam\SteamApps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{920D4BE6-06D0-44B1-9BAC-77BDDEBA048D}] => (Allow) M:\Games\Steam\SteamApps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{76F30BFB-CC77-4906-A75A-E3D5093A1F00}] => (Allow) M:\Games\Steam\SteamApps\common\How to Survive\Detect.exe
FirewallRules: [{D98EAAC6-9BAC-4531-B6AF-3B1F0E52B3D6}] => (Allow) M:\Games\Steam\SteamApps\common\How to Survive\Detect.exe
FirewallRules: [{1C8B61E4-0FB6-4894-ACEE-B49FF131F16D}] => (Allow) M:\Games\Steam\SteamApps\common\Depth\Binaries\Win64\DepthGame.exe
FirewallRules: [{12427FBA-C50C-48D9-86B1-4F958253598F}] => (Allow) M:\Games\Steam\SteamApps\common\Depth\Binaries\Win64\DepthGame.exe
FirewallRules: [{E71C36B8-6B00-4EC0-8662-9F53AB8A4A92}] => (Allow) M:\Games\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{6C74104F-2FC5-4AE5-A7D9-7C4722F69829}] => (Allow) M:\Games\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{8EC9B25A-4EDB-48C8-B6E0-2898F9A3E025}] => (Allow) M:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{5383EA28-70CB-4517-AB71-32CB05193080}] => (Allow) M:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{55A108E5-A6A7-4AD2-94AE-D3F97CE3F476}M:\program files\jitsi\jitsi.exe] => (Allow) M:\program files\jitsi\jitsi.exe
FirewallRules: [UDP Query User{B63A07FF-59FD-4580-A09E-73DAE9161CAF}M:\program files\jitsi\jitsi.exe] => (Allow) M:\program files\jitsi\jitsi.exe
FirewallRules: [{EC0633FB-51D5-49C4-AADC-184C8ABC411D}] => (Block) M:\program files\jitsi\jitsi.exe
FirewallRules: [{E4D48C8C-5D30-41BA-811C-7C4214CB8F51}] => (Block) M:\program files\jitsi\jitsi.exe
FirewallRules: [TCP Query User{00235518-81DE-4051-B77A-C71B70D27B37}M:\program files (x86)\free download manager\fdm.exe] => (Allow) M:\program files (x86)\free download manager\fdm.exe
FirewallRules: [UDP Query User{8FB43FF3-EE4A-4059-A1BF-4B595DACF09A}M:\program files (x86)\free download manager\fdm.exe] => (Allow) M:\program files (x86)\free download manager\fdm.exe
FirewallRules: [{BE8EFA65-8618-4B50-A992-1368DDB3D0E8}] => (Block) M:\program files (x86)\free download manager\fdm.exe
FirewallRules: [{31D00BD2-AF45-4E1B-8FD5-89E5B44088E4}] => (Block) M:\program files (x86)\free download manager\fdm.exe
FirewallRules: [{A0924598-58FE-46FA-A8A1-60FD1DA618BA}] => (Allow) M:\Program Files\Halite\Halite.exe
FirewallRules: [TCP Query User{7261A86F-2A25-48DC-878E-ABA339604219}B:\temp\mozopendownload\hfs.exe] => (Allow) B:\temp\mozopendownload\hfs.exe
FirewallRules: [UDP Query User{264C444C-77A6-4B4C-86EB-386217A7B862}B:\temp\mozopendownload\hfs.exe] => (Allow) B:\temp\mozopendownload\hfs.exe
FirewallRules: [{ECE4BD9E-E075-4D5D-B3DA-CD7819ADA9B9}] => (Allow) M:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{27925614-EE31-4402-A4B7-2D56EC8B840E}] => (Allow) M:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{D75C508E-E7A4-42F7-9F95-B171F7EFD21F}] => (Block) M:\Games\Tembo the Badass Elephant\Tembo The Badass Elephant.exe
FirewallRules: [{A1E91B3E-A276-4E9D-BD76-5724EDB18EFC}] => (Allow) M:\Games\Steam\SteamApps\common\Worms Reloaded\WormsReloaded.exe
FirewallRules: [{F2F5A0B3-D8A1-447E-88B0-52F757466A2F}] => (Allow) M:\Games\Steam\SteamApps\common\Worms Reloaded\WormsReloaded.exe
FirewallRules: [{EA560A31-A9E0-4356-9AD2-0EC8EBDA0B46}] => (Allow) M:\Games\Steam\SteamApps\common\Unreal Tournament\System\UnrealTournament.exe
FirewallRules: [{D8767F0C-DC04-4901-B2E7-D41A4B2E850E}] => (Allow) M:\Games\Steam\SteamApps\common\Unreal Tournament\System\UnrealTournament.exe
FirewallRules: [{5D902F96-EAB9-4A65-9769-A0F8ADB3960B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{95A846A8-4CEE-4CEC-9A8A-F558B4D8C164}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3F06409E-24AE-476B-89CE-F0BC56BC21FC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9B20C778-3D43-4464-9969-E45907517074}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7FC58F41-7894-4C15-AB3E-481BE5CD75BA}] => (Block) M:\Games\Trine 3 The Artifacts of Power\trine3_64bit.exe
FirewallRules: [{33F3AADD-F31E-4307-BE48-11D18ECBA39D}] => (Block) M:\Games\Trine 3 The Artifacts of Power\trine3_32bit.exe
FirewallRules: [{660ACE76-CC78-424D-A3F0-1640D22637A1}] => (Block) M:\Games\Trine 3 The Artifacts of Power\trine3_launcher.exe
FirewallRules: [TCP Query User{0E7FB79C-8EAC-48E9-ADF2-C1941E96B5DB}M:\program files\vuze\azureus.exe] => (Block) M:\program files\vuze\azureus.exe
FirewallRules: [UDP Query User{A2F161B0-9851-4656-8291-A7B664DFFBFF}M:\program files\vuze\azureus.exe] => (Block) M:\program files\vuze\azureus.exe
FirewallRules: [{023F5A2A-5189-4841-8332-99CA51500362}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{8864B29C-6D8A-4028-95D7-CBF99A82CC4F}] => (Block) F:\Games\Act of Aggression\ActOfAggression.exe
FirewallRules: [{9AA66804-AAAA-4728-AB35-5DEBBD9C730C}] => (Block) F:\Games\Act of Aggression\unins000.exe
FirewallRules: [{FAC1FAEA-0888-4F8A-A6F9-FA227B60DF70}] => (Allow) M:\Games\Steam\SteamApps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{8BF725F0-1371-4144-B039-C0C89604EAB4}] => (Allow) M:\Games\Steam\SteamApps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [TCP Query User{95A37C24-AE84-42A0-89B5-594944937687}B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpncmd.exe] => (Allow) B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpncmd.exe
FirewallRules: [UDP Query User{0141E4FC-BA4F-4A11-9A20-5B6EF376D63D}B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpncmd.exe] => (Allow) B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpncmd.exe
FirewallRules: [TCP Query User{B0462F46-07E7-425C-A6B2-C015FB0E3FF6}B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpnsmgr.exe] => (Allow) B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpnsmgr.exe
FirewallRules: [UDP Query User{BE8A9421-3A21-4817-AB58-8EB244F33A76}B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpnsmgr.exe] => (Allow) B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpnsmgr.exe
FirewallRules: [{E3B7C074-AB1B-4244-B1C2-1F6D2F2E2FA3}] => (Allow) M:\Games\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{E12E2D98-51B2-482A-9824-B05C64E5BD33}] => (Allow) M:\Games\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe

CptMw 26.09.2015 02:30
Code:
==================== Faulty Device Manager Devices =============

Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WeOnlyDo Network Adapter 2.5
Description: WeOnlyDo Network Adapter 2.5
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: WeOnlyDo Network Provider
Service: wod0205
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/25/2015 10:57:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm clover.exe, Version 3.0.406.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1daf8

Startzeit: 01d0f7d4adafc815

Endzeit: 4294967295

Anwendungspfad: C:\Program Files (x86)\Clover\clover.exe

Berichts-ID: fbae144a-63c7-11e5-82bc-0015833d0a57

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/25/2015 10:55:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm clover.exe, Version 3.0.406.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1d750

Startzeit: 01d0f7d480124ada

Endzeit: 4294967295

Anwendungspfad: C:\Program Files (x86)\Clover\clover.exe

Berichts-ID: c47a2c9f-63c7-11e5-82bc-0015833d0a57

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/25/2015 10:55:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm clover.exe, Version 3.0.406.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 17b4

Startzeit: 01d0f7a4a6dd407e

Endzeit: 3

Anwendungspfad: C:\Program Files (x86)\Clover\clover.exe

Berichts-ID: aebf9672-63c7-11e5-82bc-0015833d0a57

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/25/2015 10:39:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Soma.exe, Version: 0.0.0.0, Zeitstempel: 0x55fff75a
Name des fehlerhaften Moduls: fbxsdk-2012.2.dll, Version: 6.3.9600.18007, Zeitstempel: 0x55c4c16b
Ausnahmecode: 0xc0000135
Fehleroffset: 0x00000000000ec4e0
ID des fehlerhaften Prozesses: 0x1b080
Startzeit der fehlerhaften Anwendung: 0xSoma.exe0
Pfad der fehlerhaften Anwendung: Soma.exe1
Pfad des fehlerhaften Moduls: Soma.exe2
Berichtskennung: Soma.exe3
Vollständiger Name des fehlerhaften Pakets: Soma.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Soma.exe5

Error: (09/25/2015 10:05:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8

Error: (09/25/2015 10:05:43 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (09/25/2015 10:05:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL8

Error: (09/25/2015 10:05:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll8

Error: (09/25/2015 10:05:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\Windows\system32\esentprf.dll8

Error: (09/25/2015 10:05:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8


System errors:
=============
Error: (09/25/2015 11:11:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/25/2015 11:11:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "uvnc_service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/25/2015 11:11:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Sandboxie Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/25/2015 11:11:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Sound Blaster Audio Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/25/2015 11:11:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Creative Audio Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/25/2015 11:11:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/25/2015 10:29:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (09/25/2015 10:29:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (09/25/2015 04:55:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%1062

Error: (09/25/2015 04:54:30 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "Z:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.


CodeIntegrity:
===================================
  Date: 2015-07-11 02:34:41.736
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Programme\SysinternalsSuite\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-15 21:34:14.261
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-03-25 01:39:52.738
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-10 15:21:43.872
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-29 21:40:08.346
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-29 21:39:57.492
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-31 12:45:17.155
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-31 12:45:08.818
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-02 22:09:44.251
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-02 22:09:40.509
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 42%
Total physical RAM: 32716.61 MB
Available physical RAM: 18804.97 MB
Total Virtual: 36812.61 MB
Available Virtual: 22366.24 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:7.99 GB) (Free:7.77 GB) exFAT
Drive c: () (Fixed) (Total:111.45 GB) (Free:32.57 GB) NTFS
Drive f: (Backup) (Fixed) (Total:465.76 GB) (Free:19.61 GB) NTFS
Drive g: (SSD) (Fixed) (Total:59.62 GB) (Free:9.89 GB) NTFS
Drive m: (Data) (Fixed) (Total:931.39 GB) (Free:54.21 GB) NTFS
Drive x: () (Fixed) (Total:1863.01 GB) (Free:40.71 GB) NTFS
Drive z: () (Fixed) (Total:270 GB) (Free:5.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 49A204F8)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 3064FF80)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=06)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 00000001)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 59.6 GB) (Disk ID: 000BF271)
Partition 1: (Not Active) - (Size=59.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
GMER

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-09-26 00:16:46
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000003d Samsung_SSD_840_EVO_120GB rev.EXT0BB6Q 111,79GB
Running: okr3kyhy.exe; Driver: B:\TEMP\kglcypob.sys


---- Kernel code sections - GMER 2.1 ----

.text    C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                                                                                                                                                                                                          fffff96000248300 15 bytes [00, 0B, F2, 01, 00, 06, 6C, ...]
.text    C:\Windows\System32\win32k.sys!W32pServiceTable + 16                                                                                                                                                                                                                                                                      fffff96000248310 8 bytes [00, D7, FB, FF, 00, D3, CD, ...]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!VirtualAlloc                                                                                                                                                                                                        00007ffe094d11c0 7 bytes JMP 00007ffec94c08f8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!MapViewOfFileEx                                                                                                                                                                                                      00007ffe094d1220 7 bytes JMP 00007ffec94c2578
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!VirtualProtect                                                                                                                                                                                                      00007ffe094d14b0 7 bytes JMP 00007ffec94c0cb8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!MapViewOfFile                                                                                                                                                                                                        00007ffe094d1780 7 bytes JMP 00007ffec94c24b8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!LoadLibraryW                                                                                                                                                                                                        00007ffe094d17e0 5 bytes JMP 00007ffec94c03b8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!LoadLibraryExW                                                                                                                                                                                                      00007ffe094d2aa0 7 bytes JMP 00007ffec94c0538
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!LoadLibraryExA                                                                                                                                                                                                      00007ffe094d2ac0 7 bytes JMP 00007ffec94c0478
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!CreateFileMappingW                                                                                                                                                                                                  00007ffe094d2ad0 7 bytes JMP 00007ffec94c21b8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!HeapCreate                                                                                                                                                                                                          00007ffe094d31a0 7 bytes JMP 00007ffec94c1078
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!LoadLibraryA                                                                                                                                                                                                        00007ffe094d4960 5 bytes JMP 00007ffec94c02f8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!CreateFileMappingA                                                                                                                                                                                                  00007ffe094d49f0 7 bytes JMP 00007ffec94c20f8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!CreateProcessA                                                                                                                                                                                                      00007ffe094d4ab0 7 bytes JMP 00007ffec94c12b8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!CreateProcessW                                                                                                                                                                                                      00007ffe094d7b30 7 bytes JMP 00007ffec94c1378
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!VirtualAllocEx                                                                                                                                                                                                      00007ffe094ef2e0 7 bytes JMP 00007ffec94c09b8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!WriteProcessMemory                                                                                                                                                                                                  00007ffe09592250 7 bytes JMP 00007ffec94c1af8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!LoadPackagedLibrary                                                                                                                                                                                                  00007ffe095acc70 5 bytes JMP 00007ffec94c0778
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!WinExec                                                                                                                                                                                                              00007ffe095af840 5 bytes JMP 00007ffec94c1d38
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!CreateProcessInternalA                                                                                                                                                                                              00007ffe095afff0 7 bytes JMP 00007ffec94c1438
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!CreateProcessInternalW                                                                                                                                                                                              00007ffe095b0070 7 bytes JMP 00007ffec94c14f8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!CreateRemoteThread                                                                                                                                                                                                  00007ffe095b00f0 7 bytes JMP 00007ffec94c17f8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!VirtualProtectEx                                                                                                                                                                                                    00007ffe095b0d30 7 bytes JMP 00007ffec94c0d78
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!VirtualAlloc                                                                                                                                                                                                      00007ffe08fc1780 1 byte JMP 00007ffec94c0a78
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!VirtualAlloc + 2                                                                                                                                                                                                  00007ffe08fc1782 4 bytes {JMP 0xffffffffc04ff2f8}
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!MapViewOfFileEx                                                                                                                                                                                                    00007ffe08fc1e60 9 bytes JMP 00007ffec94c26f8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!VirtualProtect                                                                                                                                                                                                    00007ffe08fc4c80 9 bytes JMP 00007ffec94c0e38
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!VirtualProtectEx                                                                                                                                                                                                  00007ffe08fc4cb0 7 bytes JMP 00007ffec94c0ef8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!MapViewOfFile                                                                                                                                                                                                      00007ffe08fc5e10 9 bytes JMP 00007ffec94c2638
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!CreateFileW                                                                                                                                                                                                        00007ffe08fc7990 12 bytes JMP 00007ffec94c1eb8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!CreateFileMappingNumaW                                                                                                                                                                                            00007ffe08fc7f70 7 bytes JMP 00007ffec94c2338
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!CreateFileMappingW                                                                                                                                                                                                00007ffe08fc80b0 9 bytes JMP 00007ffec94c2278
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                                                                    00007ffe08fc8900 5 bytes JMP 00007ffec94c06b8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA                                                                                                                                                                                                    00007ffe08fc9330 5 bytes JMP 00007ffec94c05f8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx                                                                                                                                                                                              00007ffe08fdfea0 5 bytes JMP 00007ffec94c18b8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!HeapCreate                                                                                                                                                                                                        00007ffe08fe04e0 6 bytes JMP 00007ffec94c1138
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!CreateFileA                                                                                                                                                                                                        00007ffe08fe05b0 5 bytes JMP 00007ffec94c1df8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                                                                                                                00007ffe08ff6d50 5 bytes JMP 00007ffec94c1bb8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!MapViewOfFileFromApp                                                                                                                                                                                              00007ffe0900e6a0 7 bytes JMP 00007ffec94c27b8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!VirtualAllocEx                                                                                                                                                                                                    00007ffe09020960 8 bytes JMP 00007ffec94c0b38
.text    M:\Program Files (x86)\ownCloud\owncloud.exe[4432] M:\Program Files (x86)\ownCloud\libocsync.dll!csync_rename_adjust_path + 125                                                                                                                                                                                          00000000633cb41d 4 bytes [98, E1, ED, 6F]
.text    M:\Program Files (x86)\ownCloud\owncloud.exe[4432] M:\Program Files (x86)\ownCloud\libocsync.dll!csync_rename_adjust_path + 250                                                                                                                                                                                          00000000633cb49a 4 bytes [98, E1, ED, 6F]
.text    ...                                                                                                                                                                                                                                                                                                                      * 5
.text    M:\Program Files (x86)\ownCloud\owncloud.exe[4432] M:\Program Files (x86)\ownCloud\libocsync.dll!csync_rename_adjust_path_source + 125                                                                                                                                                                                    00000000633cb83d 4 bytes [98, E1, ED, 6F]
.text    M:\Program Files (x86)\ownCloud\owncloud.exe[4432] M:\Program Files (x86)\ownCloud\libocsync.dll!csync_rename_adjust_path_source + 266                                                                                                                                                                                    00000000633cb8ca 4 bytes [98, E1, ED, 6F]
.text    ...                                                                                                                                                                                                                                                                                                                      * 5
.text    M:\Program Files (x86)\ownCloud\owncloud.exe[4432] M:\Program Files (x86)\ownCloud\libocsync.dll!csync_rename_record + 359                                                                                                                                                                                                00000000633cbd57 4 bytes [98, E1, ED, 6F]
.text    M:\Program Files (x86)\ownCloud\owncloud.exe[4432] M:\Program Files (x86)\ownCloud\libocsync.dll!csync_rename_record + 679                                                                                                                                                                                                00000000633cbe97 4 bytes [98, E1, ED, 6F]
.text    M:\Program Files (x86)\ownCloud\owncloud.exe[4432] M:\Program Files (x86)\ownCloud\libocsync.dll!_ZNSt8_Rb_treeISsSt4pairIKSsSsESt10_Select1stIS2_ESt4lessISsESaIS2_EE22_M_emplace_hint_uniqueIIRKSt21piecewise_construct_tSt5tupleIIOSsEESD_IIEEEEESt17_Rb_tree_iteratorIS2_ESt23_Rb_tree_const_iteratorIS2_EDpOT_ + 38  000000006344ab66 4 bytes [A4, E1, ED, 6F]
.text    M:\Program Files (x86)\ownCloud\owncloud.exe[4432] M:\Program Files (x86)\ownCloud\libocsync.dll!_ZNSt8_Rb_treeISsSt4pairIKSsSsESt10_Select1stIS2_ESt4lessISsESaIS2_EE22_M_emplace_hint_uniqueIIRKSt21piecewise_construct_tSt5tupleIIOSsEESD_IIEEEEESt17_Rb_tree_iteratorIS2_ESt23_Rb_tree_const_iteratorIS2_EDpOT_ + 48  000000006344ab70 4 bytes [A4, E1, ED, 6F]
.text    ...                                                                                                                                                                                                                                                                                                                      * 3
.text    M:\Program Files (x86)\ownCloud\owncloud.exe[4432] M:\Program Files (x86)\ownCloud\libocsync.dll!_ZNSt8_Rb_treeISsSt4pairIKSsSsESt10_Select1stIS2_ESt4lessISsESaIS2_EE8_M_eraseEPSt13_Rb_tree_nodeIS2_E + 40                                                                                                              000000006344b0a8 4 bytes [98, E1, ED, 6F]
.text    M:\Program Files (x86)\ownCloud\owncloud.exe[4432] M:\Program Files (x86)\ownCloud\libocsync.dll!_ZNSt8_Rb_treeISsSt4pairIKSsSsESt10_Select1stIS2_ESt4lessISsESaIS2_EE8_M_eraseEPSt13_Rb_tree_nodeIS2_E + 91                                                                                                              000000006344b0db 4 bytes [98, E1, ED, 6F]
.text    M:\Program Files (x86)\Pidgin\pidgin.exe[3196] M:\Program Files (x86)\Pidgin\plugins\.dll!purple_init_plugin + 9                                                                                                                                                                                                          000000005ea71f95 4 bytes [20, B0, 3A, 00]
.text    M:\Program Files (x86)\Pidgin\pidgin.exe[3196] M:\Program Files (x86)\Pidgin\plugins\.dll!purple_init_plugin + 130                                                                                                                                                                                                        000000005ea7200e 4 bytes [20, B0, 3A, 00]
.text    M:\Program Files (x86)\Pidgin\pidgin.exe[3196] M:\Program Files (x86)\Pidgin\plugins\autoaccept.dll!purple_init_plugin + 10                                                                                                                                                                                              000000005e8d1ce2 4 bytes [20, B0, 3A, 00]
.text    M:\Program Files (x86)\Pidgin\pidgin.exe[3196] M:\Program Files (x86)\Pidgin\plugins\autoaccept.dll!purple_init_plugin + 160                                                                                                                                                                                              000000005e8d1d78 4 bytes [20, B0, 3A, 00]
.text    M:\Program Files (x86)\Pidgin\pidgin.exe[3196] M:\Program Files (x86)\Pidgin\plugins\libgg.dll!purple_init_plugin + 11                                                                                                                                                                                                    000000005e7583ff 4 bytes [20, B0, 3A, 00]
.text    M:\Program Files (x86)\Pidgin\pidgin.exe[3196] M:\Program Files (x86)\Pidgin\plugins\libgg.dll!purple_init_plugin + 412                                                                                                                                                                                                  000000005e758590 4 bytes [20, B0, 3A, 00]
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!VirtualAlloc                                                                                                                                                                                                                              00007ffe094d11c0 7 bytes JMP 00007ffec94c08f8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!MapViewOfFileEx                                                                                                                                                                                                                          00007ffe094d1220 7 bytes JMP 00007ffec94c2578
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!VirtualProtect                                                                                                                                                                                                                            00007ffe094d14b0 7 bytes JMP 00007ffec94c0cb8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!MapViewOfFile                                                                                                                                                                                                                            00007ffe094d1780 7 bytes JMP 00007ffec94c24b8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!LoadLibraryW                                                                                                                                                                                                                              00007ffe094d17e0 8 bytes JMP 00007ffec94c03b8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!LoadLibraryW + 9                                                                                                                                                                                                                          00007ffe094d17e9 3 bytes [CC, CC, CC]
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!LoadLibraryExW                                                                                                                                                                                                                            00007ffe094d2aa0 7 bytes JMP 00007ffec94c0538
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!LoadLibraryExA                                                                                                                                                                                                                            00007ffe094d2ac0 7 bytes JMP 00007ffec94c0478
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!CreateFileMappingW                                                                                                                                                                                                                        00007ffe094d2ad0 7 bytes JMP 00007ffec94c21b8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!HeapCreate                                                                                                                                                                                                                                00007ffe094d31a0 7 bytes JMP 00007ffec94c1078
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!LoadLibraryA                                                                                                                                                                                                                              00007ffe094d4960 10 bytes JMP 00007ffec94c02f8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!CreateFileMappingA                                                                                                                                                                                                                        00007ffe094d49f0 7 bytes JMP 00007ffec94c20f8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!CreateProcessA                                                                                                                                                                                                                            00007ffe094d4ab0 7 bytes JMP 00007ffec94c12b8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!CreateProcessW                                                                                                                                                                                                                            00007ffe094d7b30 7 bytes JMP 00007ffec94c1378
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!VirtualAllocEx                                                                                                                                                                                                                            00007ffe094ef2e0 7 bytes JMP 00007ffec94c09b8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!WriteProcessMemory                                                                                                                                                                                                                        00007ffe09592250 7 bytes JMP 00007ffec94c1af8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!LoadPackagedLibrary                                                                                                                                                                                                                      00007ffe095acc70 10 bytes JMP 00007ffec94c0778
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!WinExec                                                                                                                                                                                                                                  00007ffe095af840 10 bytes JMP 00007ffec94c1d38
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!CreateProcessInternalA                                                                                                                                                                                                                    00007ffe095afff0 7 bytes JMP 00007ffec94c1438
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!CreateProcessInternalW                                                                                                                                                                                                                    00007ffe095b0070 7 bytes JMP 00007ffec94c14f8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!CreateRemoteThread                                                                                                                                                                                                                        00007ffe095b00f0 7 bytes JMP 00007ffec94c17f8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!VirtualProtectEx                                                                                                                                                                                                                          00007ffe095b0d30 7 bytes JMP 00007ffec94c0d78
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!VirtualAlloc                                                                                                                                                                                                                            00007ffe08fc1780 1 byte JMP 00007ffec94c0a78
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!VirtualAlloc + 2                                                                                                                                                                                                                        00007ffe08fc1782 6 bytes {JMP 0xffffffffc04ff2f8}
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!MapViewOfFileEx                                                                                                                                                                                                                        00007ffe08fc1e60 9 bytes JMP 00007ffec94c26f8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!VirtualProtect                                                                                                                                                                                                                          00007ffe08fc4c80 9 bytes JMP 00007ffec94c0e38
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!VirtualProtectEx                                                                                                                                                                                                                        00007ffe08fc4cb0 7 bytes JMP 00007ffec94c0ef8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!MapViewOfFile                                                                                                                                                                                                                          00007ffe08fc5e10 9 bytes JMP 00007ffec94c2638
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!CreateFileW                                                                                                                                                                                                                            00007ffe08fc7990 12 bytes JMP 00007ffec94c1eb8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!CreateFileMappingNumaW                                                                                                                                                                                                                  00007ffe08fc7f70 7 bytes JMP 00007ffec94c2338
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!CreateFileMappingW                                                                                                                                                                                                                      00007ffe08fc80b0 9 bytes JMP 00007ffec94c2278
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                                                                                          00007ffe08fc8900 10 bytes JMP 00007ffec94c06b8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA                                                                                                                                                                                                                          00007ffe08fc9330 10 bytes JMP 00007ffec94c05f8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx                                                                                                                                                                                                                    00007ffe08fdfea0 8 bytes JMP 00007ffec94c18b8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!HeapCreate                                                                                                                                                                                                                              00007ffe08fe04e0 13 bytes JMP 00007ffec94c1138
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!CreateFileA                                                                                                                                                                                                                            00007ffe08fe05b0 10 bytes JMP 00007ffec94c1df8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                                                                                                                                      00007ffe08ff6d50 10 bytes JMP 00007ffec94c1bb8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!MapViewOfFileFromApp                                                                                                                                                                                                                    00007ffe0900e6a0 7 bytes JMP 00007ffec94c27b8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!VirtualAllocEx                                                                                                                                                                                                                          00007ffe09020960 8 bytes JMP 00007ffec94c0b38
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!CloseHandle                                                                                                                                                                                                          00007ffe08fc14c0 5 bytes JMP 00007fff08fb0914
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!GetSystemTimeAsFileTime                                                                                                                                                                                              00007ffe08fc1630 3 bytes JMP 00007fff08fb0d53
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!GetSystemTimeAsFileTime + 4                                                                                                                                                                                          00007ffe08fc1634 1 byte [FF]
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!WriteFile                                                                                                                                                                                                            00007ffe08fc1c50 5 bytes JMP 00007fff08fb0995
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!UnmapViewOfFile                                                                                                                                                                                                      00007ffe08fc1d70 5 bytes JMP 00007fff08fb0f50
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!GetConsoleMode                                                                                                                                                                                                      00007ffe08fc1fa0 5 bytes JMP 00007fff08fb0894
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!GetSystemTime                                                                                                                                                                                                        00007ffe08fc30c0 5 bytes JMP 00007fff08fb0dd4
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!MapViewOfFile                                                                                                                                                                                                        00007ffe08fc5e10 5 bytes JMP 00007fff08fb0f97
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!GetLocalTime                                                                                                                                                                                                        00007ffe08fc6550 5 bytes JMP 00007fff08fb0d93
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!CreateFileW                                                                                                                                                                                                          00007ffe08fc7990 5 bytes JMP 00007fff08fb09da
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!ReadFile                                                                                                                                                                                                            00007ffe08fc7eb0 5 bytes JMP 00007fff08fb0953
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!OpenFileMappingW                                                                                                                                                                                                    00007ffe08fc87c0 5 bytes JMP 00007fff08fb0fd3
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!GetEnvironmentVariableW                                                                                                                                                                                              00007ffe08fc8d30 5 bytes JMP 00007fff08fb0e53
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!GetEnvironmentStringsW                                                                                                                                                                                              00007ffe08fca530 5 bytes JMP 00007fff08fb0e13
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetEnvironmentVariableW                                                                                                                                                                                              00007ffe08fcb4b0 5 bytes JMP 00007fff08fb0ed4
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!TerminateThread                                                                                                                                                                                                      00007ffe08fcc140 5 bytes JMP 00007fff08fb0c13
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetCurrentDirectoryW                                                                                                                                                                                                00007ffe08fcc950 5 bytes JMP 00007fff08fb0b14
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!CreateProcessW                                                                                                                                                                                                      00007ffe08fcfca0 5 bytes JMP 00007fff08fb0b95
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!GetEnvironmentVariableA                                                                                                                                                                                              00007ffe08fcfd70 5 bytes JMP 00007fff08fb0e95
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleMode                                                                                                                                                                                                      00007ffe08fd26b0 5 bytes JMP 00007fff08fb0856
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!WriteConsoleW                                                                                                                                                                                                        00007ffe08fd4d80 5 bytes JMP 00007fff08fb0397
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleTitleW                                                                                                                                                                                                    00007ffe08fd4ed0 5 bytes JMP 00007fff08fb07d3
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!TerminateProcess                                                                                                                                                                                                    00007ffe08fe58c0 5 bytes JMP 00007fff08fb0cd3
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleTextAttribute                                                                                                                                                                                              00007ffe0901fdb0 5 bytes JMP 00007fff08fb0695
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetEnvironmentVariableA                                                                                                                                                                                              00007ffe09022690 5 bytes JMP 00007fff08fb0f13
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!CreateProcessA                                                                                                                                                                                                      00007ffe090237b0 5 bytes JMP 00007fff08fb0bd5
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!PeekConsoleInputW                                                                                                                                                                                                    00007ffe09024520 5 bytes JMP 00007fff08fb0557
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleCursorPosition                                                                                                                                                                                            00007ffe090245f0 5 bytes JMP 00007fff08fa0fd5
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!FlushConsoleInputBuffer                                                                                                                                                                                              00007ffe09024630 5 bytes JMP 00007fff08fb0215
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!GetNumberOfConsoleInputEvents                                                                                                                                                                                        00007ffe09024670 5 bytes JMP 00007fff08fb0254
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetThreadContext                                                                                                                                                                                                    00007ffe09038e30 4 bytes JMP 00007fff08fb0c58
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!CreateThread                                                                                                                                                                                                        00007ffe0903abf0 5 bytes JMP 00007fff08fb0c95
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!WriteConsoleOutputW                                                                                                                                                                                                  00007ffe0903b540 5 bytes JMP 00007fff08fb0657
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!AllocConsole                                                                                                                                                                                                        00007ffe0908f0c0 5 bytes JMP 00007fff08fb0754
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!FreeConsole                                                                                                                                                                                                          00007ffe0908f450 5 bytes JMP 00007fff08fb0719
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!CreateConsoleScreenBuffer                                                                                                                                                                                            00007ffe0908f4c0 5 bytes JMP 00007fff08fb01d3
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!PeekConsoleInputA                                                                                                                                                                                                    00007ffe0908f7b0 5 bytes JMP 00007fff08fb0517
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA                                                                                                                                                                                                    00007ffe0908f7e0 5 bytes JMP 00007fff08fb0494
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW                                                                                                                                                                                                    00007ffe0908f860 5 bytes JMP 00007fff08fb04d4
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!WriteConsoleInputA                                                                                                                                                                                                  00007ffe0908fa00 5 bytes JMP 00007fff08fb0457
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!WriteConsoleInputW                                                                                                                                                                                                  00007ffe0908fab0 5 bytes JMP 00007fff08fb0417
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!WriteConsoleOutputA                                                                                                                                                                                                  00007ffe0908fad0 5 bytes JMP 00007fff08fb0617
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!WriteConsoleOutputCharacterA                                                                                                                                                                                        00007ffe0908fb40 5 bytes JMP 00007fff08fb02d7
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!WriteConsoleOutputCharacterW                                                                                                                                                                                        00007ffe0908fb70 5 bytes JMP 00007fff08fb0297
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!GetLargestConsoleWindowSize                                                                                                                                                                                          00007ffe0908fd20 5 bytes JMP 00007fff08fb0057
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!ScrollConsoleScreenBufferA                                                                                                                                                                                          00007ffe0908fd70 5 bytes JMP 00007fff08fb0357
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!ScrollConsoleScreenBufferW                                                                                                                                                                                          00007ffe0908fe20 5 bytes JMP 00007fff08fb0317
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleActiveScreenBuffer                                                                                                                                                                                        00007ffe0908fe50 5 bytes JMP 00007fff08fb0195
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleCP                                                                                                                                                                                                        00007ffe0908fe90 5 bytes JMP 00007fff08fa0ed5
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleCursorInfo                                                                                                                                                                                                00007ffe0908fee0 5 bytes JMP 00007fff08fa0f95
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleOutputCP                                                                                                                                                                                                  00007ffe0908ff30 5 bytes JMP 00007fff08fa0e95
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleScreenBufferInfoEx                                                                                                                                                                                        00007ffe0908ff80 5 bytes JMP 00007fff08fb0095
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleScreenBufferSize                                                                                                                                                                                          00007ffe09090080 5 bytes JMP 00007fff08fb0115
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleWindowInfo                                                                                                                                                                                                00007ffe090900d0 5 bytes JMP 00007fff08fb0155
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA                                                                                                                                                                                                        00007ffe09090310 5 bytes JMP 00007fff08fb0594
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW                                                                                                                                                                                                        00007ffe09090540 5 bytes JMP 00007fff08fb05d4
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!WriteConsoleA                                                                                                                                                                                                        00007ffe09090590 5 bytes JMP 00007fff08fb03d7
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetCurrentDirectoryA                                                                                                                                                                                                00007ffe090a14c0 5 bytes JMP 00007fff08fb0b53
.text    C:\Windows\explorer.exe[123448] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\Comctl32.dll!DPA_InsertPtr                                                                                                                                                00007ffe067f2fd0 5 bytes JMP 00007fff056d0f88
.text    C:\Windows\explorer.exe[123448] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\Comctl32.dll!DPA_DeletePtr                                                                                                                                                00007ffe067f3050 5 bytes JMP 00007fff056d0f48
.text    C:\Windows\explorer.exe[123448] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\Comctl32.dll!DPA_Create                                                                                                                                                  00007ffe067f3230 5 bytes JMP 00007fff056d0fc8
.text    C:\Windows\explorer.exe[123996] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance                                                                                                                                                                                                                                          00007ffe0982d050 5 bytes JMP 00007fff06d40070
.text    C:\Windows\explorer.exe[123996] C:\Windows\system32\USER32.dll!GetAncestor                                                                                                                                                                                                                                                00007ffe0b5412f0 5 bytes JMP 00007fff06d40028
.text    C:\Windows\explorer.exe[123996] C:\Windows\SYSTEM32\dwmapi.dll!DwmIsCompositionEnabled                                                                                                                                                                                                                                    00007ffe06f01410 5 bytes JMP 00007fff06d40010
.text    C:\Windows\explorer.exe[123996] C:\Windows\SYSTEM32\UIAutomationCore.dll!UiaReturnRawElementProvider                                                                                                                                                                                                                      00007ffdf32e5740 5 bytes JMP 00007ffe06d40040

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [632:3996]                                                                                                                                                                                                                                                                                  fffff960009312d0
---- Processes - GMER 2.1 ----

Library  C:\Users\mongole\AppData\Local\KeePass\PluginCache\3CCPp6DCHvRxKsWOsm1T\DataBaseBackup.dll (*** suspicious ***) @ C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [5104] (DataBaseBackup/Francis Noël)(2015-06-06 11:58:40)                                                                                    000000001c2c0000
Library  C:\Users\mongole\AppData\Local\KeePass\PluginCache\PwaUSoqXaMU2Mq5Ih23n\OtpKeyProv.dll (*** suspicious ***) @ C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [5104] (OtpKeyProv/Dominik Reichl)(2015-06-06 11:58:40)                                                                                          000000001b670000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations                                                                                                                                                                                                                                        \??\C:\Users\mongole\AppData\Roaming\chrome.exe??
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                                                                                                                                                                                                        -871816015
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833d0a57                                                                                                                                                                                                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833d0a57@181eb02e593b                                                                                                                                                                                                                                  0xEE 0x81 0xAB 0x55 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833d0a57@d487d89d7a2f                                                                                                                                                                                                                                  0x7B 0xF0 0xFD 0x4F ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833d0a57@d890e8586158                                                                                                                                                                                                                                  0x24 0x5E 0x35 0x12 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833d0a57@181eb02f42f1                                                                                                                                                                                                                                  0x89 0xEE 0x2C 0x1C ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833d0a57@a49a5853ec4a                                                                                                                                                                                                                                  0x39 0x64 0x4B 0x2A ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833d0a57@b43a28c20bc0                                                                                                                                                                                                                                  0x74 0x2F 0x19 0x55 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@Start                                                                                                                                                                                                                                                                0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@Tag                                                                                                                                                                                                                                                                  1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@ImagePath                                                                                                                                                                                                                                                            system32\drivers\MBAMSwissArmy.sys
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@Group                                                                                                                                                                                                                                                                System Reserved
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy                                                                                                                                                                                                                                                                     
Reg      HKLM\SYSTEM\CurrentControlSet\Services\NdisCap\Parameters@RefCount                                                                                                                                                                                                                                                        0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                                                                                                                                                                                                                          42345
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@HideIcons                                                                                                                                                                                                                                                0
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU@MRUList                                                                                                                                                                                                                                                    fedcba
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}\iexplore@Count                                                                                                                                                                                                            2806
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8A6CAA2-533D-4AED-9E05-8EB19A4021AB}\iexplore@Count                                                                                                                                                                                                            2783
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\xxx@xxx.comMessageCount                                                                                                                                                                                                                              4

---- EOF - GMER 2.1 ----
Update:

Sample des Virus übermittelt an: Sophos, Symantec, ClamAV, Microsoft, Avira, McAfee, Kaspersky, Lavasoft, TrendMicro, Comodo, Baidu, Agnitum, Webroot, Vir.IT, Zoner. SUPERAntiSpyware.

In der Hoffnung, bald vernünftige Erkennungsraten und spezifische Removal Instructions zu bekommen :)

schrauber 28.09.2015 15:15
hi,

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

CptMw 28.09.2015 15:25
Hi,

hier das Log

Code:
16:21:03.0467 0x1ed8  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
16:21:08.0358 0x1ed8  ============================================================
16:21:08.0358 0x1ed8  Current date / time: 2015/09/28 16:21:08.0358
16:21:08.0358 0x1ed8  SystemInfo:
16:21:08.0358 0x1ed8 
16:21:08.0358 0x1ed8  OS Version: 6.3.9600 ServicePack: 0.0
16:21:08.0358 0x1ed8  Product type: Workstation
16:21:08.0358 0x1ed8  ComputerName: MONGOMACHINE-8
16:21:08.0359 0x1ed8  UserName: mongole
16:21:08.0359 0x1ed8  Windows directory: C:\Windows
16:21:08.0359 0x1ed8  System windows directory: C:\Windows
16:21:08.0359 0x1ed8  Running under WOW64
16:21:08.0359 0x1ed8  Processor architecture: Intel x64
16:21:08.0359 0x1ed8  Number of processors: 8
16:21:08.0359 0x1ed8  Page size: 0x1000
16:21:08.0359 0x1ed8  Boot type: Normal boot
16:21:08.0359 0x1ed8  ============================================================
16:21:16.0006 0x1ed8  KLMD registered as C:\Windows\system32\drivers\51290952.sys
16:21:16.0028 0x1ed8  System UUID: {E559B8D1-DD33-9557-D245-677D1438D609}
16:21:16.0185 0x1ed8  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:21:16.0207 0x1ed8  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:21:16.0229 0x1ed8  Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:21:16.0249 0x1ed8  Drive \Device\Harddisk3\DR3 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:21:16.0251 0x1ed8  Drive \Device\Harddisk4\DR4 - Size: 0xEE8156000 ( 59.63 Gb ), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:21:16.0261 0x1ed8  ============================================================
16:21:16.0261 0x1ed8  \Device\Harddisk0\DR0:
16:21:16.0261 0x1ed8  MBR partitions:
16:21:16.0261 0x1ed8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAF000
16:21:16.0261 0x1ed8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAF800, BlocksNum 0xDEE4800
16:21:16.0261 0x1ed8  \Device\Harddisk1\DR1:
16:21:16.0261 0x1ed8  GPT partitions:
16:21:16.0261 0x1ed8  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {63B9CFEB-4795-499B-AAF5-450B1D464EC4}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
16:21:16.0261 0x1ed8  \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {F3380D9A-D973-4488-A314-3BDB21372412}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x746C6000
16:21:16.0261 0x1ed8  MBR partitions:
16:21:16.0261 0x1ed8  \Device\Harddisk2\DR2:
16:21:16.0261 0x1ed8  MBR partitions:
16:21:16.0261 0x1ed8  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x6, StartLBA 0x800, BlocksNum 0xE8E07800
16:21:16.0261 0x1ed8  \Device\Harddisk3\DR3:
16:21:16.0262 0x1ed8  MBR partitions:
16:21:16.0262 0x1ed8  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
16:21:16.0262 0x1ed8  \Device\Harddisk4\DR4:
16:21:16.0262 0x1ed8  MBR partitions:
16:21:16.0262 0x1ed8  \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x773F800
16:21:16.0262 0x1ed8  ============================================================
16:21:16.0263 0x1ed8  C: <-> \Device\Harddisk0\DR0\Partition2
16:21:16.0271 0x1ed8  G: <-> \Device\Harddisk4\DR4\Partition1
16:21:16.0294 0x1ed8  M: <-> \Device\Harddisk1\DR1\Partition2
16:21:16.0319 0x1ed8  F: <-> \Device\Harddisk3\DR3\Partition1
16:21:16.0319 0x1ed8  ============================================================
16:21:16.0319 0x1ed8  Initialize success
16:21:16.0319 0x1ed8  ============================================================
16:21:43.0146 0x1e90  ============================================================
16:21:43.0146 0x1e90  Scan started
16:21:43.0146 0x1e90  Mode: Manual; SigCheck; TDLFS;
16:21:43.0146 0x1e90  ============================================================
16:21:43.0146 0x1e90  KSN ping started
16:21:45.0504 0x1e90  KSN ping finished: true
16:21:47.0253 0x1e90  ================ Scan system memory ========================
16:21:47.0253 0x1e90  System memory - ok
16:21:47.0254 0x1e90  ================ Scan services =============================
16:21:47.0278 0x1e90  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
16:21:47.0302 0x1e90  1394ohci - ok
16:21:47.0310 0x1e90  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware          C:\Windows\system32\drivers\3ware.sys
16:21:47.0320 0x1e90  3ware - ok
16:21:47.0338 0x1e90  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:21:47.0350 0x1e90  ACPI - ok
16:21:47.0355 0x1e90  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
16:21:47.0361 0x1e90  acpiex - ok
16:21:47.0363 0x1e90  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
16:21:47.0368 0x1e90  acpipagr - ok
16:21:47.0370 0x1e90  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi        C:\Windows\System32\drivers\acpipmi.sys
16:21:47.0375 0x1e90  AcpiPmi - ok
16:21:47.0379 0x1e90  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
16:21:47.0384 0x1e90  acpitime - ok
16:21:47.0421 0x1e90  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX        C:\Windows\system32\drivers\ADP80XX.SYS
16:21:47.0462 0x1e90  ADP80XX - ok
16:21:47.0471 0x1e90  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
16:21:47.0481 0x1e90  AeLookupSvc - ok
16:21:47.0495 0x1e90  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD            C:\Windows\system32\drivers\afd.sys
16:21:47.0507 0x1e90  AFD - ok
16:21:47.0512 0x1e90  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:21:47.0517 0x1e90  agp440 - ok
16:21:47.0520 0x1e90  [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache        C:\Windows\system32\DRIVERS\ahcache.sys
16:21:47.0526 0x1e90  ahcache - ok
16:21:47.0530 0x1e90  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG            C:\Windows\System32\alg.exe
16:21:47.0536 0x1e90  ALG - ok
16:21:47.0541 0x1e90  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8          C:\Windows\System32\drivers\amdk8.sys
16:21:47.0547 0x1e90  AmdK8 - ok
16:21:47.0554 0x1e90  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
16:21:47.0560 0x1e90  AmdPPM - ok
16:21:47.0567 0x1e90  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
16:21:47.0574 0x1e90  amdsata - ok
16:21:47.0580 0x1e90  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
16:21:47.0589 0x1e90  amdsbs - ok
16:21:47.0591 0x1e90  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
16:21:47.0596 0x1e90  amdxata - ok
16:21:47.0600 0x1e90  [ 4887E13C3154816A9503E34FC05F2804, CA05D85C3B63EEB2836D50FF99CDA70DC56D7F67B4296EC50A7D250BBA2F57C4 ] AnyDVD          C:\Windows\system32\Drivers\AnyDVD.sys
16:21:47.0608 0x1e90  AnyDVD - ok
16:21:47.0612 0x1e90  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID          C:\Windows\system32\drivers\appid.sys
16:21:47.0618 0x1e90  AppID - ok
16:21:47.0621 0x1e90  [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:21:47.0627 0x1e90  AppIDSvc - ok
16:21:47.0630 0x1e90  [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo        C:\Windows\System32\appinfo.dll
16:21:47.0637 0x1e90  Appinfo - ok
16:21:47.0643 0x1e90  [ 1A8EA3500576DD4B43E9318F10709E0E, 85F8581C319DE241B223366F08A5F9301858DA9DA1A0CAA10ED387A2B99EC216 ] AppMgmt        C:\Windows\System32\appmgmts.dll
16:21:47.0652 0x1e90  AppMgmt - ok
16:21:47.0674 0x1e90  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\Windows\system32\AppReadiness.dll
16:21:47.0686 0x1e90  AppReadiness - ok
16:21:47.0721 0x1e90  [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc        C:\Windows\system32\appxdeploymentserver.dll
16:21:47.0742 0x1e90  AppXSvc - ok
16:21:47.0748 0x1e90  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:21:47.0757 0x1e90  arcsas - ok
16:21:47.0759 0x1e90  [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:21:47.0770 0x1e90  AsyncMac - ok
16:21:47.0773 0x1e90  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi          C:\Windows\system32\drivers\atapi.sys
16:21:47.0777 0x1e90  atapi - ok
16:21:47.0782 0x1e90  [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
16:21:47.0790 0x1e90  AudioEndpointBuilder - ok
16:21:47.0803 0x1e90  [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:21:47.0821 0x1e90  Audiosrv - ok
16:21:47.0827 0x1e90  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:21:47.0833 0x1e90  AxInstSV - ok
16:21:47.0856 0x1e90  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv        C:\Windows\system32\drivers\bxvbda.sys
16:21:47.0887 0x1e90  b06bdrv - ok
16:21:47.0890 0x1e90  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
16:21:47.0895 0x1e90  BasicDisplay - ok
16:21:47.0898 0x1e90  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender    C:\Windows\System32\drivers\BasicRender.sys
16:21:47.0903 0x1e90  BasicRender - ok
16:21:47.0908 0x1e90  [ 2C969095C2827EF4536C7D6FA434F993, 3C1AD826355AB1509DFF74B9168929A98CC207D96F97E356650DF9F9C5ADD9BE ] BazisVirtualCDBus C:\Windows\System32\drivers\BazisVirtualCDBus.sys
16:21:47.0914 0x1e90  BazisVirtualCDBus - ok
16:21:47.0916 0x1e90  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\Windows\System32\drivers\bcmfn2.sys
16:21:47.0919 0x1e90  bcmfn2 - ok
16:21:47.0927 0x1e90  [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC          C:\Windows\System32\bdesvc.dll
16:21:47.0936 0x1e90  BDESVC - ok
16:21:47.0938 0x1e90  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\Windows\system32\drivers\Beep.sys
16:21:47.0943 0x1e90  Beep - ok
16:21:47.0956 0x1e90  [ 8F2AD111B47A190F325EE7495D3C1803, C61F1506E74A9EFBB61B8A06B30886B6E891C33211F755F30B924EBA202ECEC5 ] BFE            C:\Windows\System32\bfe.dll
16:21:47.0970 0x1e90  BFE - ok
16:21:47.0974 0x1e90  [ 5A98C8DC3947110B792AD91F38EAA4A3, 43C0E7CB0A892A87B2AAF681C29DC2249CD5B4589914DF68122458C4639A04EE ] BfLwf          C:\Windows\system32\DRIVERS\bwcW8x64.sys
16:21:47.0980 0x1e90  BfLwf - ok
16:21:48.0001 0x1e90  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\Windows\System32\qmgr.dll
16:21:48.0019 0x1e90  BITS - ok
16:21:48.0028 0x1e90  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:21:48.0038 0x1e90  Bonjour Service - ok
16:21:48.0045 0x1e90  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:21:48.0051 0x1e90  bowser - ok
16:21:48.0060 0x1e90  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
16:21:48.0067 0x1e90  BrokerInfrastructure - ok
16:21:48.0072 0x1e90  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser        C:\Windows\System32\browser.dll
16:21:48.0078 0x1e90  Browser - ok
16:21:48.0081 0x1e90  [ 0B2EE8B36081C1039EA3D20B952A8DDC, 4849F424B15CBF2342811D944A599D762D206E33D284429483D9769FD07C3BE7 ] bthav          C:\Windows\system32\drivers\bthav.sys
16:21:48.0086 0x1e90  bthav - ok
16:21:48.0089 0x1e90  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
16:21:48.0094 0x1e90  BthAvrcpTg - ok
16:21:48.0097 0x1e90  [ 12418846B057E4F92FC621F5C6CF737D, 0B8B0EADE4F2AD95D450A5C71C287C0F04F33897ABF27D3E3B6428A3C99C7B5D ] BthEnum        C:\Windows\System32\drivers\BthEnum.sys
16:21:48.0102 0x1e90  BthEnum - ok
16:21:48.0105 0x1e90  [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum      C:\Windows\System32\drivers\bthhfenum.sys
16:21:48.0110 0x1e90  BthHFEnum - ok
16:21:48.0113 0x1e90  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
16:21:48.0117 0x1e90  bthhfhid - ok
16:21:48.0128 0x1e90  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\Windows\System32\BthHFSrv.dll
16:21:48.0136 0x1e90  BthHFSrv - ok
16:21:48.0139 0x1e90  [ EF4B9E7C9AD88C00C18A12B0D22D1894, 672537E75201E690D86CD65252B8AEF887C76EBD37AB0C419462D69164B350CC ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
16:21:48.0144 0x1e90  BTHMODEM - ok
16:21:48.0148 0x1e90  [ FEA8FC81431AD93F44D5FBFBBF096AA7, C0581DF6B2AD24836604B083F4866F93A3F4D9091D382029948A5E6221EDF788 ] BthPan          C:\Windows\System32\drivers\bthpan.sys
16:21:48.0154 0x1e90  BthPan - ok
16:21:48.0178 0x1e90  [ B810B2B39CCA90DC6BF42AF1658AE0D1, D184F927BCFBDE7063A0C9873BF2C174226E1AB5081A7108FCC66210CD117465 ] BTHPORT        C:\Windows\System32\Drivers\BTHport.sys
16:21:48.0197 0x1e90  BTHPORT - ok
16:21:48.0202 0x1e90  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv        C:\Windows\system32\bthserv.dll
16:21:48.0208 0x1e90  bthserv - ok
16:21:48.0211 0x1e90  [ 52A1B7ECAB4C9EF70FD41241691E09D3, F7A5BFE72D3151E73DD9922A76964C08AC1FDCB8460D9A17DCF8B7969006AD42 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
16:21:48.0216 0x1e90  BTHUSB - ok
16:21:48.0221 0x1e90  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:21:48.0227 0x1e90  cdfs - ok
16:21:48.0234 0x1e90  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom          C:\Windows\System32\drivers\cdrom.sys
16:21:48.0240 0x1e90  cdrom - ok
16:21:48.0247 0x1e90  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc    C:\Windows\System32\certprop.dll
16:21:48.0253 0x1e90  CertPropSvc - ok
16:21:48.0256 0x1e90  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\Windows\System32\drivers\circlass.sys
16:21:48.0261 0x1e90  circlass - ok
16:21:48.0268 0x1e90  [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
16:21:48.0277 0x1e90  CLFS - ok
16:21:48.0283 0x1e90  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
16:21:48.0288 0x1e90  CmBatt - ok
16:21:48.0297 0x1e90  [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG            C:\Windows\system32\Drivers\cng.sys
16:21:48.0310 0x1e90  CNG - ok
16:21:48.0314 0x1e90  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
16:21:48.0319 0x1e90  CompositeBus - ok
16:21:48.0321 0x1e90  COMSysApp - ok
16:21:48.0325 0x1e90  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\Windows\system32\drivers\condrv.sys
16:21:48.0331 0x1e90  condrv - ok
16:21:48.0337 0x1e90  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:21:48.0343 0x1e90  CryptSvc - ok
16:21:48.0361 0x1e90  [ 9DBC32A45CFA67074432D2AF6C2832B6, B3B26302961A95EDFD4F994D56B1E5A8452266E0C2161D15C1213BBE376227A2 ] CSC            C:\Windows\system32\drivers\csc.sys
16:21:48.0373 0x1e90  CSC - ok
16:21:48.0392 0x1e90  [ 86079FF8A3B625ABAEB68841D2BF6FE6, 49FF4D458DF8FAB4ECA8CAD9BBF88C929C8B9AB7F063938A6A332B31F2C0F8EB ] CscService      C:\Windows\System32\cscsvc.dll
16:21:48.0406 0x1e90  CscService - ok
16:21:48.0415 0x1e90  [ 51D43B57EA8EFFE5CB1E27E01C100A2F, 68995F291422F2C5A2C9C4C673272754E3AC49ED53D6197675EB9E19028163C5 ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
16:21:48.0423 0x1e90  CTAudSvcService - detected UnsignedFile.Multi.Generic ( 1 )
16:21:50.0975 0x1e90  Detect skipped due to KSN trusted
16:21:50.0975 0x1e90  CTAudSvcService - ok
16:21:51.0005 0x1e90  [ A2D4288A7412D0D6AEA3490FB7D26BC8, 6FF5AAABA159E93E01FE6F5861D07C040DD4808597B85107E426F013DFAFE5AC ] cthda          C:\Windows\system32\drivers\cthda.sys
16:21:51.0035 0x1e90  cthda - ok
16:21:51.0047 0x1e90  [ 39DFCFD2C32A7A4F5E3F9C77389F3BE1, 81C06CA42A8E1D495017019E41DE1A5B1DEA450D41BDDFB131EA33E11B60337B ] CtHdaSvc        C:\Windows\sysWow64\CtHdaSvc.exe
16:21:51.0056 0x1e90  CtHdaSvc - ok
16:21:51.0058 0x1e90  [ 823702E03DBBADD5488992122EC86D7C, 8EFB9E871EEAD1A2CAE945356C8EC90B52845772BFAC02ACAFA0F8E5CEBB9C40 ] cthdb          C:\Windows\system32\DRIVERS\cthdb.sys
16:21:51.0062 0x1e90  cthdb - ok
16:21:51.0068 0x1e90  [ 35D1B1D879926DA06B740547428A45B7, 467915863EAFF1F5C8BFFB3C3FAF6CAAC8E621EFBF399B796F420C7443B3B022 ] ctxusbm        C:\Windows\system32\DRIVERS\ctxusbm.sys
16:21:51.0074 0x1e90  ctxusbm - ok
16:21:51.0077 0x1e90  [ 389C998C64319CD97625B0550E52ECFA, DD0EDDD9C8412F78D2D2B648D67DA887C3040E05DF29F48F71299CB68FDDD0F8 ] dam            C:\Windows\system32\drivers\dam.sys
16:21:51.0082 0x1e90  dam - ok
16:21:51.0084 0x1e90  dbupdate - ok
16:21:51.0084 0x1e90  dbupdatem - ok
16:21:51.0105 0x1e90  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:21:51.0121 0x1e90  DcomLaunch - ok
16:21:51.0130 0x1e90  [ EDB72F4A46C39452D1A5414F7D26454A, 0B2F863F4119DC88A22CC97C0A136C88A0127CB026751303B045F7322A8972F6 ] dcrypt          C:\Windows\system32\drivers\dcrypt.sys
16:21:51.0139 0x1e90  dcrypt - ok
16:21:51.0153 0x1e90  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc      C:\Windows\System32\defragsvc.dll
16:21:51.0164 0x1e90  defragsvc - ok
16:21:51.0180 0x1e90  [ 8C65D844F8B4484A71E220F13A48A3E5, BB09E997839984562CA2E96826578B712DD05EC9C18106AA00B8DB084BF78EE7 ] Desura Install Service C:\Program Files (x86)\Common Files\Desura\desura_service.exe
16:21:51.0200 0x1e90  Desura Install Service - ok
16:21:51.0213 0x1e90  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\Windows\system32\das.dll
16:21:51.0222 0x1e90  DeviceAssociationService - ok
16:21:51.0230 0x1e90  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall  C:\Windows\system32\umpnpmgr.dll
16:21:51.0236 0x1e90  DeviceInstall - ok
16:21:51.0242 0x1e90  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
16:21:51.0248 0x1e90  Dfsc - ok
16:21:51.0252 0x1e90  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
16:21:51.0256 0x1e90  dg_ssudbus - ok
16:21:51.0268 0x1e90  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:21:51.0278 0x1e90  Dhcp - ok
16:21:51.0299 0x1e90  [ 21EDAD8188372C912B7BB9B1C6CB0D38, 4A102745DE8A2A82D2C069B30503BF9FF2312A035A82854F84EF9C27E3533CEE ] DiagTrack      C:\Windows\system32\diagtrack.dll
16:21:51.0324 0x1e90  DiagTrack - ok
16:21:51.0358 0x1e90  [ 2A312D761AE650B1BF1296733E872AAC, A05BB3B3BF2DA68599E593BB4367774A74141DE327092C77BCDA3C0F36C8D6AD ] DirMngr        m:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
16:21:51.0364 0x1e90  DirMngr - detected UnsignedFile.Multi.Generic ( 1 )
16:21:54.0803 0x1e90  Detect skipped due to KSN trusted
16:21:54.0803 0x1e90  DirMngr - ok
16:21:54.0811 0x1e90  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\Windows\system32\drivers\disk.sys
16:21:54.0817 0x1e90  disk - ok
16:21:54.0820 0x1e90  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc          C:\Windows\System32\drivers\dmvsc.sys
16:21:54.0825 0x1e90  dmvsc - ok
16:21:54.0830 0x1e90  [ E9AE4FAE83FB38A2962F9032B24CEB3C, CC7D2D8C97CB779791613D76D6E4AF5D628C948C28BAC584C3C7F6A5A6036FBA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:21:54.0838 0x1e90  Dnscache - ok
16:21:54.0846 0x1e90  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc        C:\Windows\System32\dot3svc.dll
16:21:54.0854 0x1e90  dot3svc - ok
16:21:54.0862 0x1e90  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS            C:\Windows\system32\dps.dll
16:21:54.0869 0x1e90  DPS - ok
16:21:54.0872 0x1e90  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
16:21:54.0876 0x1e90  drmkaud - ok
16:21:54.0884 0x1e90  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
16:21:54.0892 0x1e90  DsmSvc - ok
16:21:54.0897 0x1e90  [ FD2C67871FE7BCD81622857B2BDA5CB8, E5A4F712DEA37C203F154997821F38942B9AED06D2990A905C34FAD68DC76B26 ] dvblink_tuner  C:\Windows\system32\drivers\dvblink_tuner.sys
16:21:54.0904 0x1e90  dvblink_tuner - ok
16:21:54.0945 0x1e90  [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
16:21:54.0970 0x1e90  DXGKrnl - ok
16:21:54.0973 0x1e90  EagleX64 - ok
16:21:54.0977 0x1e90  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost        C:\Windows\System32\eapsvc.dll
16:21:54.0983 0x1e90  Eaphost - ok
16:21:55.0050 0x1e90  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv          C:\Windows\system32\drivers\evbda.sys
16:21:55.0137 0x1e90  ebdrv - ok
16:21:55.0143 0x1e90  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS            C:\Windows\System32\lsass.exe
16:21:55.0151 0x1e90  EFS - ok
16:21:55.0157 0x1e90  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass    C:\Windows\system32\drivers\EhStorClass.sys
16:21:55.0162 0x1e90  EhStorClass - ok
16:21:55.0168 0x1e90  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
16:21:55.0174 0x1e90  EhStorTcgDrv - ok
16:21:55.0177 0x1e90  [ BDD265EEB37DF5953A547FE412E2472F, 17EB4FD54D62207937F8CA7454837DBF1EEC867AEDAF201FC2E839A3ED357F4F ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
16:21:55.0181 0x1e90  ElbyCDIO - ok
16:21:55.0183 0x1e90  [ 12B914E8AF6DC6948C54A1FC2C6F4581, CA7EB8CBD374900DB051C6C8A1E3BAC4B35BB56CCD654E86374C96B93F6BA45D ] EMET_Service    C:\Program Files (x86)\EMET 5.2\EMET_Service.exe
16:21:55.0188 0x1e90  EMET_Service - ok
16:21:55.0190 0x1e90  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\Windows\System32\drivers\errdev.sys
16:21:55.0195 0x1e90  ErrDev - ok
16:21:55.0212 0x1e90  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem    C:\Windows\system32\es.dll
16:21:55.0224 0x1e90  EventSystem - ok
16:21:55.0234 0x1e90  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat          C:\Windows\system32\drivers\exfat.sys
16:21:55.0244 0x1e90  exfat - ok
16:21:55.0255 0x1e90  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
16:21:55.0262 0x1e90  fastfat - ok
16:21:55.0279 0x1e90  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax            C:\Windows\system32\fxssvc.exe
16:21:55.0292 0x1e90  Fax - ok
16:21:55.0295 0x1e90  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc            C:\Windows\System32\drivers\fdc.sys
16:21:55.0300 0x1e90  fdc - ok
16:21:55.0303 0x1e90  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost        C:\Windows\system32\fdPHost.dll
16:21:55.0309 0x1e90  fdPHost - ok
16:21:55.0312 0x1e90  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:21:55.0318 0x1e90  FDResPub - ok
16:21:55.0323 0x1e90  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc          C:\Windows\system32\fhsvc.dll
16:21:55.0330 0x1e90  fhsvc - ok
16:21:55.0334 0x1e90  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:21:55.0339 0x1e90  FileInfo - ok
16:21:55.0342 0x1e90  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
16:21:55.0350 0x1e90  Filetrace - ok
16:21:55.0437 0x1e90  [ 78CD0E0DE02981654B8B60F95D791298, 234B0228D712949EA09701C0319FD260203F091B9A9EAA4160F6F58C47BA4A7E ] FileZilla Server m:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
16:21:55.0451 0x1e90  FileZilla Server - ok
16:21:55.0457 0x1e90  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
16:21:55.0462 0x1e90  flpydisk - ok
16:21:55.0472 0x1e90  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:21:55.0481 0x1e90  FltMgr - ok
16:21:55.0501 0x1e90  [ 1E93CBB75D167CDF85501A8C790097A8, C9E5DD090C94E7855939CE1F416460DB408EFF897C2CD52E0D52A734D8ED18B7 ] FontCache      C:\Windows\system32\FntCache.dll
16:21:55.0523 0x1e90  FontCache - ok
16:21:55.0527 0x1e90  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:21:55.0531 0x1e90  FontCache3.0.0.0 - ok
16:21:55.0535 0x1e90  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
16:21:55.0539 0x1e90  FsDepends - ok
16:21:55.0542 0x1e90  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:21:55.0546 0x1e90  Fs_Rec - ok
16:21:55.0561 0x1e90  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:21:55.0573 0x1e90  fvevol - ok
16:21:55.0576 0x1e90  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM          C:\Windows\System32\drivers\fxppm.sys
16:21:55.0581 0x1e90  FxPPM - ok
16:21:55.0585 0x1e90  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:21:55.0592 0x1e90  gagp30kx - ok
16:21:55.0603 0x1e90  [ 898F20847EFAFA91EB8936D39A9B6F7D, 6BE43ADC7094016B555623F474D70E091751628C0A19A9C2D6C706B0487795D7 ] Garmin Device Interaction Service C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
16:21:55.0617 0x1e90  Garmin Device Interaction Service - ok
16:21:55.0621 0x1e90  [ 3F6F2BEF3880C4CC9A381EE227DA0BBD, 26E7BD7DB254125904911B1E751710C645C770AAB089442678D7ACFC2CDEDB0E ] GDKBBlocker    C:\Windows\system32\drivers\GDKBBlocker64.sys
16:21:55.0626 0x1e90  GDKBBlocker - ok
16:21:55.0629 0x1e90  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
16:21:55.0634 0x1e90  gencounter - ok
16:21:56.0185 0x1e90  [ 75E7CCDA9A215B77100500DB56286F87, F6218D556333D5B0C55DD6E23322D61C3749A7621638FFD0AFF3992569C24494 ] GlassWire      M:\Program Files (x86)\GlassWire\GWCtlSrv.exe
16:21:56.0416 0x1e90  GlassWire - ok
16:21:56.0428 0x1e90  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101    C:\Windows\system32\Drivers\msgpioclx.sys
16:21:56.0434 0x1e90  GPIOClx0101 - ok
16:21:56.0471 0x1e90  [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc          C:\Windows\System32\gpsvc.dll
16:21:56.0493 0x1e90  gpsvc - ok
16:21:56.0496 0x1e90  GPUZ - ok
16:21:56.0498 0x1e90  [ 77621A3DF170D246DC744CD0767BFAB3, 08BA4984D8B19337A34E4A2BBCE4AD681FDE09D02A6C421A16F5A717AA12CD84 ] gwdrv          C:\Windows\system32\DRIVERS\gwdrv.sys
16:21:56.0502 0x1e90  gwdrv - ok
16:21:56.0511 0x1e90  [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:21:56.0521 0x1e90  HdAudAddService - ok
16:21:56.0525 0x1e90  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
16:21:56.0530 0x1e90  HDAudBus - ok
16:21:56.0532 0x1e90  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt        C:\Windows\System32\drivers\HidBatt.sys
16:21:56.0537 0x1e90  HidBatt - ok
16:21:56.0540 0x1e90  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\Windows\System32\drivers\hidbth.sys
16:21:56.0546 0x1e90  HidBth - ok
16:21:56.0549 0x1e90  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
16:21:56.0554 0x1e90  hidi2c - ok
16:21:56.0558 0x1e90  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr          C:\Windows\System32\drivers\hidir.sys
16:21:56.0565 0x1e90  HidIr - ok
16:21:56.0568 0x1e90  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv        C:\Windows\system32\hidserv.dll
16:21:56.0573 0x1e90  hidserv - ok
16:21:56.0575 0x1e90  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
16:21:56.0580 0x1e90  HidUsb - ok
16:21:56.0584 0x1e90  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:21:56.0591 0x1e90  hkmsvc - ok
16:21:56.0598 0x1e90  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:21:56.0606 0x1e90  HomeGroupListener - ok
16:21:56.0618 0x1e90  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:21:56.0628 0x1e90  HomeGroupProvider - ok
16:21:56.0634 0x1e90  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:21:56.0640 0x1e90  HpSAMD - ok
16:21:56.0642 0x1e90  [ F47CEC45FB85791D4AB237563AD0FA8F, 1035066D48BD179855BCA7F62EFA1B951E6E839D2E29E15A31844E18A126DD41 ] HTCAND64        C:\Windows\System32\Drivers\ANDROIDUSB.sys
16:21:56.0650 0x1e90  HTCAND64 - ok
16:21:56.0654 0x1e90  [ B8B1B284362E1D8135112573395D5DA5, 97BC6A7B2DCD7CC854B912A85BB2FCF199592E8E16A7C405EAF89B02D5DE4AEE ] htcnprot        C:\Windows\system32\DRIVERS\htcnprot.sys
16:21:56.0657 0x1e90  htcnprot - ok
16:21:56.0671 0x1e90  [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:21:56.0690 0x1e90  HTTP - ok
16:21:56.0693 0x1e90  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:21:56.0697 0x1e90  hwpolicy - ok
16:21:56.0699 0x1e90  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
16:21:56.0703 0x1e90  hyperkbd - ok
16:21:56.0706 0x1e90  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
16:21:56.0711 0x1e90  HyperVideo - ok
16:21:56.0716 0x1e90  [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
16:21:56.0722 0x1e90  i8042prt - ok
16:21:56.0724 0x1e90  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
16:21:56.0727 0x1e90  iaLPSSi_GPIO - ok
16:21:56.0733 0x1e90  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C    C:\Windows\System32\drivers\iaLPSSi_I2C.sys
16:21:56.0740 0x1e90  iaLPSSi_I2C - ok
16:21:56.0761 0x1e90  [ 9EBE1AE8B3DA91D06BE1971EB37F7DA0, 55B0E66139C966AF0D4955B44363123198C559968C864DA85F6610CF1C844E8D ] iaStorA        C:\Windows\system32\drivers\iaStorA.sys
16:21:56.0772 0x1e90  iaStorA - ok
16:21:56.0792 0x1e90  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\Windows\system32\drivers\iaStorAV.sys
16:21:56.0814 0x1e90  iaStorAV - ok
16:21:56.0819 0x1e90  [ D524B034148F14C60F1CA66D267EE56A, 18045270C5CA718501285EE05EDED8B0EF998A881ACF19D9602F91A2A30E40AB ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:21:56.0822 0x1e90  IAStorDataMgrSvc - ok
16:21:56.0838 0x1e90  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
16:21:56.0858 0x1e90  iaStorV - ok
16:21:56.0863 0x1e90  [ D9A9FFC89F61CAD4AD9EF31FBB17E634, F81184889B30DA8947F22A9C9ED5C542295ED70F0A1C27D1C91BAC21F4BCD987 ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
16:21:56.0870 0x1e90  ICCS - ok
16:21:56.0871 0x1e90  IEEtwCollectorService - ok
16:21:56.0946 0x1e90  iked - ok
16:21:56.0962 0x1e90  [ 1EF41003FADB93DC4170803D70C63A9E, D2B6D51ECE5820EE071176331C6FE5B825255FDD83F1F3136D549648101EC1F3 ] IKEEXT          C:\Windows\System32\ikeext.dll
16:21:56.0981 0x1e90  IKEEXT - ok
16:21:57.0134 0x1e90  [ CC2521C1BE66E922196431B77F765178, 07106F575F715F761E01D3788053CBA6E53DD8390CE79BD4F6FC2BCDDC34C982 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:21:57.0295 0x1e90  IntcAzAudAddService - ok
16:21:57.0312 0x1e90  [ 9A6DEB5DDF7E29728F6FEA5092AFA3F2, 21C47A0490EBA302657EF30C560E4AF83777685FFE126DCCAC310163C47401D1 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
16:21:57.0329 0x1e90  Intel(R) Capability Licensing Service TCP IP Interface - ok
16:21:57.0332 0x1e90  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:21:57.0336 0x1e90  intelide - ok
16:21:57.0340 0x1e90  [ 7AA01AB1C110916825E6E1389F1B9AF2, E2885955AFA0908E194B1BC364C9582249B2B2AFFF93F17F3414F55B1E5F2C42 ] intelpep        C:\Windows\system32\drivers\intelpep.sys
16:21:57.0344 0x1e90  intelpep - ok
16:21:57.0350 0x1e90  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
16:21:57.0356 0x1e90  intelppm - ok
16:21:57.0362 0x1e90  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:21:57.0369 0x1e90  IpFilterDriver - ok
16:21:57.0395 0x1e90  [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:21:57.0412 0x1e90  iphlpsvc - ok
16:21:57.0416 0x1e90  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV        C:\Windows\System32\drivers\IPMIDrv.sys
16:21:57.0422 0x1e90  IPMIDRV - ok
16:21:57.0429 0x1e90  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
16:21:57.0435 0x1e90  IPNAT - ok
16:21:57.0436 0x1e90  ipsecd - ok
16:21:57.0439 0x1e90  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:21:57.0445 0x1e90  IRENUM - ok
16:21:57.0447 0x1e90  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:21:57.0452 0x1e90  isapnp - ok
16:21:57.0461 0x1e90  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
16:21:57.0469 0x1e90  iScsiPrt - ok
16:21:57.0472 0x1e90  [ 1ECC1A421B0AEBF9A6934451FBFD7848, 1A8DDEC42831C12760CF27FA02EDD06D5CCE25A606E2DECB7D8487B5961B11AC ] ISCT            C:\Windows\System32\drivers\ISCTD64.sys
16:21:57.0476 0x1e90  ISCT - ok
16:21:57.0481 0x1e90  [ EC62720A72C1ACD6AB638C0D7D10F431, CB1DC7A7E2247C11D4F40041F889786CD20E0C5CF6EEDFC320F8E9646E974C07 ] iumsvc          C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
16:21:57.0486 0x1e90  iumsvc - ok
16:21:57.0491 0x1e90  [ CA295D3E5032DDF8A3CBD1A256E646FA, 03879D331AE446FCF25D0193805A5E0C17764439B5B8FE1D684DDB96B1A358C9 ] jhi_service    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
16:21:57.0497 0x1e90  jhi_service - ok
16:21:57.0500 0x1e90  [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
16:21:57.0505 0x1e90  kbdclass - ok
16:21:57.0508 0x1e90  [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
16:21:57.0513 0x1e90  kbdhid - ok
16:21:57.0516 0x1e90  [ DB7A09BC90DF20F44F16F8B0F9ED3491, 2DF5E042284D61368A5801B2557351B2C4B1044AA6F966DF4DDCE7B453D1B9AE ] kbldfltr        C:\Windows\system32\drivers\kbldfltr.sys
16:21:57.0520 0x1e90  kbldfltr - ok
16:21:57.0522 0x1e90  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic          C:\Windows\system32\DRIVERS\kdnic.sys
16:21:57.0526 0x1e90  kdnic - ok
16:21:57.0529 0x1e90  [ A23E2A41E729E7752347670BFED12A54, 8E349AE4B7193B8422F1BA6BA516DF2B2451D23DDD20CA11CE43204EE0DBBCBA ] Ke2200          C:\Windows\system32\DRIVERS\e22w8x64.sys
16:21:57.0534 0x1e90  Ke2200 - ok
16:21:57.0537 0x1e90  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\Windows\system32\lsass.exe
16:21:57.0542 0x1e90  KeyIso - ok
16:21:57.0548 0x1e90  [ A6A4F8CFE0796A691789F02423F1281B, B0BF411A627F890D1B6E11D5CD4A75E2A5655FBCDF8AEA639A17F310AE679737 ] Killer Service V2 C:\Program Files\Killer Networking\Network Manager\KillerService.exe
16:21:57.0555 0x1e90  Killer Service V2 - detected UnsignedFile.Multi.Generic ( 1 )
16:21:59.0896 0x1e90  Killer Service V2 ( UnsignedFile.Multi.Generic ) - warning
16:22:02.0449 0x1e90  [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:22:02.0454 0x1e90  KSecDD - ok
16:22:02.0459 0x1e90  [ 46711F40D0F9E63F786ED23F9BD5215E, 1FBC5101D843E5B43184C98B3D9AF3015C9409EEA6C7BB01B143FD08D4946FC0 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
16:22:02.0466 0x1e90  KSecPkg - ok
16:22:02.0469 0x1e90  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
16:22:02.0473 0x1e90  ksthunk - ok
16:22:02.0484 0x1e90  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm          C:\Windows\system32\msdtckrm.dll
16:22:02.0493 0x1e90  KtmRm - ok
16:22:02.0504 0x1e90  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:22:02.0513 0x1e90  LanmanServer - ok
16:22:02.0523 0x1e90  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:22:02.0533 0x1e90  LanmanWorkstation - ok
16:22:02.0543 0x1e90  [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc          C:\Windows\System32\GeofenceMonitorService.dll
16:22:02.0554 0x1e90  lfsvc - ok
16:22:02.0557 0x1e90  [ 17325C9B9ADB2BB99049936D0C9812C8, 70ADDC85FD5757BC9C4B97F382B25A19851FF8275021FFC04A81E208A604F83E ] LGBusEnum      C:\Windows\system32\drivers\LGBusEnum.sys
16:22:02.0562 0x1e90  LGBusEnum - ok
16:22:02.0565 0x1e90  [ 2D7F1C02B94D6F0F3E10107E5EA8E141, 93B266F38C3C3EAAB475D81597ABBD7CC07943035068BB6FD670DBBE15DE0131 ] LGCoreTemp      C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys
16:22:02.0568 0x1e90  LGCoreTemp - ok
16:22:02.0571 0x1e90  [ C7AF05942E041D4B1F345ACF79993BB3, E8FAAE356C99A11F6CF17640FD9C67F87AFBFEFB70C458CB85178F2AD94DF848 ] LGJoyXlCore    C:\Windows\system32\drivers\LGJoyXlCore.sys
16:22:02.0578 0x1e90  LGJoyXlCore - ok
16:22:02.0582 0x1e90  [ 94AF1384A67B9FCF5651E70BC9D4C526, 9C025F7BBB5BBE9DAF3DEF2F6385CE77C8F413912C4D16930814F6D19B62B367 ] LGSHidFilt      C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
16:22:02.0587 0x1e90  LGSHidFilt - ok
16:22:02.0590 0x1e90  [ 1DDB8DE3D6EEF31EDCF4977B2D2FAACC, 24291B522A596E2D9A1CDAC192DB1C7422D5DD0E87E5C8A5F5E2CAA90296BF23 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
16:22:02.0595 0x1e90  LGVirHid - ok
16:22:02.0600 0x1e90  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:22:02.0607 0x1e90  lltdio - ok
16:22:02.0618 0x1e90  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc        C:\Windows\System32\lltdsvc.dll
16:22:02.0627 0x1e90  lltdsvc - ok
16:22:02.0630 0x1e90  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts        C:\Windows\System32\lmhsvc.dll
16:22:02.0635 0x1e90  lmhosts - ok
16:22:02.0642 0x1e90  [ ED5C8B920F2ACF11A26586B2FA66BF3D, D6F014F0CCAB7EDA38A8CC58F439D2A8CD89195AE84F82E25475CE11CB3883C9 ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:22:02.0653 0x1e90  LMS - ok
16:22:02.0658 0x1e90  [ 7E74CE69AEF2F66F037E9000AF1209FB, AF5407AB507EB5F01167D4EFA0B235510F26287159C4594FB3B9CB2D086BDD6E ] LogiRegistryService C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
16:22:02.0664 0x1e90  LogiRegistryService - ok
16:22:02.0671 0x1e90  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
16:22:02.0680 0x1e90  LSI_SAS - ok
16:22:02.0685 0x1e90  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
16:22:02.0693 0x1e90  LSI_SAS2 - ok
16:22:02.0697 0x1e90  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\Windows\system32\drivers\lsi_sas3.sys
16:22:02.0705 0x1e90  LSI_SAS3 - ok
16:22:02.0711 0x1e90  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS        C:\Windows\system32\drivers\lsi_sss.sys
16:22:02.0720 0x1e90  LSI_SSS - ok
16:22:02.0731 0x1e90  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM            C:\Windows\System32\lsm.dll
16:22:02.0745 0x1e90  LSM - ok
16:22:02.0752 0x1e90  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv          C:\Windows\system32\drivers\luafv.sys
16:22:02.0758 0x1e90  luafv - ok
16:22:02.0761 0x1e90  [ A8D28D5B3E2A528D1EF0E338E44F2820, 40D1EFDD253BC0A0D984A5AD8A2721C3E83B15F14D538204714E6D5B00D92CEB ] MBAMProtector  C:\Windows\system32\drivers\mbam.sys
16:22:02.0764 0x1e90  MBAMProtector - ok
16:22:02.0882 0x1e90  [ 83C982A395D00BAFF6515FB38424EA76, 0E1B66F84A483D47550347D4A9426B95A066DB5104C4284F606A16768A11DB0C ] MBAMService    m:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
16:22:02.0902 0x1e90  MBAMService - ok
16:22:02.0907 0x1e90  [ 85CFE7AB85B43B6B7AC7961AA3983A9F, 4E88B75818FD00C0ABBDF8E02EBFB550A67B46E5E13D3B3DF52611793F7DA0DD ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
16:22:02.0911 0x1e90  MBAMWebAccessControl - ok
16:22:02.0913 0x1e90  [ 8FF2D95CBA49B405C5DE27039FF0BF35, 03BF7FC7F1C2C76EDB583BA342EA1C325DB8058517744EF2A78529D3938F4DC1 ] MBfilt          C:\Windows\system32\drivers\MBfilt64.sys
16:22:02.0917 0x1e90  MBfilt - ok
16:22:02.0921 0x1e90  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas        C:\Windows\system32\drivers\megasas.sys
16:22:02.0928 0x1e90  megasas - ok
16:22:02.0949 0x1e90  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\Windows\system32\drivers\megasr.sys
16:22:02.0977 0x1e90  megasr - ok
16:22:02.0981 0x1e90  [ 1BC9159CF58BABD89419072EA180A8F6, 6C9AB779C2355A341800A8F93AAAF9B19FAFF444CD6A7BD27C63D53F379A75EF ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
16:22:02.0986 0x1e90  MEIx64 - ok
16:22:02.0990 0x1e90  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS          C:\Windows\system32\mmcss.dll
16:22:02.0997 0x1e90  MMCSS - ok
16:22:03.0000 0x1e90  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem          C:\Windows\system32\drivers\modem.sys
16:22:03.0007 0x1e90  Modem - ok
16:22:03.0009 0x1e90  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor        C:\Windows\System32\drivers\monitor.sys
16:22:03.0016 0x1e90  monitor - ok
16:22:03.0019 0x1e90  [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
16:22:03.0024 0x1e90  mouclass - ok
16:22:03.0028 0x1e90  [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid          C:\Windows\System32\drivers\mouhid.sys
16:22:03.0032 0x1e90  mouhid - ok
16:22:03.0036 0x1e90  [ 9A788037D768809DFD677F4BA08A224A, E0686B3318F924E440ADA439D6671D44D3FF97C13D45C2E0A3A7B9E23DA38350 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:22:03.0041 0x1e90  mountmgr - ok
16:22:03.0088 0x1e90  MPlayerWWService - ok
16:22:03.0092 0x1e90  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:22:03.0097 0x1e90  mpsdrv - ok
16:22:03.0115 0x1e90  [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:22:03.0132 0x1e90  MpsSvc - ok
16:22:03.0136 0x1e90  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:22:03.0142 0x1e90  MRxDAV - ok
16:22:03.0150 0x1e90  [ 6FBDF2B1B025A8E6E069234362FFFFB7, CF1AFC088F59AD61037F4C4650F3BAEE7FE37C40B3A27B903475F005410F8155 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:22:03.0159 0x1e90  mrxsmb - ok
16:22:03.0165 0x1e90  [ BCBD64220AD85C26823453FF1DC3EFBD, 0245E3659E9135B9276F3CCFBEA0CEFFC4F4C0826F6D19B6329057620235F087 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:22:03.0173 0x1e90  mrxsmb10 - ok
16:22:03.0178 0x1e90  [ 57C2473D501331211D6885FD59F3E44B, 10253703DB32A32291C61B6962A79E374B5DF7DD14A6B6AFD08A99EF26206619 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:22:03.0185 0x1e90  mrxsmb20 - ok
16:22:03.0190 0x1e90  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
16:22:03.0196 0x1e90  MsBridge - ok
16:22:03.0202 0x1e90  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC          C:\Windows\System32\msdtc.exe
16:22:03.0208 0x1e90  MSDTC - ok
16:22:03.0211 0x1e90  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:22:03.0217 0x1e90  Msfs - ok
16:22:03.0220 0x1e90  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32    C:\Windows\System32\drivers\msgpiowin32.sys
16:22:03.0224 0x1e90  msgpiowin32 - ok
16:22:03.0226 0x1e90  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
16:22:03.0231 0x1e90  mshidkmdf - ok
16:22:03.0234 0x1e90  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf      C:\Windows\System32\drivers\mshidumdf.sys
16:22:03.0239 0x1e90  mshidumdf - ok
16:22:03.0267 0x1e90  [ 390EA2F54CBEC1AB7BAA51F3294E37A8, BF996E3205D600D88485B9074D23EBF7456EE64007C664C9238D2BFACBB6D4C7 ] MSIBIOSData_CC  C:\Program Files (x86)\MSI\Command Center\BIOSData\MSIBIOSDataService.exe
16:22:03.0301 0x1e90  MSIBIOSData_CC - ok
16:22:03.0352 0x1e90  [ 7B8D56ADE37DB6A66E2DC8E104B5C7D0, E00A42ECF9D24F2CC341DF2AC1974355925731BDCD6E971785EBA9DEC90F1AAB ] MSIClock_CC    C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe
16:22:03.0424 0x1e90  MSIClock_CC - ok
16:22:03.0455 0x1e90  [ 928F8C7A0ADE7E41B4A05A2672FCBFAF, DE29C92B8BAE43EEFB793160BCA7C51889B7ADAC72EF4D4C1570252B8C24DCD7 ] MSICOMM_CC      C:\Program Files (x86)\MSI\Command Center\MSICommService.exe
16:22:03.0495 0x1e90  MSICOMM_CC - ok
16:22:03.0547 0x1e90  [ AFF08249D96D797BF1298EE074D4A1B3, 471FA817A3FB1F5C9D4E54C7AB5FA7C49C051EBAB94C3961F0C2ADFFDE1DDA55 ] MSICPU_CC      C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe
16:22:03.0611 0x1e90  MSICPU_CC - ok
16:22:03.0642 0x1e90  [ 9100DE93D89D3E57A9F585A79C1B70CC, 378FCBAD9ADBE0C268FBDCB68B2FA0265F6A6C200E129A952A58C696AA312EA3 ] MSICTL_CC      C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
16:22:03.0675 0x1e90  MSICTL_CC - ok
16:22:03.0710 0x1e90  [ D7865975915164D09A6D5409D601E174, 36D0067DDE4395A31013929F8F3DBB7F16AD9638F4AB2D12FAA9017BC63265A9 ] MSIDDR_CC      C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe
16:22:03.0746 0x1e90  MSIDDR_CC - ok
16:22:03.0751 0x1e90  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:22:03.0755 0x1e90  msisadrv - ok
16:22:03.0761 0x1e90  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
16:22:03.0767 0x1e90  MSiSCSI - ok
16:22:03.0769 0x1e90  msiserver - ok
16:22:03.0796 0x1e90  [ E83766864194277B13037D80D3A92CC2, D93C793D49CE6B824885D64E80AC91AABFBFBA0AD990BA2950C925948B456DC6 ] MSISMB_CC      C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe
16:22:03.0830 0x1e90  MSISMB_CC - ok
16:22:03.0840 0x1e90  [ E87777FD1ACA88A77E3330FA50B9A3EF, D8BB8F6F3AD7A73380A9134E696F44E0DB786F0708232E5F7C5397028E724622 ] MSISuperIO_CC  C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe
16:22:03.0851 0x1e90  MSISuperIO_CC - ok
16:22:03.0882 0x1e90  [ D784D62BFE153792F341F6C37842D3E0, CF7963BD01A35D1DAE070C96C13B8D35ECCD2389B1035789B14D625EE4BB274A ] MSI_ECOSERVICE  C:\Program Files (x86)\MSI\ECO Center\ECO_Service.exe
16:22:03.0918 0x1e90  MSI_ECOSERVICE - ok
16:22:03.0941 0x1e90  [ 591591EFF4B05FEC751148BA1FF8B595, 49516EAF3132DD8DB1D0C531E8106BCB585C64A3442A4C6660BE0135C0DC33EC ] MSI_LiveUpdate_Service C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
16:22:03.0970 0x1e90  MSI_LiveUpdate_Service - ok
16:22:03.0975 0x1e90  [ 4C1A0E9B4C6CC09E8C68FD33998013AA, 190ADFCCAE844DB9F807BD9668EB90BE0C9887719DF2820E66D121655AF27614 ] MsKeyboardFilter C:\Windows\System32\KeyboardFilterSvc.dll
16:22:03.0981 0x1e90  MsKeyboardFilter - ok
16:22:03.0983 0x1e90  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
16:22:03.0989 0x1e90  MSKSSRV - ok
16:22:03.0992 0x1e90  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
16:22:03.0998 0x1e90  MsLldp - ok
16:22:04.0000 0x1e90  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:22:04.0004 0x1e90  MSPCLOCK - ok
16:22:04.0006 0x1e90  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
16:22:04.0011 0x1e90  MSPQM - ok
16:22:04.0030 0x1e90  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
16:22:04.0039 0x1e90  MsRPC - ok
16:22:04.0042 0x1e90  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
16:22:04.0047 0x1e90  mssmbios - ok
16:22:04.0049 0x1e90  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
16:22:04.0054 0x1e90  MSTEE - ok
16:22:04.0056 0x1e90  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
16:22:04.0061 0x1e90  MTConfig - ok
16:22:04.0067 0x1e90  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup            C:\Windows\system32\Drivers\mup.sys
16:22:04.0072 0x1e90  Mup - ok
16:22:04.0076 0x1e90  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
16:22:04.0082 0x1e90  mvumis - ok
16:22:04.0095 0x1e90  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\Windows\system32\qagentRT.dll
16:22:04.0106 0x1e90  napagent - ok
16:22:04.0118 0x1e90  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
16:22:04.0130 0x1e90  NativeWifiP - ok
16:22:04.0137 0x1e90  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\Windows\System32\ncasvc.dll
16:22:04.0144 0x1e90  NcaSvc - ok
16:22:04.0150 0x1e90  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\Windows\System32\ncbservice.dll
16:22:04.0157 0x1e90  NcbService - ok
16:22:04.0160 0x1e90  [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
16:22:04.0166 0x1e90  NcdAutoSetup - ok
16:22:04.0181 0x1e90  [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:22:04.0202 0x1e90  NDIS - ok
16:22:04.0206 0x1e90  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
16:22:04.0211 0x1e90  NdisCap - ok
16:22:04.0216 0x1e90  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
16:22:04.0222 0x1e90  NdisImPlatform - ok
16:22:04.0224 0x1e90  [ DC1D9F692C2AD84C214584C28501C1F7, 96FC0D1EC48FED963E02648541A2AAC8E72ED00D797EA8E3D0ED02F5EB4816C5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:22:04.0229 0x1e90  NdisTapi - ok
16:22:04.0232 0x1e90  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
16:22:04.0237 0x1e90  Ndisuio - ok
16:22:04.0239 0x1e90  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\Windows\System32\drivers\NdisVirtualBus.sys
16:22:04.0245 0x1e90  NdisVirtualBus - ok
16:22:04.0254 0x1e90  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
16:22:04.0262 0x1e90  NdisWan - ok
16:22:04.0270 0x1e90  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy  C:\Windows\system32\DRIVERS\ndiswan.sys
16:22:04.0281 0x1e90  NdisWanLegacy - ok

CptMw 28.09.2015 15:25
Code:
16:22:04.0284 0x1e90  [ B8F36CBC72FC5C8B8A30AD850165EA8E, 478454B1399700B745265A64EC9C797C66BD0141471200BCF222F5EB15B0F40C ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
16:22:04.0290 0x1e90  NDProxy - ok
16:22:04.0295 0x1e90  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu            C:\Windows\system32\drivers\Ndu.sys
16:22:04.0301 0x1e90  Ndu - ok
16:22:04.0304 0x1e90  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
16:22:04.0310 0x1e90  NetBIOS - ok
16:22:04.0322 0x1e90  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
16:22:04.0330 0x1e90  NetBT - ok
16:22:04.0333 0x1e90  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\Windows\system32\lsass.exe
16:22:04.0338 0x1e90  Netlogon - ok
16:22:04.0348 0x1e90  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\Windows\System32\netman.dll
16:22:04.0356 0x1e90  Netman - ok
16:22:04.0371 0x1e90  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\Windows\System32\netprofmsvc.dll
16:22:04.0382 0x1e90  netprofm - ok
16:22:04.0389 0x1e90  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:22:04.0395 0x1e90  NetTcpPortSharing - ok
16:22:04.0398 0x1e90  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\Windows\System32\drivers\netvsc63.sys
16:22:04.0404 0x1e90  netvsc - ok
16:22:04.0408 0x1e90  [ FCB80C81BB3C4B6EC9D900F82E2735A8, 176D3F5C28B6BF8CE91BB793AAE381BFAA763AFA221E9E7A02B75CB119A05749 ] NfsClnt        C:\Windows\system32\nfsclnt.exe
16:22:04.0413 0x1e90  NfsClnt - ok
16:22:04.0419 0x1e90  [ 46157CC6A87CA5A063535D70FE145AFA, EAF821C6BA1DCEB3ED00AF69CA8209BAE8401A08D8868BAAAA05A7C8E1F95C4E ] NfsRdr          C:\Windows\system32\drivers\nfsrdr.sys
16:22:04.0428 0x1e90  NfsRdr - ok
16:22:04.0435 0x1e90  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:22:04.0445 0x1e90  NlaSvc - ok
16:22:04.0447 0x1e90  [ DE7FCC77F4A503AF4CA6A47D49B3713D, 4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6 ] NPF            C:\Windows\system32\drivers\npf.sys
16:22:04.0451 0x1e90  NPF - ok
16:22:04.0455 0x1e90  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:22:04.0461 0x1e90  Npfs - ok
16:22:04.0463 0x1e90  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig      C:\Windows\System32\drivers\npsvctrig.sys
16:22:04.0468 0x1e90  npsvctrig - ok
16:22:04.0470 0x1e90  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi            C:\Windows\system32\nsisvc.dll
16:22:04.0476 0x1e90  nsi - ok
16:22:04.0479 0x1e90  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:22:04.0484 0x1e90  nsiproxy - ok
16:22:04.0529 0x1e90  [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:22:04.0561 0x1e90  Ntfs - ok
16:22:04.0565 0x1e90  [ 9638F265B1DDD5DA6ECDF5C0619DCBE6, 3D9E83B189FCF5C3541C62D1F54A0DA0A4E5B62C3243D2989AFC46644056C8E3 ] NTIOLib_ECO    C:\Program Files (x86)\MSI\ECO Center\NTIOLib_X64.sys
16:22:04.0568 0x1e90  NTIOLib_ECO - ok
16:22:04.0571 0x1e90  [ 6CCE5BB9C8C2A8293DF2D3B1897941A2, 9254F012009D55F555418FF85F7D93B184AB7CB0E37AECDFDAB62CFE94DEA96B ] NTIOLib_MSIDDR_CC C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys
16:22:04.0574 0x1e90  NTIOLib_MSIDDR_CC - ok
16:22:04.0576 0x1e90  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\Windows\system32\drivers\Null.sys
16:22:04.0581 0x1e90  Null - ok
16:22:04.0732 0x1e90  [ 9A94B3F0DA75AAB7A5D80535A5841D8C, 91D3797163FC855EA9C70EDFCD2AEE4B3883C4D1DBF4D16762DE9873BFEF1500 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:22:04.0902 0x1e90  nvlddmkm - ok
16:22:04.0921 0x1e90  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:22:04.0930 0x1e90  nvraid - ok
16:22:04.0935 0x1e90  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:22:04.0943 0x1e90  nvstor - ok
16:22:04.0959 0x1e90  [ 7B9B5B31CB5BF1C023F7A0EDC85B9EF0, 20A0F48907AD7ABA21D564D1C10EE49BC0B60BD37812666DD9B3EEF4CA3138AE ] nvsvc          C:\Windows\system32\nvvsvc.exe
16:22:04.0976 0x1e90  nvsvc - ok
16:22:04.0979 0x1e90  [ DBFE7B2DF103F74AE51840B3C5F25FE9, 436CAA417FD24BA870F117FA4BABA2AB694825795508BCFCC8C927CC2D5BBC5E ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
16:22:04.0983 0x1e90  nvvad_WaveExtensible - ok
16:22:04.0988 0x1e90  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:22:04.0996 0x1e90  nv_agp - ok
16:22:05.0079 0x1e90  [ 2874D22292C6348A30124051FDFB87CC, 0973CCDEB666A50C1AB142FAA3AC046C24896D954C68D6F6FD3CEE35FACB67C0 ] OODefragAgent  M:\Program Files\OO Software\Defrag\oodag.exe
16:22:05.0110 0x1e90  OODefragAgent - ok
16:22:05.0125 0x1e90  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:22:05.0134 0x1e90  p2pimsvc - ok
16:22:05.0145 0x1e90  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\Windows\system32\p2psvc.dll
16:22:05.0155 0x1e90  p2psvc - ok
16:22:05.0161 0x1e90  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport        C:\Windows\System32\drivers\parport.sys
16:22:05.0166 0x1e90  Parport - ok
16:22:05.0170 0x1e90  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
16:22:05.0175 0x1e90  partmgr - ok
16:22:05.0178 0x1e90  [ 446462BBA744DA60379574926FD51EAB, 4A79E8EF28670333F4733FA0016508DC88E9BDC566B455DA5EDEDC514612180A ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
16:22:05.0182 0x1e90  PassThru Service - detected UnsignedFile.Multi.Generic ( 1 )
16:22:07.0493 0x1e90  Detect skipped due to KSN trusted
16:22:07.0493 0x1e90  PassThru Service - ok
16:22:07.0565 0x1e90  [ D1F41F0CED2BDD82148D4E5269EE01B9, F15B470B5C0DD5983DE2CF00EC5F2BB7797F332C257447D9CF2BC6A00179134F ] pbfilter        M:\Program Files\PeerBlock\pbfilter.sys
16:22:07.0569 0x1e90  pbfilter - ok
16:22:07.0585 0x1e90  [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:22:07.0597 0x1e90  PcaSvc - ok
16:22:07.0607 0x1e90  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci            C:\Windows\system32\drivers\pci.sys
16:22:07.0615 0x1e90  pci - ok
16:22:07.0618 0x1e90  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\Windows\system32\drivers\pciide.sys
16:22:07.0623 0x1e90  pciide - ok
16:22:07.0628 0x1e90  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:22:07.0634 0x1e90  pcmcia - ok
16:22:07.0637 0x1e90  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw            C:\Windows\system32\drivers\pcw.sys
16:22:07.0642 0x1e90  pcw - ok
16:22:07.0645 0x1e90  [ ED54A75050211DC77F9B98C41E026858, F92FB59ADE88469EAA50E91D43165C68CC32FDE11595A0069FD43103A674FE44 ] pdc            C:\Windows\system32\drivers\pdc.sys
16:22:07.0651 0x1e90  pdc - ok
16:22:07.0673 0x1e90  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:22:07.0686 0x1e90  PEAUTH - ok
16:22:07.0748 0x1e90  [ A35EC8F902475350DA31BDF0E1402A91, 5AB43B4BD70B44A62FFD21A9D3CB8D1BC035B6E001DBB1BAC30D6D7A07475D83 ] PeerDistSvc    C:\Windows\system32\peerdistsvc.dll
16:22:07.0780 0x1e90  PeerDistSvc - ok
16:22:07.0792 0x1e90  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:22:07.0797 0x1e90  PerfHost - ok
16:22:07.0833 0x1e90  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla            C:\Windows\system32\pla.dll
16:22:07.0857 0x1e90  pla - ok
16:22:07.0864 0x1e90  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:22:07.0870 0x1e90  PlugPlay - ok
16:22:07.0873 0x1e90  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
16:22:07.0878 0x1e90  PNRPAutoReg - ok
16:22:07.0891 0x1e90  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
16:22:07.0900 0x1e90  PNRPsvc - ok
16:22:07.0915 0x1e90  [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
16:22:07.0924 0x1e90  PolicyAgent - ok
16:22:07.0980 0x1e90  [ C58AE9881CD83BB1662A7E062E11CBD6, 80969EC975C15718DC14136B7E1533FFD3E1530E1A1F6B1411ED3EE0F55016E6 ] PORTMON        M:\Programme\SysinternalsSuite\PORTMSYS.SYS
16:22:07.0982 0x1e90  PORTMON - detected UnsignedFile.Multi.Generic ( 1 )
16:22:09.0645 0x1a58  Object required for P2P: [ 7B9B5B31CB5BF1C023F7A0EDC85B9EF0 ] nvsvc
16:22:10.0289 0x1e90  Detect skipped due to KSN trusted
16:22:10.0289 0x1e90  PORTMON - ok
16:22:10.0295 0x1e90  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power          C:\Windows\system32\umpo.dll
16:22:10.0301 0x1e90  Power - ok
16:22:10.0306 0x1e90  [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:22:10.0316 0x1e90  PptpMiniport - ok
16:22:10.0364 0x1e90  [ 3C96A45CA3403A276B0F045C448EC27B, C0011DB8C5A85817CAF815CC0095EE2C1CDD5964DCD8EAF4C35A2495D6A873CC ] PrintNotify    C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
16:22:10.0415 0x1e90  PrintNotify - ok
16:22:10.0422 0x1e90  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor      C:\Windows\System32\drivers\processr.sys
16:22:10.0427 0x1e90  Processor - ok
16:22:10.0432 0x1e90  [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc        C:\Windows\system32\profsvc.dll
16:22:10.0440 0x1e90  ProfSvc - ok
16:22:10.0445 0x1e90  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:22:10.0453 0x1e90  Psched - ok
16:22:10.0462 0x1e90  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE          C:\Windows\system32\qwave.dll
16:22:10.0470 0x1e90  QWAVE - ok
16:22:10.0474 0x1e90  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:22:10.0479 0x1e90  QWAVEdrv - ok
16:22:10.0482 0x1e90  [ A8B33F54439997EDB6E3511D92A65CC5, 1EDFC596D24E7785EAD7609D7B3D266BD7C83E62529FA6B8E6CEA8F3AD233EC2 ] RAMDriv        C:\Windows\system32\DRIVERS\ramdriv.sys
16:22:10.0486 0x1e90  RAMDriv - ok
16:22:10.0489 0x1e90  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:22:10.0494 0x1e90  RasAcd - ok
16:22:10.0497 0x1e90  [ 3EE5097945A7F680E320953271EB2D4F, 0B9F2B458177A654F65C5E862B7C55B35E20271B76D5E20A20F30D3223A1216F ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
16:22:10.0502 0x1e90  RasAgileVpn - ok
16:22:10.0505 0x1e90  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto        C:\Windows\System32\rasauto.dll
16:22:10.0511 0x1e90  RasAuto - ok
16:22:10.0514 0x1e90  [ 1BD3022FD6E450B00DE560265638FD2A, 3878B443053DFFED62641BE8736891F426C7121EB8C4DB38FF0F218697133A6D ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
16:22:10.0520 0x1e90  Rasl2tp - ok
16:22:10.0535 0x1e90  [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\Windows\System32\rasmans.dll
16:22:10.0547 0x1e90  RasMan - ok
16:22:10.0552 0x1e90  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:22:10.0558 0x1e90  RasPppoe - ok
16:22:10.0562 0x1e90  [ 41F631007A158FEBB67F0E2AD1601BBA, EB5EA7277F4178BC27E55BF850AEBCD84B6BED80B2383CFB29548824AAFED135 ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
16:22:10.0568 0x1e90  RasSstp - ok
16:22:10.0579 0x1e90  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
16:22:10.0588 0x1e90  rdbss - ok
16:22:10.0591 0x1e90  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
16:22:10.0596 0x1e90  rdpbus - ok
16:22:10.0603 0x1e90  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR          C:\Windows\system32\drivers\rdpdr.sys
16:22:10.0611 0x1e90  RDPDR - ok
16:22:10.0615 0x1e90  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:22:10.0619 0x1e90  RdpVideoMiniport - ok
16:22:10.0628 0x1e90  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:22:10.0635 0x1e90  rdyboost - ok
16:22:10.0651 0x1e90  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\Windows\system32\drivers\ReFS.sys
16:22:10.0669 0x1e90  ReFS - ok
16:22:10.0678 0x1e90  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:22:10.0685 0x1e90  RemoteAccess - ok
16:22:10.0690 0x1e90  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:22:10.0696 0x1e90  RemoteRegistry - ok
16:22:10.0701 0x1e90  [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM          C:\Windows\System32\drivers\rfcomm.sys
16:22:10.0707 0x1e90  RFCOMM - ok
16:22:10.0711 0x1e90  [ 83A6C2CAFE236652D1559640594A0EA8, 52360F17C9C70C9CEA3316560B40C4D89FD705ED7E6B6088C99FC54D4CC35EB5 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
16:22:10.0716 0x1e90  rpcapd - ok
16:22:10.0720 0x1e90  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:22:10.0726 0x1e90  RpcEptMapper - ok
16:22:10.0728 0x1e90  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\Windows\system32\locator.exe
16:22:10.0733 0x1e90  RpcLocator - ok
16:22:10.0755 0x1e90  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs          C:\Windows\system32\rpcss.dll
16:22:10.0770 0x1e90  RpcSs - ok
16:22:10.0776 0x1e90  [ D666E0235D51B8C0B26CE9E587AF80E5, AB2D0FC4E702890419BB234E3C646CF90E333B89D172A418294BB95E6CDFBD3E ] RpcXdr          C:\Windows\system32\drivers\rpcxdr.sys
16:22:10.0783 0x1e90  RpcXdr - ok
16:22:10.0787 0x1e90  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:22:10.0793 0x1e90  rspndr - ok
16:22:10.0795 0x1e90  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap          C:\Windows\System32\drivers\vms3cap.sys
16:22:10.0800 0x1e90  s3cap - ok
16:22:10.0803 0x1e90  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs          C:\Windows\system32\lsass.exe
16:22:10.0810 0x1e90  SamSs - ok
16:22:10.0960 0x1e90  [ 4752E1DBF5671A941CFA6DFC4C840EB7, FEA249AA3F153398161DA8A43165E5B76C291B690C3DDF5D496099771842E273 ] SbieDrv        m:\Program Files\Sandboxie\SbieDrv.sys
16:22:10.0966 0x1e90  SbieDrv - ok
16:22:11.0044 0x1e90  [ 208D06C26717783E07104F30B9D3F301, 0F020277740B5AC03DC46592896B7B83AE658DAEDD796EDD1109AE4B7C14DF22 ] SbieSvc        m:\Program Files\Sandboxie\SbieSvc.exe
16:22:11.0050 0x1e90  SbieSvc - ok
16:22:11.0055 0x1e90  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:22:11.0061 0x1e90  sbp2port - ok
16:22:11.0067 0x1e90  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:22:11.0075 0x1e90  SCardSvr - ok
16:22:11.0080 0x1e90  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\Windows\System32\ScDeviceEnum.dll
16:22:11.0087 0x1e90  ScDeviceEnum - ok
16:22:11.0090 0x1e90  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:22:11.0095 0x1e90  scfilter - ok
16:22:11.0112 0x1e90  [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule        C:\Windows\system32\schedsvc.dll
16:22:11.0132 0x1e90  Schedule - ok
16:22:11.0139 0x1e90  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc    C:\Windows\System32\certprop.dll
16:22:11.0145 0x1e90  SCPolicySvc - ok
16:22:11.0151 0x1e90  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus          C:\Windows\System32\drivers\sdbus.sys
16:22:11.0159 0x1e90  sdbus - ok
16:22:11.0165 0x1e90  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
16:22:11.0171 0x1e90  sdstor - ok
16:22:11.0173 0x1e90  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:22:11.0180 0x1e90  secdrv - ok
16:22:11.0184 0x1e90  [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon        C:\Windows\system32\seclogon.dll
16:22:11.0190 0x1e90  seclogon - ok
16:22:11.0194 0x1e90  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\Windows\System32\sens.dll
16:22:11.0201 0x1e90  SENS - ok
16:22:11.0209 0x1e90  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:22:11.0216 0x1e90  SensrSvc - ok
16:22:11.0220 0x1e90  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx          C:\Windows\system32\drivers\SerCx.sys
16:22:11.0228 0x1e90  SerCx - ok
16:22:11.0233 0x1e90  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\Windows\system32\drivers\SerCx2.sys
16:22:11.0239 0x1e90  SerCx2 - ok
16:22:11.0241 0x1e90  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum        C:\Windows\System32\drivers\serenum.sys
16:22:11.0246 0x1e90  Serenum - ok
16:22:11.0251 0x1e90  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\Windows\System32\drivers\serial.sys
16:22:11.0256 0x1e90  Serial - ok
16:22:11.0259 0x1e90  [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse        C:\Windows\System32\drivers\sermouse.sys
16:22:11.0264 0x1e90  sermouse - ok
16:22:11.0276 0x1e90  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\Windows\system32\sessenv.dll
16:22:11.0287 0x1e90  SessionEnv - ok
16:22:11.0289 0x1e90  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy        C:\Windows\System32\drivers\sfloppy.sys
16:22:11.0294 0x1e90  sfloppy - ok
16:22:11.0308 0x1e90  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:22:11.0320 0x1e90  SharedAccess - ok
16:22:11.0339 0x1e90  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:22:11.0357 0x1e90  ShellHWDetection - ok
16:22:11.0361 0x1e90  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
16:22:11.0366 0x1e90  SiSRaid2 - ok
16:22:11.0369 0x1e90  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:22:11.0377 0x1e90  SiSRaid4 - ok
16:22:11.0380 0x1e90  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost        C:\Windows\System32\smphost.dll
16:22:11.0385 0x1e90  smphost - ok
16:22:11.0389 0x1e90  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:22:11.0394 0x1e90  SNMPTRAP - ok
16:22:11.0407 0x1e90  [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport      C:\Windows\system32\drivers\spaceport.sys
16:22:11.0416 0x1e90  spaceport - ok
16:22:11.0420 0x1e90  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx          C:\Windows\system32\drivers\SpbCx.sys
16:22:11.0425 0x1e90  SpbCx - ok
16:22:11.0439 0x1e90  [ 2E3976C857D7230EC8D2B2276E688255, C0A6A84369CB3E709A6FFEBED2B38AB62D731B79D052D6D6FA8EF855BC428778 ] Spooler        C:\Windows\System32\spoolsv.exe
16:22:11.0454 0x1e90  Spooler - ok
16:22:11.0533 0x1e90  [ 46549AF7CB672BC8138264CC4100E9F8, 6434249FADB07A033FD40C37DF2B775CF0617CF0C3E7C170F2984BD3CE423794 ] sppsvc          C:\Windows\system32\sppsvc.exe
16:22:11.0639 0x1e90  sppsvc - ok
16:22:11.0657 0x1e90  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv            C:\Windows\system32\DRIVERS\srv.sys
16:22:11.0669 0x1e90  srv - ok
16:22:11.0686 0x1e90  [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:22:11.0699 0x1e90  srv2 - ok
16:22:11.0707 0x1e90  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:22:11.0714 0x1e90  srvnet - ok
16:22:11.0722 0x1e90  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
16:22:11.0730 0x1e90  SSDPSRV - ok
16:22:11.0732 0x1e90  [ 0211AB46B73A2623B86C1CFCB30579AB, 7CC9BA2DF7B9EA6BB17EE342898EDD7F54703B93B6DED6A819E83A7EE9F938B4 ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
16:22:11.0735 0x1e90  SSPORT - ok
16:22:11.0741 0x1e90  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
16:22:11.0747 0x1e90  SstpSvc - ok
16:22:11.0752 0x1e90  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm        C:\Windows\system32\DRIVERS\ssudmdm.sys
16:22:11.0758 0x1e90  ssudmdm - ok
16:22:11.0769 0x1e90  [ CE21C361EAA587AC778AD7422FFC3E84, AE8DB90661E67BDAB1A6E75341DEF27DF0FDA1765576D1260EC1384419628CE5 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
16:22:11.0783 0x1e90  Steam Client Service - ok
16:22:11.0786 0x1e90  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
16:22:11.0790 0x1e90  stexstor - ok
16:22:11.0793 0x1e90  [ 8F3C0CCF27CFFE89424F30E9FB3381AB, 74E54541B4A16DC97098428E1715A27557BAB97E05AF346F88958580199C1541 ] StillCam        C:\Windows\System32\drivers\serscan.sys
16:22:11.0798 0x1e90  StillCam - ok
16:22:11.0813 0x1e90  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\Windows\System32\wiaservc.dll
16:22:11.0826 0x1e90  stisvc - ok
16:22:11.0831 0x1e90  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\Windows\system32\drivers\storahci.sys
16:22:11.0840 0x1e90  storahci - ok
16:22:11.0843 0x1e90  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt        C:\Windows\system32\drivers\vmstorfl.sys
16:22:11.0848 0x1e90  storflt - ok
16:22:11.0850 0x1e90  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\Windows\system32\drivers\stornvme.sys
16:22:11.0855 0x1e90  stornvme - ok
16:22:11.0858 0x1e90  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc        C:\Windows\system32\storsvc.dll
16:22:11.0864 0x1e90  StorSvc - ok
16:22:11.0867 0x1e90  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc        C:\Windows\system32\drivers\storvsc.sys
16:22:11.0872 0x1e90  storvsc - ok
16:22:11.0875 0x1e90  [ 7D123389FCD97D84881BA9C07012BA0C, 044442D8FCFE7935A025602F817C726576BA1C515CB594C4320A8AC6D8DA8F41 ] storvsp        C:\Windows\System32\drivers\storvsp.sys
16:22:11.0880 0x1e90  storvsp - ok
16:22:11.0883 0x1e90  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc          C:\Windows\system32\svsvc.dll
16:22:11.0888 0x1e90  svsvc - ok
16:22:11.0890 0x1e90  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\Windows\System32\drivers\swenum.sys
16:22:11.0894 0x1e90  swenum - ok
16:22:11.0912 0x1e90  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv          C:\Windows\System32\swprv.dll
16:22:11.0927 0x1e90  swprv - ok
16:22:11.0986 0x1e90  [ 6843FF634C373DE7F150E144054ABE1C, 33CA8155A32A174B446FDE08F3F57A69DC928F3BFCBEE1C1DA569BACB541975C ] Synergy        M:\Program Files\Synergy\synergyd.exe
16:22:11.0993 0x1e90  Synergy - detected UnsignedFile.Multi.Generic ( 1 )
16:22:12.0093 0x1a58  Object send P2P result: true
16:22:14.0298 0x1e90  Detect skipped due to KSN trusted
16:22:14.0299 0x1e90  Synergy - ok
16:22:14.0302 0x1e90  [ 25F0DA8E7F26416FDB5D77592B5C1A8B, 99E7ACA2FA0E3D98BA30947F7E7A59662D36048D9EB83E5BA04D643033B84DB5 ] Synth3dVsc      C:\Windows\System32\drivers\Synth3dVsc.sys
16:22:14.0307 0x1e90  Synth3dVsc - ok
16:22:14.0324 0x1e90  [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain        C:\Windows\system32\sysmain.dll
16:22:14.0345 0x1e90  SysMain - ok
16:22:14.0352 0x1e90  [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
16:22:14.0360 0x1e90  SystemEventsBroker - ok
16:22:14.0364 0x1e90  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:22:14.0371 0x1e90  TabletInputService - ok
16:22:14.0382 0x1e90  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv        C:\Windows\System32\tapisrv.dll
16:22:14.0390 0x1e90  TapiSrv - ok
16:22:14.0421 0x1e90  [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
16:22:14.0468 0x1e90  Tcpip - ok
16:22:14.0500 0x1e90  [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:22:14.0550 0x1e90  TCPIP6 - ok
16:22:14.0554 0x1e90  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:22:14.0561 0x1e90  tcpipreg - ok
16:22:14.0567 0x1e90  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
16:22:14.0573 0x1e90  tdx - ok
16:22:14.0643 0x1e90  [ CFC9B7B465283378D374D5E380D5D244, 5E66A62C6A6272B65181F116031AA80E8DCEDA3B7E2C1130DD631347DF644D79 ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
16:22:14.0731 0x1e90  TeamViewer - ok
16:22:14.0737 0x1e90  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
16:22:14.0742 0x1e90  terminpt - ok
16:22:14.0768 0x1e90  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService    C:\Windows\System32\termsrv.dll
16:22:14.0786 0x1e90  TermService - ok
16:22:14.0790 0x1e90  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\Windows\system32\themeservice.dll
16:22:14.0796 0x1e90  Themes - ok
16:22:14.0799 0x1e90  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER    C:\Windows\system32\mmcss.dll
16:22:14.0805 0x1e90  THREADORDER - ok
16:22:14.0815 0x1e90  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
16:22:14.0822 0x1e90  TimeBroker - ok
16:22:14.0828 0x1e90  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM            C:\Windows\system32\drivers\tpm.sys
16:22:14.0834 0x1e90  TPM - ok
16:22:14.0839 0x1e90  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\Windows\System32\trkwks.dll
16:22:14.0845 0x1e90  TrkWks - ok
16:22:14.0853 0x1e90  [ 370A6907DDF79532A39319492B1FA38A, 46AECC5160F04FC3FFE4D37B404CCBBD1C5DC1501C2CEEE8284FF544DBDF10F8 ] truecrypt      C:\Windows\system32\drivers\truecrypt.sys
16:22:14.0862 0x1e90  truecrypt - ok
16:22:14.0865 0x1e90  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:22:14.0871 0x1e90  TrustedInstaller - ok
16:22:14.0874 0x1e90  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:22:14.0879 0x1e90  TsUsbFlt - ok
16:22:14.0883 0x1e90  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD        C:\Windows\System32\drivers\TsUsbGD.sys
16:22:14.0888 0x1e90  TsUsbGD - ok
16:22:14.0892 0x1e90  [ 4A445D5E44CD996D18E128EF321D54B2, 7B5F504F34B0CBBD1D4B0F3634F707F4876D6B14B41EEEB09AEAA4BDDC75FDDD ] tsusbhub        C:\Windows\System32\drivers\tsusbhub.sys
16:22:14.0898 0x1e90  tsusbhub - ok
16:22:14.0903 0x1e90  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:22:14.0910 0x1e90  tunnel - ok
16:22:14.0913 0x1e90  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:22:14.0918 0x1e90  uagp35 - ok
16:22:14.0922 0x1e90  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
16:22:14.0927 0x1e90  UASPStor - ok
16:22:14.0934 0x1e90  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
16:22:14.0940 0x1e90  UCX01000 - ok
16:22:14.0946 0x1e90  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:22:14.0954 0x1e90  udfs - ok
16:22:14.0976 0x1e90  [ CA26ECD9524C558A3E633F4CCE54617B, 8039FA9013DAEBD0F3A7708AEC3143DA6CDA6CA544ABE40425B40B7F41B90F20 ] UDST7000BDA    C:\Windows\system32\DRIVERS\TerraTecUsbBda.sys
16:22:15.0000 0x1e90  UDST7000BDA - ok
16:22:15.0003 0x1e90  [ B066AC204336D85F19BF881B8B450391, E533B038EC6E72798C8C2250218B3577671BE4DB21C062E81FC87735C22BAD77 ] UDST7000HID    C:\Windows\System32\drivers\TerraTecUsbHid.sys
16:22:15.0006 0x1e90  UDST7000HID - ok
16:22:15.0008 0x1e90  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\Windows\System32\drivers\UEFI.sys
16:22:15.0013 0x1e90  UEFI - ok
16:22:15.0017 0x1e90  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
16:22:15.0023 0x1e90  UI0Detect - ok
16:22:15.0025 0x1e90  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:22:15.0031 0x1e90  uliagpkx - ok
16:22:15.0034 0x1e90  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus          C:\Windows\System32\drivers\umbus.sys
16:22:15.0039 0x1e90  umbus - ok
16:22:15.0041 0x1e90  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\Windows\System32\drivers\umpass.sys
16:22:15.0046 0x1e90  UmPass - ok
16:22:15.0055 0x1e90  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\Windows\System32\umrdp.dll
16:22:15.0064 0x1e90  UmRdpService - ok
16:22:15.0066 0x1e90  [ 9DC07E73A4ABB9ACF692113B36A5009F, CA7176FC219515D58DCFA66EC61880ECE5617275C9B83701BB74D8B60E733D34 ] UnlockerDriver5 c:\Program Files\Unlocker\UnlockerDriver5.sys
16:22:15.0069 0x1e90  UnlockerDriver5 - ok
16:22:15.0082 0x1e90  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\Windows\System32\upnphost.dll
16:22:15.0093 0x1e90  upnphost - ok
16:22:15.0099 0x1e90  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp        C:\Windows\System32\drivers\usbccgp.sys
16:22:15.0105 0x1e90  usbccgp - ok
16:22:15.0109 0x1e90  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
16:22:15.0114 0x1e90  usbcir - ok
16:22:15.0118 0x1e90  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci        C:\Windows\System32\drivers\usbehci.sys
16:22:15.0124 0x1e90  usbehci - ok
16:22:15.0136 0x1e90  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\Windows\System32\drivers\usbhub.sys
16:22:15.0146 0x1e90  usbhub - ok
16:22:15.0157 0x1e90  [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3        C:\Windows\System32\drivers\UsbHub3.sys
16:22:15.0168 0x1e90  USBHUB3 - ok
16:22:15.0172 0x1e90  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci        C:\Windows\System32\drivers\usbohci.sys
16:22:15.0176 0x1e90  usbohci - ok
16:22:15.0179 0x1e90  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
16:22:15.0184 0x1e90  usbprint - ok
16:22:15.0189 0x1e90  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR        C:\Windows\System32\drivers\USBSTOR.SYS
16:22:15.0195 0x1e90  USBSTOR - ok
16:22:15.0198 0x1e90  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci        C:\Windows\System32\drivers\usbuhci.sys
16:22:15.0203 0x1e90  usbuhci - ok
16:22:15.0210 0x1e90  [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI        C:\Windows\System32\drivers\USBXHCI.SYS
16:22:15.0219 0x1e90  USBXHCI - ok
16:22:15.0305 0x1e90  [ 470295FBBFB97EF104AA5AE409802165, 2BA34D54A68A5EE862EF7075A8FF4042546C85C6984C6F75B3ADEB1932287B30 ] uvnc_service    m:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe
16:22:15.0335 0x1e90  uvnc_service - ok
16:22:15.0341 0x1e90  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\Windows\system32\lsass.exe
16:22:15.0346 0x1e90  VaultSvc - ok
16:22:15.0359 0x1e90  [ FA778992885636644FAE843E479A6774, C43789E3500F7B20D3AA234F806EEDC77C29AD71289FA1ADA6B2527978CC58A8 ] VBoxDrv        C:\Windows\system32\DRIVERS\VBoxDrv.sys
16:22:15.0376 0x1e90  VBoxDrv - ok
16:22:15.0380 0x1e90  [ 63A1DDA8A5B1229A9F7A301EF9385909, D9053B0E311C34DC5ECAEFB34B8522F34C0627FFC547B0271313F570F20B9BF8 ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys
16:22:15.0384 0x1e90  VBoxNetAdp - ok
16:22:15.0387 0x1e90  VBoxNetFlt - ok
16:22:15.0391 0x1e90  [ 5269C8EAA3499A3D371BEA543955540F, 4E02FC198F1F4E202989628657658C5354C4F9B2CA37A49425C7A617A8DD85A2 ] VBoxNetLwf      C:\Windows\system32\DRIVERS\VBoxNetLwf.sys
16:22:15.0396 0x1e90  VBoxNetLwf - ok
16:22:15.0399 0x1e90  [ 7CA9F135666CE16742547271CD399557, 3BEAD11758DE731600088D2A5F0FAA6C38719DCC8B101F4B2BFDF3C0067C0751 ] VBoxUSB        C:\Windows\System32\Drivers\VBoxUSB.sys
16:22:15.0404 0x1e90  VBoxUSB - ok
16:22:15.0408 0x1e90  [ 38450E440C613D0C88FD29716E159F68, 797DB2242E5AC2D126130E295B4AF832A394AAC43F0E21811CC94EE8A009C479 ] VBoxUSBMon      C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
16:22:15.0413 0x1e90  VBoxUSBMon - ok
16:22:15.0416 0x1e90  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:22:15.0421 0x1e90  vdrvroot - ok
16:22:15.0448 0x1e90  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds            C:\Windows\System32\vds.exe
16:22:15.0474 0x1e90  vds - ok
16:22:15.0479 0x1e90  [ 7DDDC7BA58D226706553921D16C68E18, 8BAE0C47E7DA7E510254B485F091FC96124EA334845A09986901EE55E6C2C525 ] veracrypt      C:\Windows\system32\drivers\veracrypt.sys
16:22:15.0486 0x1e90  veracrypt - ok
16:22:15.0491 0x1e90  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt    C:\Windows\system32\drivers\VerifierExt.sys
16:22:15.0498 0x1e90  VerifierExt - ok
16:22:15.0500 0x1e90  [ E4DA1D85CCCB610DFF0C0E116900E17F, 874EB88B9E2743654094F04AB04C254BBDFBCDECBB200514E73F696098B847F3 ] vflt            C:\Windows\system32\DRIVERS\vfilter.sys
16:22:15.0505 0x1e90  vflt - ok
16:22:15.0520 0x1e90  [ F6ECFD6128A16A4851CFE98D4E01B011, C349893E8D7FB9B510A3FAD040F70C3C72B0ACDD5F6EB336951849F9E953717D ] vhdmp          C:\Windows\System32\drivers\vhdmp.sys
16:22:15.0535 0x1e90  vhdmp - ok
16:22:15.0539 0x1e90  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:22:15.0542 0x1e90  viaide - ok
16:22:15.0548 0x1e90  [ 3CE922E34DB12D9F3C0EA856BC09687C, E50A1885FBC775E49614989ECFEA4ACBBDDA16AF459CC5361EED9E23CC7CD42C ] Vid            C:\Windows\System32\drivers\Vid.sys
16:22:15.0555 0x1e90  Vid - ok
16:22:15.0558 0x1e90  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus          C:\Windows\system32\drivers\vmbus.sys
16:22:15.0564 0x1e90  vmbus - ok
16:22:15.0566 0x1e90  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
16:22:15.0571 0x1e90  VMBusHID - ok
16:22:15.0576 0x1e90  [ 68F8C26DEA2D42E8DEC0778943433C80, 81E8F9D62815F94952CEEABD0689473CC330F7890F66872DCD35A43C06ED33CD ] vmbusr          C:\Windows\System32\drivers\vmbusr.sys
16:22:15.0584 0x1e90  vmbusr - ok
16:22:15.0597 0x1e90  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
16:22:15.0609 0x1e90  vmicguestinterface - ok
16:22:15.0625 0x1e90  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat  C:\Windows\System32\ICSvc.dll
16:22:15.0639 0x1e90  vmicheartbeat - ok
16:22:15.0654 0x1e90  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
16:22:15.0670 0x1e90  vmickvpexchange - ok
16:22:15.0684 0x1e90  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv        C:\Windows\System32\ICSvc.dll
16:22:15.0698 0x1e90  vmicrdv - ok
16:22:15.0712 0x1e90  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
16:22:15.0724 0x1e90  vmicshutdown - ok
16:22:15.0737 0x1e90  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\Windows\System32\ICSvc.dll
16:22:15.0747 0x1e90  vmictimesync - ok
16:22:15.0761 0x1e90  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss        C:\Windows\System32\ICSvc.dll
16:22:15.0772 0x1e90  vmicvss - ok
16:22:15.0775 0x1e90  [ A99CA064AD11266FE7067A79BF78BBB5, B5AFFBA1A9A6E51639A89B9F6C0678E70F73D2BF37D5F88F4AD45DFC6798597D ] vnet            C:\Windows\system32\DRIVERS\virtualnet.sys
16:22:15.0779 0x1e90  vnet - ok
16:22:15.0784 0x1e90  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:22:15.0789 0x1e90  volmgr - ok
16:22:15.0799 0x1e90  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
16:22:15.0808 0x1e90  volmgrx - ok
16:22:15.0818 0x1e90  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
16:22:15.0827 0x1e90  volsnap - ok
16:22:15.0830 0x1e90  [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci            C:\Windows\System32\drivers\vpci.sys
16:22:15.0835 0x1e90  vpci - ok
16:22:15.0838 0x1e90  [ ADBE96C33D1A5BB1BBAF90B4BC84F523, 6E9C9ED3D51E4B6E494D42ECA6F824AD86D676C12C39BBE6B8BD96366BCB02DA ] vpcivsp        C:\Windows\System32\drivers\vpcivsp.sys
16:22:15.0844 0x1e90  vpcivsp - ok
16:22:15.0849 0x1e90  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
16:22:15.0858 0x1e90  vsmraid - ok
16:22:15.0881 0x1e90  [ 3B7F9612439EA47151EC5EAB232C1C3F, CA08CCB14CB46512F72E2C20454242B18BC57E34C55B42A37B7EC27B79242CDC ] VSS            C:\Windows\system32\vssvc.exe
16:22:15.0904 0x1e90  VSS - ok
16:22:15.0912 0x1e90  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
16:22:15.0922 0x1e90  VSTXRAID - ok
16:22:15.0925 0x1e90  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:22:15.0930 0x1e90  vwifibus - ok
16:22:15.0941 0x1e90  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time        C:\Windows\system32\w32time.dll
16:22:15.0952 0x1e90  W32Time - ok
16:22:15.0956 0x1e90  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
16:22:15.0961 0x1e90  WacomPen - ok
16:22:15.0964 0x1e90  [ 23006D660C0E54BF1CE8253E15F5E995, 4FA7ED2F6B29BACBE2BB43C79FC8231C4C59F27C79AB09DB07BBFE36B35689E5 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:22:15.0969 0x1e90  WANARP - ok
16:22:15.0971 0x1e90  [ 23006D660C0E54BF1CE8253E15F5E995, 4FA7ED2F6B29BACBE2BB43C79FC8231C4C59F27C79AB09DB07BBFE36B35689E5 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:22:15.0976 0x1e90  Wanarpv6 - ok
16:22:16.0011 0x1e90  [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine        C:\Windows\system32\wbengine.exe
16:22:16.0035 0x1e90  wbengine - ok
16:22:16.0048 0x1e90  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:22:16.0059 0x1e90  WbioSrvc - ok
16:22:16.0070 0x1e90  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
16:22:16.0080 0x1e90  Wcmsvc - ok
16:22:16.0090 0x1e90  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
16:22:16.0100 0x1e90  wcncsvc - ok
16:22:16.0104 0x1e90  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:22:16.0110 0x1e90  WcsPlugInService - ok
16:22:16.0113 0x1e90  [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
16:22:16.0117 0x1e90  WdBoot - ok
16:22:16.0136 0x1e90  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:22:16.0150 0x1e90  Wdf01000 - ok
16:22:16.0156 0x1e90  [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
16:22:16.0164 0x1e90  WdFilter - ok
16:22:16.0168 0x1e90  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:22:16.0175 0x1e90  WdiServiceHost - ok
16:22:16.0179 0x1e90  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost  C:\Windows\system32\wdi.dll
16:22:16.0186 0x1e90  WdiSystemHost - ok
16:22:16.0190 0x1e90  [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv        C:\Windows\system32\Drivers\WdNisDrv.sys
16:22:16.0195 0x1e90  WdNisDrv - ok
16:22:16.0197 0x1e90  WdNisSvc - ok
16:22:16.0202 0x1e90  [ 40F83492DB9ABBA59773A45FB487C8B2, 0D0DE0B0C9B929FEFD2674CCF17F5F2FC4B16EAB8E1981BBCE51B0305FD7D75E ] WebClient      C:\Windows\System32\webclnt.dll
16:22:16.0209 0x1e90  WebClient - ok
16:22:16.0215 0x1e90  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:22:16.0222 0x1e90  Wecsvc - ok
16:22:16.0226 0x1e90  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\Windows\system32\wephostsvc.dll
16:22:16.0232 0x1e90  WEPHOSTSVC - ok
16:22:16.0235 0x1e90  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
16:22:16.0242 0x1e90  wercplsupport - ok
16:22:16.0248 0x1e90  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\Windows\System32\WerSvc.dll
16:22:16.0255 0x1e90  WerSvc - ok
16:22:16.0259 0x1e90  [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS        C:\Windows\system32\DRIVERS\wfplwfs.sys
16:22:16.0265 0x1e90  WFPLWFS - ok
16:22:16.0269 0x1e90  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\Windows\System32\wiarpc.dll
16:22:16.0275 0x1e90  WiaRpc - ok
16:22:16.0277 0x1e90  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:22:16.0282 0x1e90  WIMMount - ok
16:22:16.0283 0x1e90  WinDefend - ok
16:22:16.0307 0x1e90  [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
16:22:16.0322 0x1e90  WinHttpAutoProxySvc - ok
16:22:16.0332 0x1e90  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
16:22:16.0340 0x1e90  Winmgmt - ok
16:22:16.0407 0x1e90  [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM          C:\Windows\system32\WsmSvc.dll
16:22:16.0445 0x1e90  WinRM - ok
16:22:16.0453 0x1e90  [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb          C:\Windows\System32\drivers\WinUsb.sys
16:22:16.0459 0x1e90  WinUsb - ok
16:22:16.0491 0x1e90  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc        C:\Windows\System32\wlansvc.dll
16:22:16.0514 0x1e90  WlanSvc - ok
16:22:16.0564 0x1e90  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc        C:\Windows\system32\wlidsvc.dll
16:22:16.0588 0x1e90  wlidsvc - ok
16:22:16.0591 0x1e90  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi        C:\Windows\System32\drivers\wmiacpi.sys
16:22:16.0595 0x1e90  WmiAcpi - ok
16:22:16.0603 0x1e90  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:22:16.0610 0x1e90  wmiApSrv - ok
16:22:16.0613 0x1e90  [ 92C6184E6F62D542B8DCDC93BD73CB7E, CFC98601730ADEE4802C55C07B6DFF6037E3EECC818802A698448C68819F5308 ] wod0205        C:\Windows\system32\DRIVERS\wod0205.sys
16:22:16.0616 0x1e90  wod0205 - ok
16:22:16.0620 0x1e90  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof            C:\Windows\system32\drivers\Wof.sys
16:22:16.0627 0x1e90  Wof - ok
16:22:16.0665 0x1e90  [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc  C:\Windows\system32\workfolderssvc.dll
16:22:16.0697 0x1e90  workfolderssvc - ok
16:22:16.0701 0x1e90  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr        C:\Windows\system32\DRIVERS\wpcfltr.sys
16:22:16.0706 0x1e90  wpcfltr - ok
16:22:16.0708 0x1e90  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:22:16.0714 0x1e90  WPCSvc - ok
16:22:16.0719 0x1e90  [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:22:16.0726 0x1e90  WPDBusEnum - ok
16:22:16.0729 0x1e90  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr      C:\Windows\system32\drivers\WpdUpFltr.sys
16:22:16.0733 0x1e90  WpdUpFltr - ok
16:22:16.0736 0x1e90  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
16:22:16.0742 0x1e90  ws2ifsl - ok
16:22:16.0748 0x1e90  [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc          C:\Windows\System32\wscsvc.dll
16:22:16.0755 0x1e90  wscsvc - ok
16:22:16.0757 0x1e90  [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice  C:\Windows\System32\drivers\WSDPrint.sys
16:22:16.0762 0x1e90  WSDPrintDevice - ok
16:22:16.0765 0x1e90  [ 58035FD3369879E02D65989C44D27450, B9245DB5C17F7CE94FAA20AB4B0D06A4DFB6133C6E82343758CDC713EB64DFEF ] WSDScan        C:\Windows\system32\DRIVERS\WSDScan.sys
16:22:16.0770 0x1e90  WSDScan - ok
16:22:16.0771 0x1e90  WSearch - ok
16:22:16.0848 0x1e90  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService      C:\Windows\System32\WSService.dll
16:22:16.0906 0x1e90  WSService - ok
16:22:16.0958 0x1e90  [ 3F726FF7B1ACC7D5E89940EA5BFF0E61, DF84486870C677B30985005A909CFDF8446BD566F601A295FF29F258E1D1AFF4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:22:17.0008 0x1e90  wuauserv - ok
16:22:17.0015 0x1e90  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:22:17.0021 0x1e90  WudfPf - ok
16:22:17.0028 0x1e90  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
16:22:17.0035 0x1e90  WUDFRd - ok
16:22:17.0040 0x1e90  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
16:22:17.0047 0x1e90  wudfsvc - ok
16:22:17.0054 0x1e90  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs      C:\Windows\System32\drivers\WUDFRd.sys
16:22:17.0061 0x1e90  WUDFWpdFs - ok
16:22:17.0068 0x1e90  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp      C:\Windows\System32\drivers\WUDFRd.sys
16:22:17.0075 0x1e90  WUDFWpdMtp - ok
16:22:17.0089 0x1e90  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc        C:\Windows\System32\wwansvc.dll
16:22:17.0101 0x1e90  WwanSvc - ok
16:22:17.0104 0x1e90  [ AAAF81690C24E2F1EE59F1B2AED5B632, 446AE85300FCB1CDEBFF2BDD69F6B322922F40EB688EF152F853B3AB6F4D4A6A ] xb1usb          C:\Windows\System32\drivers\xb1usb.sys
16:22:17.0110 0x1e90  xb1usb - ok
16:22:17.0116 0x1e90  [ A0F661902AFCAAD77CC2ED3894927A10, 0DCD860F7F4029EBFE1F409BA23CC8BAA55BC22084C81940FF170B665E4804BD ] xusb22          C:\Windows\System32\drivers\xusb22.sys
16:22:17.0124 0x1e90  xusb22 - ok
16:22:17.0128 0x1e90  ================ Scan global ===============================
16:22:17.0130 0x1e90  [ 05B08C20B8428ECE088CB5635696A48D, 471642A2D0E5C3BB235962FC8D86A49AC30D7DDE80B97E348425BBFCDE4DCDC3 ] C:\Windows\system32\basesrv.dll
16:22:17.0137 0x1e90  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\Windows\system32\winsrv.dll
16:22:17.0142 0x1e90  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\Windows\system32\sxssrv.dll
16:22:17.0150 0x1e90  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\Windows\system32\services.exe
16:22:17.0155 0x1e90  [ Global ] - ok
16:22:17.0155 0x1e90  ================ Scan MBR ==================================
16:22:17.0156 0x1e90  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:22:17.0223 0x1e90  \Device\Harddisk0\DR0 - ok
16:22:17.0245 0x1e90  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:22:17.0297 0x1e90  \Device\Harddisk1\DR1 - ok
16:22:17.0326 0x1e90  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
16:22:17.0394 0x1e90  \Device\Harddisk2\DR2 - ok
16:22:17.0406 0x1e90  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
16:22:17.0445 0x1e90  \Device\Harddisk3\DR3 - ok
16:22:17.0448 0x1e90  [ 0792F22BCC85CFD3B28324561FFFCABB ] \Device\Harddisk4\DR4
16:22:18.0355 0x1e90  \Device\Harddisk4\DR4 - ok
16:22:18.0355 0x1e90  ================ Scan VBR ==================================
16:22:18.0357 0x1e90  [ 22F7F4CC84FB7CEB9172DC9EAD8ABF16 ] \Device\Harddisk0\DR0\Partition1
16:22:18.0358 0x1e90  \Device\Harddisk0\DR0\Partition1 - ok
16:22:18.0359 0x1e90  [ 51638DFEA3FE416F2474CC8EB3736E73 ] \Device\Harddisk0\DR0\Partition2
16:22:18.0360 0x1e90  \Device\Harddisk0\DR0\Partition2 - ok
16:22:18.0361 0x1e90  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
16:22:18.0361 0x1e90  \Device\Harddisk1\DR1\Partition1 - ok
16:22:18.0393 0x1e90  [ 620224330BF335CC7447E5359D5DCD54 ] \Device\Harddisk1\DR1\Partition2
16:22:18.0471 0x1e90  \Device\Harddisk1\DR1\Partition2 - ok
16:22:18.0473 0x1e90  [ 577BE45835808EE0C021E3E996B5CC92 ] \Device\Harddisk2\DR2\Partition1
16:22:18.0473 0x1e90  \Device\Harddisk2\DR2\Partition1 - ok
16:22:18.0474 0x1e90  [ 876B3EA45D7E68593A9AADB52E3D6126 ] \Device\Harddisk3\DR3\Partition1
16:22:18.0475 0x1e90  \Device\Harddisk3\DR3\Partition1 - ok
16:22:18.0477 0x1e90  [ AB7DC4E148530D70F87AED2630FB343E ] \Device\Harddisk4\DR4\Partition1
16:22:18.0478 0x1e90  \Device\Harddisk4\DR4\Partition1 - ok
16:22:18.0478 0x1e90  ================ Scan generic autorun ======================
16:22:18.0481 0x1e90  [ F14327BA386AAA2246585BFADD8FE8E8, 2804D7985B116C808942B4501362D4F4BAE4B540E9A6AC9B176B30DD448BA5AC ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
16:22:18.0483 0x1e90  IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
16:22:20.0790 0x1e90  Detect skipped due to KSN trusted
16:22:20.0790 0x1e90  IAStorIcon - ok
16:22:21.0036 0x1e90  [ E1026B2975D308D43E896A108C92F1BD, 562903C88BC3CBD86E9A813001C72576181F2470286040240BAC92E5BF1F1583 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
16:22:21.0299 0x1e90  RTHDVCPL - ok
16:22:21.0499 0x1e90  [ D187A411C9C34F80B4D3AAB97CDB3C0A, 9406914A72D09B0090A263D03AD0E3006C3A30EDBEF0B87C062010AEF2D86B75 ] C:\Program Files\Logitech Gaming Software\LCore.exe
16:22:21.0721 0x1e90  Launch LCore - ok
16:22:21.0738 0x1e90  [ B1964E8776FD7633F149788F5B2A71CB, E30AC137B9DC2D3456499E0BB3B1955D2E0F7FFDB11E7A290A9DA25C76F4FAF8 ] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
16:22:21.0747 0x1e90  CDAServer - ok
16:22:21.0747 0x1e90  OODefragTray - ok
16:22:21.0818 0x1e90  [ DE91AA01B01FF8F5837C46EF0B51B57F, C896865F9C0613286C01AA3183D37B25C324D64963A2B1EE0CFA91100822D086 ] m:\Program Files\Greenshot\Greenshot.exe
16:22:21.0828 0x1e90  Greenshot - detected UnsignedFile.Multi.Generic ( 1 )
16:22:24.0138 0x1e90  Detect skipped due to KSN trusted
16:22:24.0138 0x1e90  Greenshot - ok
16:22:24.0143 0x1e90  [ 5917DC01B9AC1FD64136D4691FFC7987, 8AAB5E31A4F4056843EC0896BF3F0A91604FF39F4AD439F64D2E882E72511A98 ] C:\Program Files\Classic Shell\ClassicStartMenu.exe
16:22:24.0149 0x1e90  Classic Start Menu - ok
16:22:24.0182 0x1e90  [ E38338CC40DBFE16540EC767BF65E4A2, 8BA91F90E92F1F06129930ABB6A9280AF9C33B05D13BF91A3F1185A639D3DE78 ] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
16:22:24.0223 0x1e90  KeePass 2 PreLoad - ok
16:22:24.0241 0x1e90  [ 7389FE13F97605BFC1C18E6073BD3BE2, 5EC5BDD2AEFBC40FB55CA9BD623DCD5A79028657E2555839D04F9859D36DF03D ] C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
16:22:24.0257 0x1e90  Sound Blaster Z-Series Control Panel - detected UnsignedFile.Multi.Generic ( 1 )
16:22:26.0609 0x1e90  Detect skipped due to KSN trusted
16:22:26.0609 0x1e90  Sound Blaster Z-Series Control Panel - ok
16:22:26.0614 0x1e90  CitrixReceiver - ok
16:22:26.0627 0x1e90  [ 5DAB9A0A2D2B4C7DBB5FD381CB2C2B0D, 67A9661B2AC5CFF9DCB3D0B76D617742B93190E6DE4D501565D4FC2E9993934C ] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
16:22:26.0638 0x1e90  ConnectionCenter - ok
16:22:26.0644 0x1e90  [ F590FFAF1A12C4B4BE1BCCA29CCB10A2, 8F73820E7107AABD7A5F402D02D786725650311368F96024C92BB2F200BA2AEF ] C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
16:22:26.0650 0x1e90  Redirector - ok
16:22:26.0681 0x1e90  [ 92186E427B216F010C5886A618801CF7, D2B652C692A38B29CBF66B6264CE7EF9A155E968744DD642D519D240E83B5CC7 ] C:\Program Files (x86)\G DATA\USB KEYBOARD GUARD\GD2NDKBB.exe
16:22:26.0700 0x1e90  GDataUsbProtection - ok
16:22:26.0702 0x1e90  Dropbox - ok
16:22:26.0714 0x1e90  [ 9A37A8184FF394645C224DEC24B8E1BB, 07303575847EEF9A60E9C8AA89A5139E58EB909184D799310A869662EDF294FC ] C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe
16:22:26.0728 0x1e90  Command Center - ok
16:22:26.0738 0x1e90  [ 9AC10DF42CC1E811BB8608A0B609A7D0, 8337D83D40E5FA5A38109F3C4E6AF217AA4D112E9174FC2E5662A0DE77249F63 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
16:22:26.0750 0x1e90  SunJavaUpdateSched - ok
16:22:26.0886 0x1e90  [ D8AC78CDEC4EDC534EA0056D894CF004, 5809123847DE8CAA4CC657D9157C4D14751500625BCDDEB40088AE77290D7795 ] C:\Program Files (x86)\MSI\Live Update\Live Update.exe
16:22:27.0043 0x1e90  Live Update - ok
16:22:27.0152 0x1e90  [ 1C6A812AB0AF2CC2BF5E42722BDDB20E, FA5719BF1D11C5F04D7B3FDA911D23BF3213C53D53D35A3FB1952156515CB935 ] M:\Program Files (x86)\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
16:22:27.0160 0x1e90  7 Taskbar Tweaker - detected UnsignedFile.Multi.Generic ( 1 )
16:22:29.0466 0x1e90  7 Taskbar Tweaker ( UnsignedFile.Multi.Generic ) - warning
16:22:31.0871 0x1e90  [ 630B417FD7F878A4398D16FBD3F46690, 7B5A8866D72749C9F9576CD2EDBD66F3EB5CC8AF20FE979EB6D3D87495E473B1 ] m:\Program Files (x86)\ClamWin\bin\ClamTray.exe
16:22:31.0874 0x1e90  ClamWin - detected UnsignedFile.Multi.Generic ( 1 )
16:22:34.0184 0x1e90  Detect skipped due to KSN trusted
16:22:34.0184 0x1e90  ClamWin - ok
16:22:34.0338 0x1e90  [ 9DA1393F5C9350A3CFB039B6EB71A28F, 21DBC6ACFFBDEDAEB97690B83068B054DA9C3C117DF47135CFAA06E91916DBA8 ] m:\Program Files\Sandboxie\SbieCtrl.exe
16:22:34.0352 0x1e90  SandboxieControl - ok
16:22:34.0361 0x1e90  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe
16:22:34.0365 0x1e90  Google Update - ok
16:22:34.0541 0x1e90  [ 3570C7B35F9EB00BE68025CD10149640, 0FA72D4FC79D5D37177660A5A511A2D294C27FB3FF029F52720702321A4A7161 ] M:\Program Files (x86)\ownCloud\owncloud.exe
16:22:34.0563 0x1e90  ownCloud - detected UnsignedFile.Multi.Generic ( 1 )
16:22:36.0873 0x1e90  Detect skipped due to KSN trusted
16:22:36.0873 0x1e90  ownCloud - ok
16:22:36.0969 0x1e90  [ 28097821DE2D52E8B259E8D977DE229F, EAA3345F502ED0EB7DC02189F19F2648C6D1E79750AED0F968E5D33614861642 ] m:\Program Files\Ditto\Ditto.exe
16:22:37.0001 0x1e90  Ditto - detected UnsignedFile.Multi.Generic ( 1 )
16:22:39.0308 0x1e90  Detect skipped due to KSN trusted
16:22:39.0308 0x1e90  Ditto - ok
16:22:39.0368 0x1e90  [ 236D0DE39B72766935297687460324F7, 5E59F9B6227A22E7BE84B0A02A95A420DD5DC07704AE4337CA1131DF393A4B73 ] M:\Program Files (x86)\Loxone\LoxoneConfig\LoxCONTROL.exe
16:22:39.0404 0x1e90  LoxCONTROL - detected UnsignedFile.Multi.Generic ( 1 )
16:22:41.0711 0x1e90  Detect skipped due to KSN trusted
16:22:41.0711 0x1e90  LoxCONTROL - ok
16:22:41.0730 0x1e90  [ 44A9229022A519ED45294A1934C05EEC, 6DEF0DB5F9B50E9B0AFEE1CF50066BEB4FB7E15E2DC829A499509925660D6992 ] C:\Users\mongole\AppData\Local\FluxSoftware\Flux\flux.exe
16:22:41.0748 0x1e90  f.lux - ok
16:22:41.0759 0x1e90  [ F06C73D0AC21EA0D62E825AD047F778C, 01F3FE2D6A5C7C3007897F34AEBDB74B8EF3CEB6523F8CC5AF246FC4B44FBB5D ] C:\Program Files (x86)\ClamSentinel\ClamSentinel.exe
16:22:41.0768 0x1e90  Clam Sentinel - detected UnsignedFile.Multi.Generic ( 1 )
16:22:44.0083 0x1e90  Detect skipped due to KSN trusted
16:22:44.0083 0x1e90  Clam Sentinel - ok
16:22:44.0101 0x1e90  [ F5164E5D119C2892168B46D4C8FA16A7, D355DC94FF04AEB6160F496F92F5F864A1E5C6B909BFD341B79A358CE72B280E ] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
16:22:44.0125 0x1e90  GarminExpressTrayApp - ok
16:22:44.0957 0x1e90  [ 0BD96060678C1EC603E0DE78BFC4327A, 6E6D1BD58AFDCB3C75D29AC8A8D25137B7EDBBC5214DD76EEE13DC05078FC959 ] M:\Program Files (x86)\GlassWire\glasswire.exe
16:22:45.0638 0x1e90  GlassWire - ok
16:22:45.0663 0x1e90  [ F51BB12D8977D26C1A4CDA348770D9F1, DDA35CD8F8A6591B83821B5180D457740E0B820CCE000BC7FB1B78FB4AEAD3BA ] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe
16:22:45.0679 0x1e90  SpybotPostWindows10UpgradeReInstall - detected UnsignedFile.Multi.Generic ( 1 )
16:22:47.0987 0x1e90  Detect skipped due to KSN trusted
16:22:47.0987 0x1e90  SpybotPostWindows10UpgradeReInstall - ok
16:22:47.0987 0x1e90  Waiting for KSN requests completion. In queue: 3
16:22:48.0988 0x1e90  Waiting for KSN requests completion. In queue: 3
16:22:49.0988 0x1e90  Waiting for KSN requests completion. In queue: 3
16:22:50.0995 0x1e90  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x60100 ( disabled : updated )
16:22:50.0996 0x1e90  Win FW state via NFP2: disabled ( trusted )
16:22:53.0315 0x1e90  ============================================================
16:22:53.0315 0x1e90  Scan finished
16:22:53.0315 0x1e90  ============================================================
16:22:53.0318 0x0bcc  Detected object count: 2
16:22:53.0318 0x0bcc  Actual detected object count: 2
16:23:35.0156 0x0bcc  Killer Service V2 ( UnsignedFile.Multi.Generic ) - skipped by user
16:23:35.0156 0x0bcc  Killer Service V2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:23:35.0156 0x0bcc  7 Taskbar Tweaker ( UnsignedFile.Multi.Generic ) - skipped by user
16:23:35.0156 0x0bcc  7 Taskbar Tweaker ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:23:39.0588 0x1ef8  Deinitialize success

schrauber 29.09.2015 12:10
MBAM updaten, scannen, Funde löschen.

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

CptMw 29.09.2015 12:40
Vielen Dank an der Stelle schon mal für deine Hilfe.

MBAM hat nichts gefunden (Full Scan)

Code:
# AdwCleaner v5.009 - Bericht erstellt am 29/09/2015 um 13:27:59
# Aktualisiert am 27/09/2015 von Xplode
# Datenbank : 2015-09-27.1 [Server]
# Betriebssystem : Windows 8.1 Enterprise  (x64)
# Benutzername : mongole - MONGOMACHINE-8
# Gestartet von : C:\Users\mongole\Desktop\AdwCleaner_5.009.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****

[-] Ordner Gelöscht : C:\Users\mongole\AppData\Roaming\pdfforge

***** [ Dateien ] *****


***** [ Verknüpfungen ] *****


***** [ Geplante Tasks ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel Gelöscht : HKCU\Software\distromatic
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\distromatic

***** [ Internetbrowser ] *****

[-] [C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.requestpolicy.allowedOriginsToDestinations", "amazon.caimages-amazon.com amazon.cassl-images-amazon.com amazon.co.ukimages-amazon.com amazon.co.ukssl-images-amazon.com amazon[...]
[-] [C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.trackmenot.searchEngines", "aol,bing,yahoo,google");
[-] [C:\Users\mongole\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data] [Search Provider] Gelöscht : isohunt.us

*************************

:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Chrome Richtlinien gelöscht

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1586 Bytes] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.3 (09.21.2015:1)
OS: Windows 8.1 Enterprise x64
Ran by mongole on 29.09.2015 at 13:33:47,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\SysWOW64\REN86DC.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\RENDC0C.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\RENE5DA.tmp



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(default)
Successfully deleted: [Folder] C:\Users\mongole\Appdata\Local\crashrpt
Successfully deleted: [Folder] C:\Windows\system32\tasks\update





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.09.2015 at 13:36:30,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-09-2015 01
Ran by mongole (administrator) on MONGOMACHINE-8 (29-09-2015 13:38:59)
Running from C:\Users\mongole\Desktop
Loaded Profiles: mongole (Available Profiles: mongole)
Platform: Windows 8.1 Enterprise (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: "C:\Program Files\Pale Moon\palemoon.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Moonchild Productions) C:\Program Files\Pale Moon\palemoon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\nfsclnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(EJIE Technology) C:\Program Files (x86)\Clover\clover.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-15] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14862456 2015-09-01] (Logitech Inc.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [OODefragTray] => M:\Program Files\OO Software\Defrag\oodtray.exe
HKLM\...\Run: [Greenshot] => m:\Program Files\Greenshot\Greenshot.exe [540672 2015-04-19] (Greenshot)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-08-09] (IvoSoft)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2715536 2015-04-10] (Dominik Reichl)
HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [735744 2013-02-27] (Creative Technology Ltd)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [GDataUsbProtection] => C:\Program Files (x86)\G DATA\USB KEYBOARD GUARD\GD2NDKBB.exe [1412216 2014-09-05] (G Data Software AG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [39175960 2015-08-14] (Dropbox, Inc.)
HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [830416 2015-08-03] (MSI)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [11328464 2015-09-11] (Micro-Star INT'L CO., LTD.)
HKLM\...\Command Processor: "C:\Program Files (x86)\clink\0.4.2\clink" inject --profile "~\clink" <======= ATTENTION
HKLM-x32\...\Command Processor: "C:\Program Files (x86)\clink\0.4.2\clink" inject --profile "~\clink" <======= ATTENTION
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [7 Taskbar Tweaker] => M:\Program Files (x86)\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [380416 2015-08-22] (RaMMicHaeL)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [ClamWin] => m:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2015-05-05] (alch)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [SandboxieControl] => m:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-06-23] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [Google Update] => C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [ownCloud] => M:\Program Files (x86)\ownCloud\owncloud.exe [1748494 2015-09-01] ()
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [Ditto] => m:\Program Files\Ditto\Ditto.exe [1975808 2015-01-10] ()
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [LoxCONTROL] => M:\Program Files (x86)\Loxone\LoxoneConfig\LoxCONTROL.exe [1865176 2014-05-07] (Loxone Electronics GmbH)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [f.lux] => C:\Users\mongole\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [Clam Sentinel] => C:\Program Files (x86)\ClamSentinel\ClamSentinel.exe [737280 2014-07-18] (Andrea Russo - Italy)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [GlassWire] => M:\Program Files (x86)\GlassWire\glasswire.exe [12771872 2015-07-30] (SecureMix LLC)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {00fc8422-4518-11e4-8264-0015833d0a57} - "Z:\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {07a2f1dc-dbb6-11e4-8291-97d8e33ee520} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0b248c5f-c9bc-11e4-8290-0015833d0a57} - "R:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0d1c3130-6b70-11e4-8273-0015833d0a57} - "J:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0d1c31a4-6b70-11e4-8273-0015833d0a57} - "J:\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0d1c31c9-6b70-11e4-8273-0015833d0a57} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0d1c3228-6b70-11e4-8273-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {14df6a04-0a84-11e5-82a0-0015833d0a57} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {162e6353-bf1e-11e4-828f-0015833d0a57} - "Q:\BvsC_Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {18bfff98-a6b1-11e4-8284-e65431e47091} - "R:\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {2df4f224-5338-11e5-82b8-c975e38b645c} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {2f6767ba-72b0-11e4-8277-0015833d0a57} - "P:\start.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {4ab32722-d8e7-11e4-8291-97d8e33ee520} - "H:\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {4ab327eb-d8e7-11e4-8291-97d8e33ee520} - "H:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {4ab328a3-d8e7-11e4-8291-97d8e33ee520} - "L:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {4fc9a4b0-580a-11e5-82ba-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {60881c93-86fc-11e4-827e-9f3555d7a4f3} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {642b4753-b3df-11e4-828e-a9ce0c2de137} - "P:\Autorun.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {642b4891-b3df-11e4-828e-a9ce0c2de137} - "P:\Autorun.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {714b828f-4260-11e5-82b7-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {762b7399-7812-11e4-827d-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {762b75e7-7812-11e4-827d-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {762b9426-7812-11e4-827d-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {83042a8e-617d-11e4-8273-0015833d0a57} - "J:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {83042bc2-617d-11e4-8273-0015833d0a57} - "J:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {83043e48-617d-11e4-8273-0015833d0a57} - "J:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {830440a0-617d-11e4-8273-0015833d0a57} - "K:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {83044447-617d-11e4-8273-0015833d0a57} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {89f42221-ff1a-11e4-82a0-0015833d0a57} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {9aada012-a252-11e4-8284-e65431e47091} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {9aadaf0b-a252-11e4-8284-e65431e47091} - "R:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {a4fef4da-5e67-11e5-82ba-0015833d0a57} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {a9a16c7d-0027-11e5-82a0-0015833d0a57} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {b22c0533-6397-11e5-82bc-0015833d0a57} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {b39f8cc0-1d22-11e5-82a9-0015833d0a57} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {d225db12-d660-11e4-8291-97d8e33ee520} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {d225e732-d660-11e4-8291-97d8e33ee520} - "H:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {dc266ba8-80b9-11e4-827d-0015833d0a57} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {dfac2b46-37c5-11e5-82b2-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e0617187-c45c-11e4-828f-0015833d0a57} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e06176a3-c45c-11e4-828f-0015833d0a57} - "R:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e54e06e4-b393-11e4-828e-a9ce0c2de137} - "H:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e54e0808-b393-11e4-828e-a9ce0c2de137} - "H:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e7b61e58-9e1a-11e4-8284-e65431e47091} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [{BF6DA836-4385-488D-8F01-89E886CAD41D}] => "B:\Killer_Network_Drivers_(driver_only)_1.1.50.1073\Killer\setup.exe"
HKU\S-1-5-18\...\Policies\system: [DisableLockWorkstation] 0
ShellIconOverlayIdentifiers: [  OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCErrorShared] -> {0960F091-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCOKShared] -> {0960F093-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCSyncShared] -> {0960F095-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCWarning] -> {0960F096-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCWarningShared] -> {0960F097-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BtProx.lnk [2015-03-29]
ShortcutTarget: BtProx.lnk -> C:\Program Files (x86)\BtProx\btprox.exe (BtProx)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Duplicati.lnk [2014-10-19]
ShortcutTarget: Duplicati.lnk -> M:\Program Files\Duplicati\Duplicati.exe (HexaD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-09-07]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)
Startup: C:\Users\mongole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk [2014-12-16]
ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)
Startup: C:\Users\mongole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VirtuaWin.lnk [2014-09-23]
ShortcutTarget: VirtuaWin.lnk -> C:\Program Files (x86)\VirtuaWin\VirtuaWin.exe (VirtuaWin)
BootExecute: autocheck autochk /m /P \Device\TrueCryptVolumeZautocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{8F5EDCF9-F14F-4A0C-AEB1-5860B2A385C0}: [NameServer] 192.168.100.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-29] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-29] (Oracle Corporation)
BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> C:\Program Files (x86)\Clover\TabHelper64.dll [2014-01-23] (EJIE Technology)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> m:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-06-27] (FreeDownloadManager.ORG)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\mongole\AppData\Roaming\Mozilla\Firefox\Profiles\q1eucqck.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-29] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> m:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> m:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> m:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-11-27] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin HKU\S-1-5-21-3859236888-2619314948-3413747170-1001: @tools.google.com/Google Update;version=3 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-3859236888-2619314948-3413747170-1001: @tools.google.com/Google Update;version=9 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - m:\Program Files (x86)\Free Download Manager\Firefox\Extension
FF Extension: Free Download Manager plugin - m:\Program Files (x86)\Free Download Manager\Firefox\Extension [2014-09-25]
StartMenuInternet: FIREFOX.EXE - m:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
S2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [112640 2013-07-03] (Creative Technology Ltd)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-07-25] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-07-25] (Dropbox, Inc.)
S2 DirMngr; m:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2014-09-03] () [File not signed]
S2 EMET_Service; C:\Program Files (x86)\EMET 5.2\EMET_Service.exe [22680 2015-03-11] (Microsoft Corporation)
S3 FileZilla Server; m:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [794584 2015-06-12] (FileZilla Project)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [762272 2015-09-11] (Garmin Ltd. or its subsidiaries)
S2 GlassWire; M:\Program Files (x86)\GlassWire\GWCtlSrv.exe [7438880 2015-07-30] (SecureMix LLC)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 iked; m:\Program Files\ShrewSoft\VPN Client\iked.exe [1127736 2013-07-01] ()
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
S3 ipsecd; m:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-07-01] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-04-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
S2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [402432 2015-07-07] (Rivet Networks) [File not signed]
S2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [192120 2015-09-01] (Logitech Inc.)
S3 MBAMService; m:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MSIBIOSData_CC; C:\Program Files (x86)\MSI\Command Center\BIOSData\MSIBIOSDataService.exe [2106832 2015-06-29] (MSI)
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [4045264 2015-08-03] (MSI)
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2123216 2015-07-08] (MSI)
S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe [4177360 2015-07-07] (MSI)
S2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2002896 2015-07-28] (MSI)
S2 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2284496 2015-07-30] (MSI)
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2072528 2015-06-29] (MSI)
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [599504 2015-07-28] (MSI)
S2 MSI_ECOSERVICE; C:\Program Files (x86)\MSI\ECO Center\ECO_Service.exe [2266280 2015-03-27] (Micro-Star INT'L CO., LTD.)
S2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1768912 2015-09-11] (Micro-Star INT'L CO., LTD.)
R2 NfsClnt; C:\Windows\system32\nfsclnt.exe [100352 2014-09-25] (Microsoft Corporation)
S3 OODefragAgent; M:\Program Files\OO Software\Defrag\oodag.exe [1660200 2014-08-29] (O&O Software GmbH)
S3 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S2 SbieSvc; m:\Program Files\Sandboxie\SbieSvc.exe [175752 2015-06-23] (Sandboxie Holdings, LLC)
S3 Synergy; M:\Program Files\Synergy\synergyd.exe [298496 2014-05-23] () [File not signed]
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S2 uvnc_service; m:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe [1979136 2015-05-28] (UltraVNC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 MPlayerWWService; "M:\Programme\mplayer\tools\MPlayerWWService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-04-28] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-04-28] (SlySoft, Inc.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [118320 2015-06-19] (Rivet Networks, LLC.)
R3 bthav; C:\Windows\system32\drivers\bthav.sys [40448 2008-07-10] (CSR, plc)
R3 cthda; C:\Windows\system32\drivers\cthda.sys [1060632 2013-07-03] (Creative Technology Ltd)
R3 cthdb; C:\Windows\system32\DRIVERS\cthdb.sys [34072 2013-07-03] (Creative Technology Ltd)
R0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [210632 2014-07-09] ()
S3 dvblink_tuner; C:\Windows\system32\drivers\dvblink_tuner.sys [78184 2013-10-24] (DVBLogic)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 GDKBBlocker; C:\Windows\system32\drivers\GDKBBlocker64.sys [30720 2015-03-04] (G Data Software AG)
R1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (SecureMix LLC)
S3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [126512 2015-03-18] (Qualcomm Atheros, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation)
R3 NfsRdr; C:\Windows\System32\drivers\nfsrdr.sys [261120 2014-09-25] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NTIOLib_ECO; C:\Program Files (x86)\MSI\ECO Center\NTIOLib_X64.sys [13808 2014-01-06] (MSI)
R3 NTIOLib_MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-26] (MSI)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-02-05] (NVIDIA Corporation)
S3 pbfilter; M:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
S3 PORTMON; M:\Programme\SysinternalsSuite\PORTMSYS.SYS [28656 2015-07-11] (Systems Internals) [File not signed]
R2 RAMDriv; C:\Windows\system32\DRIVERS\ramdriv.sys [81912 2012-12-27] (Micro-Star Int'l Co., Ltd.)
R3 RpcXdr; C:\Windows\System32\drivers\rpcxdr.sys [131072 2014-09-25] (Microsoft Corporation)
R3 SbieDrv; m:\Program Files\Sandboxie\SbieDrv.sys [190088 2015-06-23] (Sandboxie Holdings, LLC)
S3 UDST7000BDA; C:\Windows\system32\DRIVERS\TerraTecUsbBda.sys [917160 2012-08-20] (TerraTec Electronic GmbH.)
S3 UDST7000HID; C:\Windows\System32\drivers\TerraTecUsbHid.sys [26408 2012-08-20] (TerraTec Electronic GmbH.)
U5 UnlockerDriver5; c:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [146072 2015-07-09] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115208 2015-05-13] (Oracle Corporation)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [192344 2015-07-25] (IDRIX)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wod0205; C:\Windows\system32\DRIVERS\wod0205.sys [33160 2011-04-23] (WeOnlyDo Software)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-29 13:38 - 2015-09-29 13:39 - 00037925 _____ C:\Users\mongole\Desktop\FRST.txt
2015-09-29 13:38 - 2015-09-29 13:38 - 02192384 _____ (Farbar) C:\Users\mongole\Desktop\FRST64.exe
2015-09-29 13:36 - 2015-09-29 13:36 - 00001029 _____ C:\Users\mongole\Desktop\JRT.txt
2015-09-29 13:32 - 2015-09-29 13:32 - 00001686 _____ C:\Users\mongole\Desktop\tb.txt
2015-09-29 13:32 - 2015-09-29 13:32 - 00000021 _____ C:\Windows\S.dirmngr
2015-09-29 13:32 - 2015-09-29 13:32 - 00000000 ____D C:\Users\mongole\Desktop\Neuer Ordner
2015-09-29 13:27 - 2015-09-29 13:26 - 01798976 _____ (Malwarebytes) C:\Users\mongole\Desktop\JRT.exe
2015-09-29 13:23 - 2015-09-29 13:23 - 01670656 _____ C:\Users\mongole\Desktop\AdwCleaner_5.009.exe
2015-09-28 16:19 - 2015-09-28 16:18 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\mongole\Desktop\tdsskiller.exe
2015-09-27 12:00 - 2015-09-27 12:05 - 00000040 ___SH C:\ProgramData\.zreglib
2015-09-27 11:57 - 2015-09-27 11:57 - 00000000 ____D C:\ProgramData\SlySoft
2015-09-27 11:57 - 2015-09-27 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
2015-09-27 11:57 - 2015-09-27 11:57 - 00000000 ____D C:\Program Files (x86)\SlySoft
2015-09-27 05:17 - 2015-09-27 05:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCDEmu
2015-09-27 03:09 - 2015-09-27 03:09 - 00000000 ____D C:\Users\mongole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2015-09-26 04:25 - 2015-09-26 04:25 - 00000000 ___RD C:\Sandbox
2015-09-26 02:57 - 2015-09-26 02:57 - 00000000 ____D C:\Program Files (x86)\ESET
2015-09-25 23:38 - 2015-09-29 13:39 - 00000000 ____D C:\FRST
2015-09-25 22:38 - 2015-09-25 22:38 - 00000445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOMA.lnk
2015-09-25 22:38 - 2015-09-25 22:38 - 00000000 ____D C:\Users\mongole\AppData\Roaming\F3247B3C-E835-478E-8AA4-F9949F685480
2015-09-25 16:05 - 2015-08-22 15:42 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-09-25 16:05 - 2015-08-10 20:15 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-09-25 16:05 - 2015-08-10 20:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-09-25 16:05 - 2015-08-10 20:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-09-25 16:05 - 2015-08-10 19:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-09-25 16:05 - 2015-08-10 18:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-09-25 16:05 - 2015-08-10 18:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-09-25 16:05 - 2015-08-07 23:41 - 07460168 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-25 16:05 - 2015-08-07 23:40 - 01736520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-25 16:05 - 2015-08-07 23:40 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-25 16:05 - 2015-08-07 23:40 - 01134752 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-25 16:05 - 2015-08-07 23:40 - 00686960 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-25 16:05 - 2015-08-07 23:40 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-25 16:05 - 2015-08-07 16:13 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-25 16:05 - 2015-08-06 21:15 - 01658544 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-25 16:05 - 2015-08-06 21:15 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-09-25 16:05 - 2015-08-06 21:15 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-25 16:05 - 2015-08-06 21:15 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-09-25 16:05 - 2015-08-06 19:05 - 00669184 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2015-09-25 16:05 - 2015-08-06 18:47 - 04710400 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-09-25 16:05 - 2015-08-06 18:37 - 00536576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2015-09-25 16:05 - 2015-08-06 18:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-09-25 16:05 - 2015-07-16 20:58 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\NcdAutoSetup.dll
2015-09-23 21:06 - 2015-09-23 21:09 - 00000000 ____D C:\Users\mongole\AppData\Roaming\FRITZ!
2015-09-23 21:04 - 2015-09-23 21:04 - 00000726 _____ C:\Users\Public\Desktop\FRITZ!fax.lnk
2015-09-23 21:04 - 2015-09-23 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!
2015-09-23 21:04 - 2006-02-23 12:16 - 00047616 _____ (TODO: <Company name>) C:\Windows\system32\AvmColorFax.dll
2015-09-23 21:04 - 2006-02-23 11:35 - 00020480 _____ C:\Windows\system32\FritzColorPort64.dll
2015-09-23 21:04 - 2006-02-22 10:53 - 00043520 _____ (TODO: <Company name>) C:\Windows\system32\AvmFax.dll
2015-09-23 21:04 - 2006-02-22 10:51 - 00027136 _____ (AVM Berlin GmbH) C:\Windows\system32\FriDru64.dll
2015-09-23 21:04 - 2006-02-22 10:39 - 00020480 _____ C:\Windows\system32\FritzPort64.dll
2015-09-23 21:03 - 2015-09-23 21:03 - 00000000 ____D C:\ProgramData\ISDNWatch
2015-09-23 21:03 - 2015-09-23 21:03 - 00000000 ____D C:\ProgramData\FRITZ!fax für FRITZ!Box
2015-09-23 20:58 - 2015-09-23 20:58 - 00000174 _____ C:\Windows\setup.log
2015-09-22 20:35 - 2015-09-14 02:29 - 42840368 _____ C:\Windows\system32\nvcompiler.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 37819000 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 22525560 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 16637528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 14936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 13660648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 12514824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 12185344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 11096696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-09-22 20:35 - 2015-09-14 02:29 - 03530608 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 03116160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 02940024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 02627192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 01898288 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435598.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 01558832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435598.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 01105976 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 01074808 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 01064056 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00986232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00944760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00943712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00879000 _____ C:\Windows\system32\nvmcumd.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00512904 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00421544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00408184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00364152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-09-17 16:50 - 2015-09-17 16:50 - 00000000 ____D C:\Users\mongole\AppData\Roaming\XnView
2015-09-16 18:58 - 2015-09-16 18:58 - 00000000 ____D C:\Users\mongole\AppData\Roaming\TagScanner
2015-09-16 18:58 - 2015-09-16 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner
2015-09-15 23:24 - 2015-09-15 23:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-09-15 23:24 - 2015-06-04 10:36 - 00115592 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2015-09-15 04:12 - 2015-09-15 04:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-09-12 03:14 - 2015-09-12 03:14 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-12 03:14 - 2015-09-12 03:14 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-09-12 03:14 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-09-11 20:08 - 2015-09-11 20:08 - 00000711 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hatred.lnk
2015-09-11 01:21 - 2015-09-27 03:09 - 00000000 ____D C:\Users\mongole\AppData\Roaming\IrfanView
2015-09-11 00:21 - 2015-09-29 13:32 - 00002766 _____ C:\Windows\setupact.log
2015-09-11 00:21 - 2015-09-11 00:21 - 00000000 _____ C:\Windows\setuperr.log
2015-09-10 22:18 - 2015-09-10 22:18 - 00000018 _____ C:\Users\mongole\start
2015-09-10 21:44 - 2015-09-10 22:18 - 00000018 _____ C:\Users\mongole\stop
2015-09-10 21:05 - 2015-09-14 02:29 - 14635600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-09-10 21:05 - 2015-08-25 20:46 - 01898288 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435582.dll
2015-09-10 21:05 - 2015-08-25 20:46 - 01558648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435582.dll
2015-09-10 20:57 - 2015-09-03 04:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-10 20:57 - 2015-09-03 04:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-10 20:57 - 2015-09-02 20:48 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-10 20:57 - 2015-09-02 19:09 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-10 20:57 - 2015-09-02 04:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-10 20:57 - 2015-09-02 04:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-10 20:57 - 2015-09-02 04:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-10 20:57 - 2015-09-02 04:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-10 20:57 - 2015-09-02 04:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-10 20:57 - 2015-08-27 04:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-10 20:57 - 2015-08-26 20:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-10 20:57 - 2015-08-26 20:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-10 20:57 - 2015-08-26 20:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-10 20:57 - 2015-08-26 20:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-10 20:57 - 2015-08-26 16:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-10 20:57 - 2015-08-26 16:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-10 20:57 - 2015-08-26 16:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-10 20:57 - 2015-08-26 16:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-09-10 20:57 - 2015-08-26 16:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-10 20:57 - 2015-08-26 16:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-10 20:57 - 2015-08-26 16:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-10 20:57 - 2015-08-22 20:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-10 20:57 - 2015-08-22 19:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-10 20:57 - 2015-08-22 19:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-10 20:57 - 2015-08-22 19:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-10 20:57 - 2015-08-22 19:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-10 20:57 - 2015-08-22 19:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-10 20:57 - 2015-08-22 18:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-10 20:57 - 2015-08-22 18:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-10 20:57 - 2015-08-22 18:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-09-10 20:57 - 2015-08-22 18:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-10 20:57 - 2015-08-22 18:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-09-10 20:57 - 2015-08-22 18:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-10 20:57 - 2015-08-22 18:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-10 20:57 - 2015-08-22 18:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-10 20:57 - 2015-08-22 18:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-10 20:57 - 2015-08-22 18:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-10 20:57 - 2015-08-22 18:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-10 20:57 - 2015-08-22 18:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-10 20:57 - 2015-08-22 18:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-09-10 20:57 - 2015-08-22 18:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-10 20:57 - 2015-08-22 18:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-09-10 20:57 - 2015-08-22 18:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-10 20:57 - 2015-08-22 18:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-10 20:57 - 2015-08-22 18:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-10 20:57 - 2015-08-22 18:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-10 20:57 - 2015-08-22 18:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-10 20:57 - 2015-08-22 18:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-10 20:57 - 2015-08-22 17:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-10 20:57 - 2015-08-22 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-10 20:57 - 2015-08-03 23:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-10 20:57 - 2015-08-03 23:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-10 20:57 - 2015-08-01 16:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-10 20:57 - 2015-08-01 05:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2015-09-10 20:57 - 2015-08-01 05:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2015-09-10 20:57 - 2015-08-01 05:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-10 20:57 - 2015-08-01 05:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2015-09-10 20:57 - 2015-08-01 05:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2015-09-10 20:57 - 2015-07-30 19:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-10 20:57 - 2015-07-30 18:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-10 20:57 - 2015-07-22 16:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-10 20:57 - 2015-07-22 16:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-09-10 20:57 - 2015-07-22 16:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-10 20:57 - 2015-07-22 16:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-09-10 20:57 - 2015-07-18 20:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2015-09-10 20:57 - 2015-07-18 20:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2015-09-10 20:57 - 2015-07-18 20:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2015-09-10 20:57 - 2015-07-18 20:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2015-09-07 01:18 - 2015-09-07 01:18 - 00002801 _____ C:\Users\Public\Desktop\Killer Network Manager.lnk
2015-09-07 01:18 - 2015-09-07 01:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Killer Networking
2015-09-07 01:18 - 2015-09-07 01:18 - 00000000 ____D C:\ProgramData\Killer
2015-09-07 01:18 - 2015-09-07 01:18 - 00000000 ____D C:\Program Files\Killer Networking
2015-09-05 17:51 - 2015-09-05 17:51 - 00000722 _____ C:\Users\mongole\Desktop\Act of Aggression.lnk
2015-09-05 17:51 - 2015-09-05 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Act of Aggression
2015-09-04 21:10 - 2015-09-04 21:12 - 00000000 ____D C:\Users\mongole\Documents\b1-keys
2015-09-04 21:10 - 2015-09-04 21:10 - 00000000 ____D C:\Users\mongole\b1-keys
2015-09-02 14:25 - 2015-09-02 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-02 13:36 - 2015-09-02 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.0
2015-08-30 19:57 - 2015-08-30 19:57 - 00000665 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2015-08-30 19:57 - 2015-08-30 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-08-30 19:57 - 2015-08-30 19:57 - 00000000 ____D C:\Program Files (x86)\WinPcap

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-29 13:38 - 2014-10-17 18:44 - 00002452 _____ C:\Users\mongole\Desktop\Google Chrome Canary.lnk
2015-09-29 13:38 - 2014-10-17 18:44 - 00001158 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001UA.job
2015-09-29 13:38 - 2014-09-21 21:26 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3859236888-2619314948-3413747170-1001
2015-09-29 13:37 - 2014-09-22 15:08 - 00763218 _____ C:\Windows\system32\perfh007.dat
2015-09-29 13:37 - 2014-09-22 15:08 - 00159364 _____ C:\Windows\system32\perfc007.dat
2015-09-29 13:37 - 2014-03-18 12:01 - 01780340 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-29 13:35 - 2014-09-26 00:20 - 00006469 _____ C:\Windows\SysWOW64\Gms.log
2015-09-29 13:35 - 2014-09-21 21:21 - 00000000 ____D C:\Users\mongole
2015-09-29 13:33 - 2015-07-25 19:36 - 00001242 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-09-29 13:33 - 2014-10-26 01:01 - 00000000 ____D C:\Users\mongole\AppData\Roaming\Ditto
2015-09-29 13:33 - 2014-09-24 22:03 - 00000000 ____D C:\Users\mongole\AppData\Roaming\Dropbox
2015-09-29 13:33 - 2014-09-21 21:27 - 01090976 _____ C:\Windows\WindowsUpdate.log
2015-09-29 13:33 - 2014-09-21 21:21 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2015-09-29 13:32 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-29 13:29 - 2014-03-18 11:51 - 00086172 _____ C:\Windows\PFRO.log
2015-09-29 13:27 - 2015-06-15 21:31 - 00000000 ____D C:\AdwCleaner
2015-09-29 13:27 - 2014-10-12 20:02 - 00000000 ____D C:\Users\mongole\AppData\Roaming\qBittorrent
2015-09-29 13:27 - 2014-09-23 01:24 - 00000000 ____D C:\Users\mongole\AppData\Roaming\HexChat
2015-09-29 13:27 - 2014-09-22 15:20 - 00000000 ____D C:\Users\mongole\AppData\Roaming\KeePass
2015-09-29 13:26 - 2014-09-22 21:43 - 00000000 ____D C:\Users\mongole\AppData\Roaming\.purple
2015-09-29 04:41 - 2015-07-25 19:36 - 00001246 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-09-29 04:37 - 2014-10-17 18:44 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001Core.job
2015-09-29 03:13 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-09-28 20:42 - 2015-02-08 19:27 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-09-28 20:42 - 2015-02-08 19:27 - 00001047 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-09-28 20:42 - 2015-02-08 19:26 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-09-28 19:01 - 2014-10-02 21:17 - 00001780 _____ C:\Windows\Sandboxie.ini
2015-09-28 11:30 - 2014-10-31 13:52 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-27 05:17 - 2014-09-22 22:22 - 00000000 ____D C:\Program Files (x86)\WinCDEmu
2015-09-27 00:19 - 2014-09-22 22:51 - 00000000 ____D C:\Users\mongole\AppData\Roaming\gnupg
2015-09-26 22:31 - 2015-03-16 21:35 - 00000000 ____D C:\Program Files\Pale Moon
2015-09-26 12:47 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\tracing
2015-09-25 23:40 - 2015-04-25 06:20 - 00000000 ____D C:\Program Files\McAfee
2015-09-25 23:30 - 2014-09-22 15:18 - 00070702 _____ C:\Users\mongole\Desktop\main.kdbx
2015-09-25 23:27 - 2015-04-25 06:20 - 00000000 ____D C:\Program Files\stinger
2015-09-25 22:48 - 2014-09-22 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ConEmu
2015-09-25 22:48 - 2014-09-22 21:39 - 00000000 ____D C:\Program Files\ConEmu
2015-09-25 16:55 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-09-25 16:05 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-09-25 01:47 - 2014-09-25 15:33 - 00000000 ____D C:\Users\mongole\AppData\Roaming\foobar2000
2015-09-24 22:58 - 2014-10-05 20:45 - 00000000 ____D C:\Users\mongole\AppData\Roaming\vlc
2015-09-24 20:29 - 2014-09-22 23:04 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2015-09-24 20:27 - 2014-09-22 23:04 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-09-24 20:27 - 2014-09-22 23:04 - 00006223 _____ C:\Windows\LkmdfCoInst.log
2015-09-24 20:27 - 2014-09-22 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-09-23 21:03 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\Help
2015-09-22 20:35 - 2014-09-24 01:32 - 00000000 ____D C:\Temp
2015-09-22 20:35 - 2014-09-22 15:15 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-22 20:34 - 2014-09-26 00:16 - 00000000 ____D C:\MSI
2015-09-22 20:34 - 2014-09-26 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2015-09-22 20:34 - 2014-09-26 00:12 - 00000000 ____D C:\Program Files (x86)\MSI
2015-09-15 04:32 - 2014-10-17 18:44 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001UA
2015-09-15 04:32 - 2014-10-17 18:44 - 00003728 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001Core
2015-09-15 04:12 - 2014-09-22 23:59 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2015-09-15 04:12 - 2014-09-22 23:59 - 00001906 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2015-09-15 04:12 - 2014-09-22 23:59 - 00000000 ____D C:\Program Files (x86)\Garmin
2015-09-15 04:12 - 2014-09-21 21:27 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-15 03:18 - 2013-08-22 17:38 - 00812008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-15 03:18 - 2013-08-22 17:38 - 00178152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-14 02:29 - 2015-02-21 21:30 - 18543736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-09-14 02:29 - 2014-11-17 00:00 - 15513208 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-09-14 02:29 - 2014-09-22 15:15 - 17082928 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-09-14 02:29 - 2014-09-22 15:15 - 00112760 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-09-14 02:29 - 2014-09-22 15:15 - 00105080 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-09-14 02:29 - 2014-09-22 15:15 - 00033079 _____ C:\Windows\system32\nvinfo.pb
2015-09-14 00:09 - 2014-09-22 15:15 - 06884984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-09-14 00:09 - 2014-09-22 15:15 - 03496056 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-09-14 00:09 - 2014-09-22 15:15 - 02558584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-09-14 00:09 - 2014-09-22 15:15 - 00937776 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-09-14 00:09 - 2014-09-22 15:15 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-09-14 00:09 - 2014-09-22 15:15 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-09-11 14:17 - 2014-09-22 15:15 - 05231082 _____ C:\Windows\system32\nvcoproc.bin
2015-09-11 01:00 - 2014-10-24 23:29 - 00000038 _____ C:\Users\mongole\.lesshst
2015-09-11 00:23 - 2014-10-19 23:36 - 00000738 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ownCloud.lnk
2015-09-10 21:08 - 2013-08-22 16:44 - 00409384 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-10 21:07 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-10 21:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-09-10 20:58 - 2014-03-18 11:43 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-08 22:55 - 2014-09-22 21:36 - 00001771 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FossaMail.lnk
2015-09-08 22:55 - 2014-09-22 21:36 - 00000000 ____D C:\Program Files\FossaMail
2015-09-06 00:52 - 2015-06-22 22:15 - 00000992 _____ C:\Users\mongole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2015-09-05 20:14 - 2014-09-25 20:49 - 00000000 ____D C:\Users\mongole\Documents\My Games
2015-09-05 17:38 - 2014-10-24 23:35 - 00000000 ____D C:\Users\mongole\.VirtualBox
2015-09-05 09:16 - 2014-11-16 20:05 - 00000600 _____ C:\Users\mongole\AppData\Roaming\winscp.rnd
2015-09-04 19:49 - 2015-01-11 17:43 - 00034426 _____ C:\Users\mongole\Documents\default.xdb
2015-09-02 14:25 - 2015-07-25 19:36 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-08-31 23:15 - 2014-09-26 01:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPU-Z

==================== Files in the root of some directories =======

2014-11-16 20:05 - 2015-09-05 09:16 - 0000600 _____ () C:\Users\mongole\AppData\Roaming\winscp.rnd
2014-09-24 04:01 - 2014-10-28 08:45 - 0005632 _____ () C:\Users\mongole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-22 14:53 - 2015-04-12 14:56 - 0000000 _____ () C:\Users\mongole\AppData\Local\Driver_LOM_8161Present.flag
2015-03-01 01:39 - 2015-03-01 01:39 - 0000000 ___SH () C:\Users\mongole\AppData\Local\LumaEmu
2014-11-24 20:59 - 2015-09-28 20:56 - 0000600 _____ () C:\Users\mongole\AppData\Local\PUTTY.RND
2014-09-26 12:29 - 2015-02-18 01:23 - 0007600 _____ () C:\Users\mongole\AppData\Local\resmon.resmoncfg
2014-10-13 07:21 - 2014-10-13 07:21 - 0004222 _____ () C:\Users\mongole\AppData\Local\Shrew Soft VPN.7z
2015-09-27 12:00 - 2015-09-27 12:05 - 0000040 ___SH () C:\ProgramData\.zreglib

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-23 02:12

==================== End of FRST.txt ============================

CptMw 29.09.2015 12:41
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-09-2015 01
Ran by mongole (2015-09-29 13:39:15)
Running from C:\Users\mongole\Desktop
Windows 8.1 Enterprise (X64) (2014-09-21 19:21:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3859236888-2619314948-3413747170-500 - Administrator - Disabled)
Guest (S-1-5-21-3859236888-2619314948-3413747170-501 - Limited - Disabled)
mongole (S-1-5-21-3859236888-2619314948-3413747170-1001 - Administrator - Enabled) => C:\Users\mongole

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7+ Taskbar Tweaker v5.0 (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\7 Taskbar Tweaker) (Version: 5.0 - RaMMicHaeL)
7-Zip 15.05 beta x64 (HKLM\...\7-Zip) (Version:  - )
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Act of Aggression (HKLM-x32\...\Act of Aggression_is1) (Version:  - )
Activision(R) (x32 Version: 1.00.0000 - Activision) Hidden
ADBGUI6 (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\979922cacf20f967) (Version: 6.0.1.22 - URGERO.ORG)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.8 - Sereby Corporation)
Among The Sleep (HKLM-x32\...\Among The Sleep_is1) (Version:  - )
And Yet It Moves (HKLM-x32\...\Steam App 18700) (Version:  - Broken Rules)
Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.3.3 - Angry IP Scanner)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.6.4.0 - SlySoft)
Areca (HKLM-x32\...\Areca) (Version:  - )
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version:  - Studio Wildcard)
Assassins Creed Unity (HKLM-x32\...\QXNzYXNzaW5zQ3JlZWRVbml0eQ==_is1) (Version: 1 - )
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)
AxCrypt 1.7.3156.0 (HKLM\...\{8B49CDB9-824C-44D6-A5D3-D0235D3030B8}) (Version: 1.7.3156.0 - Axantum Software AB)
Battle vs. Chess (HKLM-x32\...\Battle vs. Chess_is1) (Version: 1.0 - Zuxxez Entertainment)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)
BIT.TRIP RUNNER (HKLM-x32\...\Steam App 63710) (Version:  - Gaijin Games)
Bitcoin Core (32-bit) (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Bitcoin Core (32-bit)) (Version: 0.10.1 - Bitcoin Core project)
Bitcoin Core (64-bit) (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Bitcoin Core (64-bit)) (Version: 0.11.0 - Bitcoin Core project)
BleachBit (HKLM-x32\...\BleachBit) (Version: 1.8 - BleachBit)
Bloodsports TV (HKLM-x32\...\Bloodsports TV_is1) (Version:  - )
Blur(TM) (HKLM-x32\...\InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}) (Version: 1.00.0000 - Activision)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
BtProx (HKLM-x32\...\BtProx) (Version:  - Uri Kogan)
Call of Duty - Advanced Warfare (HKLM-x32\...\Call of Duty - Advanced Warfare_is1) (Version:  - )
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Citrix AppCenter (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.Citrix AppCenter) (Version: 1.0 - Delivered by Citrix)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.2.0.10 - Citrix Systems, Inc.)
Citrix Terminalserver (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@TS.Citrix Terminalserver) (Version: 1.0 - Delivered by Citrix)
Clam Sentinel 1.22 (HKLM-x32\...\{060FE577-1BDF-4330-ACCA-B6760AB07191}_is1) (Version:  - Andrea Russo - Italy)
ClamWin Free Antivirus 0.98.7 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version:  - alch)
Classic Shell (HKLM\...\{E289B7DD-6732-4333-A47A-75A145D23EE3}) (Version: 4.2.4 - IvoSoft)
Clink v0.4.2 (HKLM-x32\...\clink_0.4.2) (Version: 0.4.2 - Martin Ridgers)
Closure (HKLM-x32\...\Steam App 72000) (Version:  - Eyebrow Interactive)
Clover 3.0 (HKLM-x32\...\Clover) (Version: 3.0 - EJIE Technology)
cmd (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.cmd) (Version: 1.0 - Delivered by Citrix)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
ConEmu (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.ConEmu) (Version: 1.0 - Delivered by Citrix)
ConEmu 150913.x64 (HKLM\...\{FE293547-3E5B-4E1F-B9A8-724C4881CA22}) (Version: 11.150.9130 - ConEmu-Maximus5)
Contagion (HKLM-x32\...\Steam App 238430) (Version:  - Monochrome, Inc)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version:  - Nexon)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CPUID CPU-Z 1.73 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DBOX2 Image-Flashing-Assistent 3.1 (HKLM-x32\...\DBOX2 Image-Flashing-Assistent_is1) (Version:  - Hallenberg.com)
Dead Island (HKLM-x32\...\Steam App 91310) (Version:  - Techland)
DEAD OR ALIVE 5 Last Round (HKLM-x32\...\REVBRE9SQUxJVkU1TGFzdFJvdW5k_is1) (Version: 1 - )
Dead Rising 3 (HKLM-x32\...\Dead Rising 3_is1) (Version:  - )
Depth (HKLM-x32\...\Steam App 274940) (Version:  - Digital Confectioners)
Desura (HKLM-x32\...\Desura) (Version: 100.59 - Desura)
DigiTweet (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\7d5aa0ba8fedecb4) (Version: 1.0.0.59 - Digiflare Inc.)
DiskCryptor 1.1 (HKLM\...\DiskCryptor_is1) (Version: 1.1 - hxxp://diskcryptor.net/)
DiskInternals Linux Reader (HKLM-x32\...\DiskInternals Linux Reader) (Version: 2.2 - DiskInternals Research)
Ditto (HKLM\...\Ditto_is1) (Version:  - Scott Brogden)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
DS Storage Manager 10 (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.DS Storage Manager 10) (Version: 1.0 - Delivered by Citrix)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
Duke Nukem 3D: Megaton Edition (HKLM-x32\...\Steam App 225140) (Version:  - 3D Realms)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version:  - Trendy Entertainment)
Duplicati (x64) (HKLM\...\{77BA8977-0BA6-4A83-A741-1DFAD23A6B23}) (Version: 1.3.4 - HexaD)
Dying Light (HKLM-x32\...\Dying Light_is1) (Version:  - )
Dying Light Update v1.4.0 (HKLM-x32\...\RHlpbmdMaWdodA==_is1) (Version: 1 - )
Elevated Installer (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
EMET 5.2 (HKLM-x32\...\{F4DCB44D-F072-43A1-B4A5-57619C7B22D2}) (Version: 5.2 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Exact Audio Copy 1.1 (HKLM-x32\...\Exact Audio Copy) (Version: 1.1 - Andre Wiethoff)
f.lux (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Flux) (Version:  - )
Fahrenheit Indigo Prophecy Remastered (HKLM-x32\...\Fahrenheit Indigo Prophecy Remastered_is1) (Version:  - )
Far Cry 4 (HKLM-x32\...\Far Cry 4_is1) (Version:  - )
Far Cry 4 Valley of the Yeti Addon (HKLM-x32\...\RmFyQ3J5NA==_is1) (Version: 1 - )
FileZilla Client 3.12.0.2 (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\FileZilla Client) (Version: 3.12.0.2 - Tim Kosse)
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.53 - FileZilla Project)
Firefox (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.Firefox) (Version: 1.0 - Delivered by Citrix)
FlatOut: Ultimate Carnage (HKLM-x32\...\Steam App 12360) (Version:  - Bugbear Entertainment)
foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
FORCED (HKLM-x32\...\Steam App 249990) (Version:  - BetaDwarf)
FossaMail 25.1.7 (x64 en-US) (HKLM\...\FossaMail 25.1.7 (x64 en-US)) (Version: 25.1.7 - Mozilla)
Free Download Manager 3.9.6 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
FTPRush 2.1.8 (HKLM-x32\...\FTP Rush_is1) (Version: 2.1.8 - wftpserver.com)
G DATA USB KEYBOARD GUARD (HKLM-x32\...\{D8CBD59F-B29D-4E38-9D66-DEAEAB473FA9}) (Version: 1.1.0.4 - G DATA Software AG)
Garmin Express (HKLM-x32\...\{44d9dfc0-3a4a-4439-870f-f97550a9bc8d}) (Version: 4.1.8.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Geometry Dash (HKLM-x32\...\R2VvbWV0cnlEYXNo_is1) (Version: 1 - )
GlassWire 1.1 (remove only) (HKLM-x32\...\GlassWire 1.1) (Version: 1.1.21 - SecureMix LLC)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Chrome Canary (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Google Chrome SxS) (Version: 47.0.2522.1 - Google Inc.)
Gow (HKLM-x32\...\Gow) (Version:  - )
Gpg4win (2.2.4) (HKLM-x32\...\GPG4Win) (Version: 2.2.4 - The Gpg4win Project)
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Greenshot 1.2.6.7 (HKLM\...\Greenshot_is1) (Version: 1.2.6.7 - Greenshot)
Gtk# for .Net 2.12.22 (HKLM-x32\...\{06AF6533-F201-47C0-8675-AAAE5CB81B41}) (Version: 2.12.22 - Xamarin, Inc.)
Guacamelee! Super Turbo Championship Edition (HKLM-x32\...\1207665733_is1) (Version: 2.0.0.1 - GOG.com)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Halite (HKLM\...\{A6E8D850-4C28-4C6F-8B69-1109D0709F29}) (Version: 0.4.02 - BinaryNotions.com)
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
HashCheck Shell Extension (x86-32) (HKLM-x32\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
HashCheck Shell Extension (x86-64) (HKLM\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
Hatred Survival Addon (HKLM-x32\...\SGF0cmVk_is1) (Version: 1 - )
HexChat (HKLM\...\HexChat_is1) (Version: 2.10.2 - HexChat)
How to Survive (HKLM-x32\...\Steam App 250400) (Version:  - EKO Software)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.16.0.001 - HTC Corporation)
i2pd version 0.2.1 (HKLM\...\i2pd_is1) (Version: 0.2.1 - )
iNFekt NFO Viewer (HKLM\...\{B1AC8E6A-6C47-4B6D-A853-B4BF5C83421C}_is1) (Version: 0.9.5 - syndicode)
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{84A2B59B-6A7B-4C01-8592-15C9BFE6AC36}) (Version: 2.4.3 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
IrfanView 64 (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
Jamestown (HKLM-x32\...\Steam App 94200) (Version:  - Final Form Games)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Jitsi (HKLM\...\{1069D709-EDA7-472D-A5EE-97C8E3E398AB}) (Version: 2.8.5426 - Jitsi)
JSignPdf 1.6.1 (HKLM-x32\...\JSignPdf_is1) (Version: 1.6.1 - Josef Cacek)
KeePass Password Safe 2.29 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.29 - Dominik Reichl)
Killer Bandwidth Control Filter Driver (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer E220x Drivers (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer Network Manager (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.54.1095 - Qualcomm Atheros)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LibreOffice 5.0.1.2 (HKLM\...\{A18CF6D8-7CE1-46F2-85B9-D87B7197B2F6}) (Version: 5.0.1.2 - The Document Foundation)
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.8.6.2 - Hermann Schinagl)
Logitech Gaming Software 8.72 (HKLM\...\Logitech Gaming Software) (Version: 8.72.107 - Logitech Inc.)
Loxone Config (HKLM-x32\...\LoxoneConfig_is1) (Version: 6.3 - Loxone Electronics GmbH)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MediaInfo 0.7.77 (HKLM\...\MediaInfo) (Version: 0.7.77 - MediaArea.net)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.2 (HKLM-x32\...\{06C90FCC-4C95-4142-A0AF-D3A4C12882DE}_is1) (Version: 1.2 - Sam Rodberg)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Firefox 40.0.3 (x86 de) (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
MSI Command Center (HKLM-x32\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 1.0.1.00 - MSI)
MSI ECO Center (HKLM-x32\...\{1E55202F-4D31-498A-8F72-97DCBA9F2866}_is1) (Version: 1.0.0.35 - MSI)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.1.008 - MSI)
Mumble 1.3.0 (HKLM\...\{006B90FD-7E67-4908-A718-9B87B875DD04}) (Version: 1.3.0 - The Mumble team)
My Game Long Name (HKLM\...\UDK-348e5299-f952-4ecf-bb48-70a2184543c0) (Version:  - Epic Games, Inc.)
Namecoin 0.3.80 (HKLM-x32\...\Namecoin_is1) (Version:  - )
Next Car Game Sneak Peek 2.0 (HKLM-x32\...\Steam App 272860) (Version:  - Bugbear)
Next Car Game: Wreckfest (HKLM-x32\...\Steam App 228380) (Version:  - Bugbear)
Nidhogg (HKLM-x32\...\Steam App 94400) (Version:  - Messhof)
Nmap 6.47 (HKLM-x32\...\Nmap) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8 - Notepad++ Team)
NVIDIA Grafiktreiber 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.98 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
O&O Defrag Professional (HKLM\...\{46CD29D7-580C-4E2E-8469-BD7F7CB1CCF8}) (Version: 18.0.39 - O&O Software GmbH)
Oddworld - New 'n' Tasty (HKLM-x32\...\1424782569_is1) (Version: 2.0.0.1 - GOG.com)
OlliOlli (HKLM-x32\...\T2xsaU9sbGk=_is1) (Version: 1 - )
Online Plug-in (x32 Version: 14.2.0.10 - Citrix Systems, Inc.) Hidden
Oracle VM VirtualBox 5.0.0 (HKLM\...\{FCD0B365-2189-45F3-9AF2-2BCED86C121A}) (Version: 5.0.0 - Oracle Corporation)
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - Robot Entertainment)
Ori and the Blind Forest (HKLM-x32\...\Ori and the Blind Forest_is1) (Version:  - )
ownCloud (HKLM-x32\...\ownCloud) (Version: 2.0.1.5446 - ownCloud)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Pale Moon 25.7.0 (x64 en-US) (HKLM\...\Pale Moon 25.7.0 (x64 en-US)) (Version: 25.7.0 - Moonchild Productions)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge)
PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.312.1 - Tracker Software Products (Canada) Ltd.)
PeaZip 5.7.0 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Peerunity (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Peerunity) (Version: 0.1.0.0 - Peerunity project)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.11 - )
pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
Pillars of Eternity (HKLM-x32\...\1207666813_is1) (Version: 2.0.0.1 - GOG.com)
PNGGauntlet (HKLM-x32\...\{B2D251E2-A78B-42C2-9D94-695A8CCC17E9}) (Version: 3.1.1 - Ben Hollis)
PokerTH (HKLM-x32\...\PokerTH 1.1.1) (Version: 1.1.1 - www.pokerth.net)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version:  - Running With Scissors)
Pro Evolution Soccer 2015 GERMAN (HKLM-x32\...\UHJvRXZvbHV0aW9uU29jY2VyMjAxNQ==_is1) (Version: 1 - )
Process Hacker 2.36 (r6153) (HKLM\...\Process_Hacker2_is1) (Version: 2.36.0.6153 - wj32)
Psi (remove only) (HKLM-x32\...\Psi) (Version:  - )
Putty (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.Putty) (Version: 1.0 - Delivered by Citrix)
qBittorrent 3.2.3 (HKLM-x32\...\qBittorrent) (Version: 3.2.3 - The qBittorrent project)
QNAP Qfinder (HKLM-x32\...\QNAP_FINDER) (Version: 5.0.1.0225 - QNAP Systems, Inc.)
QuickSFV (Remove only) (HKLM\...\QuickSFV) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.5 - Rockstar Games)
SABnzbd 0.7.20 (HKLM-x32\...\SABnzbd) (Version: 0.7.20 - The SABnzbd Team)
Saints Row: Gat out of Hell (HKLM-x32\...\U2FpbnRzUm93R2F0b3V0b2ZIZWxs_is1) (Version: 1 - )
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.51.00(19.06.2014) - Samsung Electronics Co., Ltd.)
Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.05.07 (20.07.2012) - Samsung Electronics Co., Ltd.)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.05.00 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.19.0 - Samsung Electronics Co., Ltd.)
Sandboxie 4.20 (64-bit) (HKLM\...\Sandboxie) (Version: 4.20 - Sandboxie Holdings, LLC)
Self-Service Plug-in (x32 Version: 4.2.0.2495 - Citrix Systems, Inc.) Hidden
SERVER-MGMT Desktop (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.SERVER-MGMT Desktop) (Version: 1.0 - Delivered by Citrix)
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version:  - )
Sir You Are Being Hunted v1.3 64BiT version 1.3 (HKLM-x32\...\Sir You Are Being Hunted v1.3 64BiT_is1) (Version: 1.3 - WaLMaRT)
SOMA (HKLM\...\U09NQQ==_is1) (Version: 1 - )
Sonic & All-Stars Racing Transformed (HKLM-x32\...\Steam App 212480) (Version:  - Sumo Digital)
Sound Blaster Z-Series (HKLM-x32\...\{47F19FB5-6878-4AE4-9313-446335E334D8}) (Version: 1.00.24 - Creative Technology Limited)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Spaz (HKLM-x32\...\Spaz.AIR.16CB261D461B1CA2027F7C39946115FA2DC8CD7F.1) (Version: 0.9.24 - UNKNOWN)
Spaz (x32 Version: 0.9.24 - UNKNOWN) Hidden
Spintires (HKLM-x32\...\Spintires_is1) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.9811 - Krzysztof Kowalczyk)
Synergy (64-bit) (HKLM\...\{FDD88467-9C61-4E2D-BA69-2A89735A21CC}) (Version: 1.5.0 - The Synergy Project)
System Shock 2 (HKLM-x32\...\Steam App 238210) (Version:  - Irrational Games)
TagScanner 5.1.668 (HKLM-x32\...\TagScanner_is1) (Version:  - Sergey Serkov)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Tembo the Badass Elephant (HKLM-x32\...\Tembo the Badass Elephant_is1) (Version:  - )
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Evil Within (HKLM-x32\...\VGhlRXZpbFdpdGhpbg==_is1) (Version: 1 - )
The Vanishing of Ethan Carter (HKLM-x32\...\The Vanishing of Ethan Carter_is1) (Version:  - )
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)
The Witcher 3 Wild Hunt (HKLM-x32\...\The Witcher 3 Wild Hunt_is1) (Version:  - )
TOXIKK (HKLM-x32\...\Steam App 324810) (Version:  - Reakktor Studios)
TrackMania² Stadium (HKLM-x32\...\Steam App 232910) (Version:  - Nadeo)
Transmission Remote GUI 5.0.1 (HKLM-x32\...\transgui_is1) (Version:  - Yury Sidorov)
Trials Fusion - After the Incident (HKLM-x32\...\Trials Fusion - After the Incident_is1) (Version:  - )
Trials Fusion - Fire in the Deep (HKLM-x32\...\Trials Fusion - Fire in the Deep_is1) (Version:  - )
Trials Fusion (HKLM-x32\...\Trials Fusion_is1) (Version:  - )
Trine 3 The Artifacts of Power (HKLM-x32\...\Trine 3 The Artifacts of Power_is1) (Version:  - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TV-Browser 3.4.1.0 (HKLM-x32\...\tvbrowser) (Version: 3.4.1.0 - TV-Browser Team)
Ultratron (HKLM-x32\...\Steam App 219190) (Version:  - Puppygames)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.2.0.6 - uvnc bvba)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Universal Management Suite Administrator (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.Universal Management Suite Administrat) (Version: 1.0 - Delivered by Citrix)
Universal Management Suite Console (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.Universal Management Suite Console) (Version: 1.0 - Delivered by Citrix)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Unreal Tournament: Game of the Year Edition (HKLM-x32\...\Steam App 13240) (Version:  - Epic Games, Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.0f-2 - IDRIX)
Vim 7.4.711 (HKLM-x32\...\Vim) (Version:  - )
VirtuaWin Unicode v4.4 (HKLM-x32\...\VirtuaWin_is1) (Version:  - )
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware vSphere Client (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.VMware vSphere Client) (Version: 1.0 - Delivered by Citrix)
VNC (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.VNC) (Version: 1.0 - Delivered by Citrix)
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
WATCH_DOGS Update v1.04.497 (HKLM-x32\...\V0FUQ0hfRE9HUw==_is1) (Version: 1 - )
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.0 - Sysprogs)
WinDirStat 1.1.2 (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\WinDirStat) (Version:  - )
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinSCP 5.7.4 (HKLM-x32\...\winscp3_is1) (Version: 5.7.4 - Martin Prikryl)
Wippien 2.5 (HKLM\...\A4DA3EE7-C6FC-44AD-9E47-9A4D3B0099D3_is1) (Version:  - )
Wireshark 1.12.7 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.7 - The Wireshark developer community, hxxp://www.wireshark.org)
Worms Reloaded (HKLM-x32\...\Steam App 22600) (Version:  - Team17 Software Ltd.)
XCA (X Certificate and Key Management) (HKLM-x32\...\xca) (Version: 1.2.0 - Christian Hohnstaedt <christian@hohnstaedt.de>)
YubiKey Personalization Tool (HKLM-x32\...\yubikey-personalization-gui) (Version: 3.1.18 - Yubico AB)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{1BEAC3E3-B852-44F4-B468-8906C062422E}\localserver32 -> C:\Users\mongole\AppData\Local\Google\Chrome SxS\Application\47.0.2522.1\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{65713842-C410-4f44-8383-BFE01A398C90}\InprocServer32 -> m:\Program Files (x86)\ClamWin\bin\ExpShell64.dll ()
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> M:\Program Files\MediaInfo\MediaInfo_InfoTip.dll (MediaArea.net)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{B3F5EDE0-4267-49eb-A775-799895476453}\InprocServer32 -> m:\Program Files\iNFekt\infekt-nfo-shell.dll (syndicode)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{B8D080EE-9541-460f-A1AE-7C43CDA96C0F}\InprocServer32 -> m:\Program Files\iNFekt\infekt-nfo-shell.dll (syndicode)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

29-09-2015 13:31:00 JRT Pre-Junkware Removal

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2015-09-11 01:01 - 00002659 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 a-0001.a-msedge.net
127.0.0.1 choice.microsoft.com
127.0.0.1 choice.microsoft.com.nsatc.net
127.0.0.1 compatexchange.cloudapp.net
127.0.0.1 corp.sts.microsoft.com
127.0.0.1 corpext.msitadfs.glbdns2.microsoft.com
127.0.0.1 cs1.wpc.v0cdn.net
127.0.0.1 df.telemetry.microsoft.com
127.0.0.1 diagnostics.support.microsoft.com
127.0.0.1 fe2.update.microsoft.com.akadns.net
127.0.0.1 feedback.microsoft-hohm.com
127.0.0.1 feedback.search.microsoft.com
127.0.0.1 feedback.windows.com
127.0.0.1 i1.services.social.microsoft.com
127.0.0.1 i1.services.social.microsoft.com.nsatc.net
127.0.0.1 oca.telemetry.microsoft.com
127.0.0.1 oca.telemetry.microsoft.com.nsatc.net
127.0.0.1 pre.footprintpredict.com
127.0.0.1 redir.metaservices.microsoft.com
127.0.0.1 reports.wes.df.telemetry.microsoft.com
127.0.0.1 services.wes.df.telemetry.microsoft.com
127.0.0.1 settings-sandbox.data.microsoft.com
127.0.0.1 sls.update.microsoft.com.akadns.net
127.0.0.1 sqm.df.telemetry.microsoft.com
127.0.0.1 sqm.telemetry.microsoft.com
127.0.0.1 sqm.telemetry.microsoft.com.nsatc.net
127.0.0.1 statsfe1.ws.microsoft.com
127.0.0.1 statsfe2.update.microsoft.com.akadns.net
127.0.0.1 statsfe2.ws.microsoft.com

There are 14 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03AA455F-D91A-487D-91C6-2E460B1F5E08} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-25] (Dropbox, Inc.)
Task: {2E2385AA-5866-465A-8E65-9F4B95924710} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-08-13] ()
Task: {3930A1E9-B5C5-4B6C-A1E4-460A2E7CF383} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-09-11] ()
Task: {613F8E20-CB4F-4A29-A577-4785ED6840B1} - System32\Tasks\iSCSIAgentAutoStartup => m:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe [2015-02-25] ()
Task: {615C2D13-ECEC-4A3E-911F-12FF2E00F912} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001UA => C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {7EAD4639-8D71-41EC-A19B-50076B0EA426} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-04-09] ()
Task: {81721326-32A8-497D-B7E2-EAA4F81A8C59} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {88BFD09E-2004-42B8-8D29-4B8325C763B5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001Core => C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A361FEBF-4CF1-4B2D-9111-ADFE0688E332} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-25] (Dropbox, Inc.)
Task: {BD167EBE-9142-4D67-A1BA-B3D5A4DE701B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {D6E457A3-1C07-467F-AF60-227380CA1A9B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-04-09] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001Core.job => C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001UA.job => C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-09-23 21:04 - 2006-02-23 11:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2015-09-23 21:04 - 2006-02-22 10:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll
2014-10-02 18:47 - 2014-04-16 10:22 - 00029184 _____ () C:\Windows\System32\usp01l.dll
2015-06-19 03:31 - 2015-06-19 03:31 - 00059392 _____ () m:\Program Files (x86)\ownCloud\shellext\OCUtil_x64.dll
2004-09-30 20:15 - 2004-09-30 20:15 - 00192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2015-07-09 19:32 - 2015-07-09 19:32 - 00043480 _____ () m:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () c:\Program Files\Unlocker\UnlockerCOM.dll
2014-09-23 00:28 - 2008-04-19 16:35 - 00080384 _____ () m:\Program Files (x86)\ClamWin\bin\ExpShell64.dll
2015-04-15 22:13 - 2015-04-15 22:13 - 00222720 _____ () m:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-03-16 21:35 - 2015-08-27 23:19 - 04091904 _____ () C:\Program Files\Pale Moon\mozjs.dll
2014-10-02 18:49 - 2013-10-04 06:53 - 00734720 _____ () C:\Windows\system32\SnMinDrv.dll
2013-11-26 11:05 - 2013-11-26 11:05 - 00091136 _____ () C:\Windows\system32\SSDEVM64.DLL
2014-11-10 12:12 - 2014-11-10 12:12 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-07-09 19:32 - 2015-07-09 19:32 - 00039384 _____ () m:\Program Files\FileZilla FTP Client\fzshellext.dll
2004-09-30 19:09 - 2004-09-30 19:09 - 00155648 _____ () C:\Program Files\LinkShellExtension\32\RockallDLL.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk"
HKLM\...\StartupApproved\StartupFolder: => "BtProx.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Duplicati.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "OODefragTray"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "Command Center"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKLM\...\StartupApproved\Run32: => "CitrixReceiver"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\StartupApproved\StartupFolder: => "Citrix Receiver.lnk"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\StartupApproved\Run: => "LoxCONTROL"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{93A9D61A-C2CC-45FF-9736-23793DA77273}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{EA127691-ADB9-4F0B-B0FD-AB5EB632C67B}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{8F4D2F0C-BD4C-4B4D-90B3-77B222762829}] => (Allow) M:\Games\Steam\Steam.exe
FirewallRules: [{4E343A9F-EC5D-4F7A-8CF1-A750E276C07E}] => (Allow) M:\Games\Steam\Steam.exe
FirewallRules: [{03902AB5-B25F-45BB-8C16-90E425BC2AC2}] => (Allow) M:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{CC3563A8-7E9C-4CAF-8936-7B50032964E1}] => (Allow) M:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{D93BFC92-376E-42BD-A029-95D881FE2B20}] => (Block) M:\Games\Among The Sleep\Among the Sleep.exe
FirewallRules: [TCP Query User{CAE86FAE-9634-437F-958D-172A40D9404E}M:\program files\hexchat\hexchat.exe] => (Allow) M:\program files\hexchat\hexchat.exe
FirewallRules: [UDP Query User{FE4563EA-3D80-47A8-9586-E5C4EC0C6091}M:\program files\hexchat\hexchat.exe] => (Allow) M:\program files\hexchat\hexchat.exe
FirewallRules: [TCP Query User{0CB8D9BD-342F-4B68-BD34-EB0E126ABF8A}M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe] => (Allow) M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe
FirewallRules: [UDP Query User{6F261233-0EAF-4602-921B-0E348756F6B6}M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe] => (Allow) M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe
FirewallRules: [{719F55C5-3B05-428D-96A8-5B992A9FA14D}] => (Block) M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe
FirewallRules: [{5F409192-87EA-4082-9F85-245A307D55F7}] => (Block) M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe
FirewallRules: [{D5ACBDDB-67C1-49A2-8DD2-A912B57697E6}] => (Allow) M:\Games\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{B93FC633-5D81-4906-B52D-992178B5A689}] => (Allow) M:\Games\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{5750AFC2-4E6C-44ED-8940-A0FB8632D288}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Next Car Game.exe
FirewallRules: [{A966AA43-3589-4B86-9F65-D76F57E936D3}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Next Car Game.exe
FirewallRules: [{E8CB60F1-2C74-461C-BC20-8C3CF692EAEB}] => (Allow) M:\Games\Steam\SteamApps\common\Next Car Game Sneak Peek 2.0\Next Car Game Technology Sneak Peek.exe
FirewallRules: [{5CE349E4-8246-4224-8DBB-20676A117AA4}] => (Allow) M:\Games\Steam\SteamApps\common\Next Car Game Sneak Peek 2.0\Next Car Game Technology Sneak Peek.exe
FirewallRules: [{0E5E3A5F-1470-43D5-8183-A413609E76F6}] => (Allow) M:\Games\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [{B05D355A-5BDF-4A17-9416-D4F8509096BF}] => (Allow) M:\Games\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [{1DC7625F-FFD6-4C6A-81C4-10DF996F4983}] => (Allow) M:\Games\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
FirewallRules: [{FDCB3062-A859-4F1F-B8C2-D1C7B61DD02E}] => (Allow) M:\Games\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
FirewallRules: [{24B729FF-C01B-4FFA-B936-F6B312CA1E54}] => (Allow) M:\Games\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [{B9E06E7D-CBBE-4B5A-AF0C-64C519220453}] => (Allow) M:\Games\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [TCP Query User{AE566132-E296-40EC-B222-BA8946B8B0BA}C:\users\mongole\downloads\elemental\elemental\windowsnoeditor\elemental\binaries\win64\elemental.exe] => (Block) C:\users\mongole\downloads\elemental\elemental\windowsnoeditor\elemental\binaries\win64\elemental.exe
FirewallRules: [UDP Query User{57B759ED-0472-4B12-905F-FD888F0BC24F}C:\users\mongole\downloads\elemental\elemental\windowsnoeditor\elemental\binaries\win64\elemental.exe] => (Block) C:\users\mongole\downloads\elemental\elemental\windowsnoeditor\elemental\binaries\win64\elemental.exe
FirewallRules: [{D9FD30EB-C8EE-4679-8631-82DA268DCDD1}] => (Block) M:\Games\WATCH_DOGS\bin\watch_dogs.exe
FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-UDP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe
FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-TCP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe
FirewallRules: [TCP Query User{E04BA44D-E370-4EAA-9F3E-E484073EC533}M:\program files (x86)\ftprush\ftprush.exe] => (Allow) M:\program files (x86)\ftprush\ftprush.exe
FirewallRules: [UDP Query User{B3FA4B4F-5058-4652-9ECF-7A45B1ED2283}M:\program files (x86)\ftprush\ftprush.exe] => (Allow) M:\program files (x86)\ftprush\ftprush.exe
FirewallRules: [{187BB2E4-41B5-4F8C-BA26-B6F5187611FB}] => (Block) M:\Games\Trials Fusion\datapack\trials_fusion.exe
FirewallRules: [{DF7EBA93-CD1B-41F7-9817-2711459CC6BE}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{CC547B3F-96A2-4889-8F80-E2B1E7761801}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher64.exe
FirewallRules: [{1572EA49-ADE2-4C38-B281-79ADA014E6BA}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe
FirewallRules: [{DD90AC4E-1894-4727-9669-3A2599B31227}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\UplayCrashReporter.exe
FirewallRules: [{C58F9CFE-6A73-4F16-BF2C-42100D2E24A9}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\UplayService.exe
FirewallRules: [{CE0A13B8-58DC-4E41-A17F-60BEC59C6D5C}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
FirewallRules: [{6467AF19-0EE0-449E-8267-AE1CD9FE6C86}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{5E71C38C-12C2-4525-8368-140E9B0651AD}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{0553671B-D681-465E-8217-729E0B9F5C08}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{7355E8BA-3A49-4D2A-A914-EDDCD09092C0}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{FE8477E1-BFB5-453B-863E-18C87C49DCBD}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{92253110-3C21-46F0-8956-04F4818BB5D4}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{9AEE164A-094B-4D25-8C64-9B7312BF8F71}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{91376A69-DDA3-4AFD-B0D3-9FC1FB13118A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{F3706D39-519D-4DC5-A6F0-03ED0353321D}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{6A291437-DBEF-41BF-82FA-20FE0F40FFD5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{596DE404-29BE-48C7-8E0C-6F13A916F82E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{DDB25983-DA26-4F5D-B66A-E761589812EF}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{8B657919-489F-4601-A7FA-A2C6882D5FBB}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{2E8EAB9A-4AE2-4749-98B3-F4738A3DCF8A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{5F93B048-8BE3-42D9-8C18-95860B649000}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{3AC94CCE-9D93-4B37-AF99-D3B91E6C41E8}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{03888570-F02F-4B35-9B7A-7F824E874BC6}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{29F927E9-7C77-418E-AE49-6C49E7AB9938}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{F6A58D82-03B3-42D4-8572-307AB1778ADF}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
FirewallRules: [{D6BE42DA-F290-428D-8B53-B4D9A123D3A6}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{0DA83BAE-4CA8-48BB-994E-C5734FCD17BA}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{22500A13-0509-46B6-A1EA-DD384F13EFFC}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{A4C092C3-FD50-4497-9B03-2B986FD0610A}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{89B65D33-CB91-48E4-BB0F-7196148D003A}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{225FCD44-2F72-459E-A061-61C61B6BFB96}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{031901DB-691B-4225-AAEB-3B3012E0944B}] => (Block) M:\Games\Dead Rising 3\deadrising3.exe
FirewallRules: [{2FAA661B-FFE6-4E30-A795-45F4AFB1B5A3}] => (Allow) M:\Program Files\ShrewSoft\VPN Client\ipseca.exe
FirewallRules: [{A44800DD-9F6E-423E-A920-F28BF6394155}] => (Allow) M:\Program Files\ShrewSoft\VPN Client\ipseca.exe
FirewallRules: [{41A10A08-83DA-4902-AF3C-DFC140F9C2C1}] => (Allow) M:\Program Files\ShrewSoft\VPN Client\ipseca.exe
FirewallRules: [{548FF84B-1FD0-4B4B-B59F-6C4480ADA871}] => (Allow) M:\Program Files\ShrewSoft\VPN Client\ipseca.exe
FirewallRules: [TCP Query User{0B0F6C9B-A509-4A31-BDD0-DA090D38544A}M:\program files\bitcoin\bitcoin-qt.exe] => (Allow) M:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{D0F9293A-D5F9-4176-942A-14B0EE6FEFE2}M:\program files\bitcoin\bitcoin-qt.exe] => (Allow) M:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [TCP Query User{BA7F7F90-0A5D-4836-886C-7945BF025249}M:\program files (x86)\peerunity\peerunity.exe] => (Allow) M:\program files (x86)\peerunity\peerunity.exe
FirewallRules: [UDP Query User{593D609D-BB99-4C92-ACFA-2242B473087F}M:\program files (x86)\peerunity\peerunity.exe] => (Allow) M:\program files (x86)\peerunity\peerunity.exe
FirewallRules: [TCP Query User{353B3934-877C-444F-BB0F-05353D29F238}M:\games\rayman legends\rayman legends.exe] => (Block) M:\games\rayman legends\rayman legends.exe
FirewallRules: [UDP Query User{9E489310-FB55-422F-B256-C07A6B3464B9}M:\games\rayman legends\rayman legends.exe] => (Block) M:\games\rayman legends\rayman legends.exe
FirewallRules: [{7C448746-1ABA-4171-92D1-B3C1AEE15EBB}] => (Allow) M:\Games\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{52BA6252-B166-4F45-A26E-C3B5AABBDBEE}] => (Allow) M:\Games\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{3DCF4608-5EAA-49A7-A339-352A5D3088B8}] => (Allow) M:\Games\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{CDFD4323-40AF-4BAB-88A1-98CD9DACA9E6}] => (Allow) M:\Games\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{741DCFA0-D75A-4400-9429-AB0E47BA78AB}] => (Allow) M:\Games\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{C033527A-5BEA-412A-91A3-A7B812159165}] => (Allow) M:\Games\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{6D6FD5E4-BEEB-4E3C-8ED6-EC25A7FA8D90}] => (Allow) M:\Games\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{424FC9EB-D860-43BC-9F4C-CA7DF1D47A1F}] => (Allow) M:\Games\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [TCP Query User{A007A484-31C1-423A-9741-EF0F102E0A04}M:\program files (x86)\dbox_ifa\dbox_ifa.exe] => (Allow) M:\program files (x86)\dbox_ifa\dbox_ifa.exe
FirewallRules: [UDP Query User{F8D760CE-F07C-4D75-A223-7D3030BA4191}M:\program files (x86)\dbox_ifa\dbox_ifa.exe] => (Allow) M:\program files (x86)\dbox_ifa\dbox_ifa.exe
FirewallRules: [TCP Query User{B3D764C2-6B42-4AE0-BB14-E57855C49C81}M:\program files\ditto\ditto.exe] => (Block) M:\program files\ditto\ditto.exe
FirewallRules: [UDP Query User{2208B81E-9862-45CE-BF00-E06B06FE42FC}M:\program files\ditto\ditto.exe] => (Block) M:\program files\ditto\ditto.exe
FirewallRules: [TCP Query User{B118B254-1E4A-45DB-8896-42FE882592CE}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [UDP Query User{3E3D3325-65CD-4204-9FB0-7A6BC89025CD}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [{37A7B427-CA8B-436B-948B-201604E87AD3}] => (Allow) M:\Games\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{F0EB2202-4591-410F-BEF5-EACB99F653BB}] => (Allow) M:\Games\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{77B53A83-3F0C-4BE1-9B34-3942C55AEFF3}] => (Allow) M:\Games\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{567CA49D-EF01-4354-A9C0-A94A8C3DEB04}] => (Allow) M:\Games\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{22489C17-4A10-47E6-9DDB-40A465130AB7}] => (Allow) M:\Games\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{6F3316D0-397D-4AF4-94B5-146DCED31F04}] => (Allow) M:\Games\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{6E18E2EC-EB19-434D-A845-71DF8B3A0254}] => (Allow) M:\Games\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{635EC92B-D555-4026-B744-280CFA96E10B}] => (Allow) M:\Games\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{BE9DB318-4890-4372-856E-41EC1D7EECD2}] => (Allow) M:\Games\Blur(TM)\Blur.exe
FirewallRules: [{EA2E5CD4-23B2-4AF6-B156-3A573CAAED7D}] => (Allow) M:\Games\Blur(TM)\Blur.exe
FirewallRules: [{C5E3C8F5-A371-4923-9449-8092826FED5A}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Wreckfest.exe
FirewallRules: [{49E3C0FF-AD6A-4AEC-93B4-2B7E1BC9C30C}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Wreckfest.exe
FirewallRules: [{2D8BE52D-6E74-41E7-8588-8C529C454005}] => (Allow) M:\Games\Steam\SteamApps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{1DB302D7-6BF1-4DA4-BB7A-C8CF7C4BCAA2}] => (Allow) M:\Games\Steam\SteamApps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{EF65FD05-429F-486A-BE80-CAA534F858BB}] => (Block) M:\Games\The Vanishing of Ethan Carter\Binaries\Launcher.exe
FirewallRules: [{70DC3DBF-8E54-4852-AF6B-CA74585DDA34}] => (Block) M:\Games\The Vanishing of Ethan Carter\Binaries\Win32\AstronautsGame-Win32-Shipping.exe
FirewallRules: [{3CFBC750-DEBE-4991-B4F7-98EC7E5E110A}] => (Block) M:\Games\The Vanishing of Ethan Carter\Binaries\Win64\AstronautsGame-Win64-Shipping.exe
FirewallRules: [TCP Query User{DA619417-710D-4B45-AD6E-517A45D28327}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{9462B7D4-F5FB-489A-8C57-2D9CB066A4D0}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{B34AA0A5-85B1-418F-A075-CD9E6F6D16BD}M:\program files\i2pd\i2pd.exe] => (Allow) M:\program files\i2pd\i2pd.exe
FirewallRules: [UDP Query User{605315F6-8373-4389-BF68-C5A8EEF0AEAD}M:\program files\i2pd\i2pd.exe] => (Allow) M:\program files\i2pd\i2pd.exe
FirewallRules: [{AB1A890A-2AC5-4123-B154-4EF5B2AEB26B}] => (Block) M:\Games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{2E47CA85-99A9-4F88-B23A-8E12B8997BFF}] => (Block) M:\Games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{3089E656-5C03-4363-83C3-E7FA683A8F51}] => (Block) M:\Games\Assassin's Creed Unity\ACU.exe
FirewallRules: [{BDBF07E9-5DB8-4F48-BB53-58A9F7A6DFEA}] => (Block) M:\Games\Call of Duty - Advanced Warfare\s1_sp64_ship.exe
FirewallRules: [TCP Query User{248ED716-F16E-44DB-9AD4-B058324DE469}M:\program files (x86)\foobar2000\foobar2000.exe] => (Allow) M:\program files (x86)\foobar2000\foobar2000.exe
FirewallRules: [UDP Query User{481E01E6-2DCF-4B07-B4F0-CFE2A9B94A35}M:\program files (x86)\foobar2000\foobar2000.exe] => (Allow) M:\program files (x86)\foobar2000\foobar2000.exe
FirewallRules: [{994A1CE8-2287-416F-B04B-1AE713189E34}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4F951DC3-AE7F-4752-9A28-D7FE188CFE72}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A2657D70-93EE-4889-ADED-399F97137134}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AFC3D7CC-6E4A-43DA-9CD5-F84CF71A4AEF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{14BB8CD7-7D9B-4692-96EF-3424D851621F}] => (Allow) M:\Games\Steam\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{8697AC22-942A-473D-91DC-2927AF54E181}] => (Allow) M:\Games\Steam\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{49A9219E-D6A1-4331-959A-F8225D224646}] => (Block) M:\Games\Emergency 5\bin\x64r\emergency5.exe
FirewallRules: [{24D0EDF5-3D35-4BC6-A11C-0EA80F5B15C5}] => (Block) M:\Games\Emergency 5\bin\em5_launcher.exe
FirewallRules: [{3A5CE854-47D2-478F-A416-2A0D75D807A8}] => (Block) M:\Games\Pro Evolution Soccer 2015\PES2015.exe
FirewallRules: [{364E73A1-3F3A-48D2-BFC3-9EAA3BA8FCB7}] => (Allow) M:\Games\Steam\SteamApps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [{7D9BDA86-4F5F-4A0D-BC52-43FB70631D9C}] => (Allow) M:\Games\Steam\SteamApps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [{434C59DE-4EF6-421C-A076-377BA4555A78}] => (Allow) M:\Games\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{BD9A86DE-A41C-4D3C-8938-625D38B4AA2B}] => (Allow) M:\Games\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{5BC67C73-3F89-4144-88DE-851A05C5A7F5}] => (Allow) M:\Games\Steam\SteamApps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{E22BDA91-8BE1-4B58-ABE2-312B69F5F92E}] => (Allow) M:\Games\Steam\SteamApps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{91417446-187E-4267-B32C-C059EF295953}] => (Allow) M:\Games\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{6C4A73F7-42B8-4145-9570-5CD92BE6B74E}] => (Allow) M:\Games\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0F0C0F0D-5AB2-469B-8068-5E8BC056651D}] => (Block) M:\Games\Metal Gear Solid V Ground Zeroes\MgsGroundZeroes.exe
FirewallRules: [{AC9B1FCB-C8C2-4E45-B77E-E3B2D57AC311}] => (Allow) M:\Games\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanet.exe
FirewallRules: [{7AC59EA4-65D8-43BE-ACBA-2E57801BD21D}] => (Allow) M:\Games\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanet.exe
FirewallRules: [{BFBC1A6D-9314-4E9E-9673-FF0FB1F1384A}] => (Allow) M:\Games\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{9C5C78ED-A765-454B-9FAB-3F93D91B9B86}] => (Allow) M:\Games\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{5D9C1722-FBDD-4C74-87C0-A94AB690A075}] => (Allow) M:\Games\Steam\SteamApps\common\FlatOut Ultimate Carnage\launcher.exe
FirewallRules: [{F44B4D68-2890-4DB1-BBE8-018CD747B1BE}] => (Allow) M:\Games\Steam\SteamApps\common\FlatOut Ultimate Carnage\launcher.exe
FirewallRules: [TCP Query User{BFB0493B-F9B2-4DEC-BAE3-C685C9019F0F}C:\program files (x86)\qtdsync\bin\rsync.exe] => (Allow) C:\program files (x86)\qtdsync\bin\rsync.exe
FirewallRules: [UDP Query User{BFA826F7-C0C0-4238-997C-2FB753CE6FB2}C:\program files (x86)\qtdsync\bin\rsync.exe] => (Allow) C:\program files (x86)\qtdsync\bin\rsync.exe
FirewallRules: [{35D61A5D-9977-4F07-9CC3-30B4FA52B1D0}] => (Block) C:\program files (x86)\qtdsync\bin\rsync.exe
FirewallRules: [{A9E99EF8-F7EA-42C4-8425-4180640D9C7B}] => (Block) C:\program files (x86)\qtdsync\bin\rsync.exe
FirewallRules: [{B579E7C8-7067-4018-94B5-53DFFC0F86AC}] => (Allow) m:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{714671A4-D83E-4843-8200-5EF35EEB6071}] => (Allow) m:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{8C9DED58-3E6C-4F1E-89E2-2B6CC8869C08}] => (Allow) M:\Games\Steam\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{70C6E6DF-16D1-4397-A00A-FD7FC9D5837B}] => (Allow) M:\Games\Steam\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [TCP Query User{B1294E6B-9A5F-4016-8B09-AB4DB9317ED8}M:\retroshare\retroshare.exe] => (Allow) M:\retroshare\retroshare.exe
FirewallRules: [UDP Query User{62B71617-8077-4ACC-BAE7-84C9B01C11DB}M:\retroshare\retroshare.exe] => (Allow) M:\retroshare\retroshare.exe
FirewallRules: [{4B7EECCA-3EA2-406D-A351-ACECAA053534}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{344ABB5D-B36B-4A47-AAF5-7ADD539C9819}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{A1230E38-BC6B-4423-884E-7C04AC6EAC4D}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{6137CAEF-525D-477E-B6F0-AE8653E9B9E6}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{552F8607-4925-48F5-BE29-AA29716535CD}] => (Allow) M:\Games\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{F0AF273C-F0D8-49B6-B5D0-140BAB3C20C8}] => (Allow) M:\Games\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [TCP Query User{129DA68C-10D5-4A54-AF78-FE14626F89FA}M:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) M:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{C96FEB0A-D1EC-4E8A-9D67-A9B88FFBCCE4}M:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) M:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{90635068-74C0-4A5E-89D7-A1002938EC7F}] => (Allow) M:\Games\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{DBFC02B6-D19F-4687-9775-9FC9C684EFFC}] => (Allow) M:\Games\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{86E9F973-34FA-45FC-B29F-10D355AC9A51}C:\users\mongole\appdata\roaming\tonido\tonido.exe] => (Allow) C:\users\mongole\appdata\roaming\tonido\tonido.exe
FirewallRules: [UDP Query User{5071F1DA-BC94-4605-8817-969D0BFD4F8C}C:\users\mongole\appdata\roaming\tonido\tonido.exe] => (Allow) C:\users\mongole\appdata\roaming\tonido\tonido.exe
FirewallRules: [{BBD735BF-2935-41CE-803D-F951C13DF71B}] => (Allow) M:\Program Files\Vuze\Azureus.exe
FirewallRules: [{182E01A8-6389-4022-90B0-F77DAD0D3A2D}] => (Allow) M:\Program Files\Vuze\Azureus.exe
FirewallRules: [{96093A0B-AE70-4943-BBA1-A1C943E10B1D}] => (Block) M:\Games\Saints Row Gat out of Hell\SaintsRowGatOutOfHell.exe
FirewallRules: [{C697EC6B-941F-4972-80A4-20BF80ADE92D}] => (Allow) M:\Program Files\Synergy\synergys.exe
FirewallRules: [{ED48CF50-3137-4FA0-AAA6-5129EBDE836B}] => (Block) F:\Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{AEB39B74-EA27-4022-9E46-5AF81D6A6A40}] => (Block) F:\Games\Dragon Age Inquisition\Launcher.exe
FirewallRules: [{5E27A642-B227-4D97-BF24-FB6531F7428A}] => (Block) F:\Games\Trials Fusion - Fire in the Deep\datapack\trials_fusion.exe
FirewallRules: [{06AECA0B-4B68-4A6C-BD7D-793672D2CFDB}] => (Block) F:\Games\3DMGAME-OMSI.2.Cracked-3DM\OMSI 2\Omsi.exe
FirewallRules: [{1F3E9DB3-03E8-4A19-9C64-9B1CC5CFCA35}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [{D39DA46A-34CE-4CDC-91E3-B23FCBB3CCF7}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [TCP Query User{9D01AC1A-8587-4434-9378-0AE4F03A5597}M:\program files (x86)\pidgin\pidgin.exe] => (Allow) M:\program files (x86)\pidgin\pidgin.exe
FirewallRules: [UDP Query User{5B6510ED-491C-4992-890F-2AFEF91BA430}M:\program files (x86)\pidgin\pidgin.exe] => (Allow) M:\program files (x86)\pidgin\pidgin.exe
FirewallRules: [TCP Query User{79003072-7204-4FD4-A113-F26A93E6666F}C:\program files (x86)\namecoin\namecoin-qt.exe] => (Allow) C:\program files (x86)\namecoin\namecoin-qt.exe
FirewallRules: [UDP Query User{79209835-BB21-48E2-88D3-2B4BBC0F3C7D}C:\program files (x86)\namecoin\namecoin-qt.exe] => (Allow) C:\program files (x86)\namecoin\namecoin-qt.exe
FirewallRules: [TCP Query User{4808077D-D942-4D3B-B786-201B96987BC5}C:\program files\psi\psi.exe] => (Allow) C:\program files\psi\psi.exe
FirewallRules: [UDP Query User{72C89448-729D-4574-8CDD-2D154030E0D6}C:\program files\psi\psi.exe] => (Allow) C:\program files\psi\psi.exe
FirewallRules: [{A8D44089-9785-43A4-9DC7-D27C5A79DC31}] => (Block) F:\Gamez\BroForce.v2014.10.07.Build.2598.Steam.Workshop.Update-TPTB\TPTB-BROF\TPTB-BROF\Broforce October Update\BROFORCE_Beta.exe
FirewallRules: [{736CB91D-01D2-46D3-B0A2-D3BE74141EE2}] => (Block) F:\Games\Dying Light\DyingLightGame.exe
FirewallRules: [{CD88DD7D-65A1-49CD-A9A4-885A38FDEA8A}] => (Block) F:\Games\Rockstar Games\Grand Theft Auto IV\GTAIV.exe
FirewallRules: [{AC11F986-70E8-4B52-AA75-40BE1BBF4EB7}] => (Block) F:\Games\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [TCP Query User{6F45770F-CC60-4B45-B987-6FFF5BCAC5C2}C:\users\mongole\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\mongole\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{C53BE3F0-1538-42CF-920E-70BC0FE9F2F0}C:\users\mongole\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\mongole\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{0E43AE6C-F566-441F-96DD-B2EC395A4B74}] => (Allow) B:\TEMP\_ISTMP1.DIR\_ISTMP0.DIR\igd_finder.exe
FirewallRules: [{BEF016FB-4A83-428F-AE38-F4CC47A8E977}] => (Allow) B:\TEMP\_ISTMP1.DIR\_ISTMP0.DIR\igd_finder.exe
FirewallRules: [{3ACC59E7-64E4-48BD-95DB-CEC3493EAD56}] => (Allow) LPort=5031
FirewallRules: [{985DEDCD-8156-49C2-A98C-0F5D568955C3}] => (Allow) B:\TEMP\_ISTMP1.DIR\_INS5576._MP
FirewallRules: [{3C8DF17D-7E92-4FE4-A012-90F339DBA74A}] => (Allow) B:\TEMP\_ISTMP1.DIR\_INS5576._MP
FirewallRules: [{9E35948F-1B11-4193-99FF-008033B75385}] => (Block) F:\Games\Battle vs. Chess\battlevschess.exe
FirewallRules: [{B35AEF73-DAB2-40F1-A36A-74686E90E011}] => (Block) F:\Games\Battle vs. Chess\Activation.exe
FirewallRules: [TCP Query User{2FDE19C3-BD20-4A2C-ADD7-176EB09056F0}M:\games\blur(tm)\blur.exe] => (Block) M:\games\blur(tm)\blur.exe
FirewallRules: [UDP Query User{558AA483-C8E2-4E0A-A7C7-B4188F6801BE}M:\games\blur(tm)\blur.exe] => (Block) M:\games\blur(tm)\blur.exe
FirewallRules: [TCP Query User{B37A88D8-AE18-4F67-A0D5-C8370A3CDEB1}M:\games\rayman legends\rayman legends.exe] => (Block) M:\games\rayman legends\rayman legends.exe
FirewallRules: [UDP Query User{696A7DD7-A729-4D59-A679-13A94CEEF629}M:\games\rayman legends\rayman legends.exe] => (Block) M:\games\rayman legends\rayman legends.exe
FirewallRules: [TCP Query User{05D25445-45D5-47B0-BDFC-D38C1618EDCE}C:\program files\pale moon\plugin-container.exe] => (Allow) C:\program files\pale moon\plugin-container.exe
FirewallRules: [UDP Query User{D6A37DB2-C5DD-41AA-A8F4-3624A8892794}C:\program files\pale moon\plugin-container.exe] => (Allow) C:\program files\pale moon\plugin-container.exe
FirewallRules: [{5D731F2D-E351-4A43-A2E5-E19D15A83FD8}] => (Block) F:\Gamez\The.Talos.Principle.Build.220996.Incl.DLC-TPTB\TPTB-TLOS\Steam\SteamApps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{D60796AB-0E37-4B2C-BCD2-3A0135FCC88B}] => (Block) F:\Games\Fahrenheit Indigo Prophecy Remastered\Fahrenheit.exe
FirewallRules: [{D1065750-03A4-4CE8-B5CD-6AD7E9CE0A2E}] => (Block) F:\Games\Oddworld - New 'n' Tasty\NNT.exe
FirewallRules: [TCP Query User{A7A7E28E-8338-4353-AC74-0E7D2A7EA058}M:\program files\ditto\ditto.exe] => (Block) M:\program files\ditto\ditto.exe
FirewallRules: [UDP Query User{6C3779EB-AFD3-414E-ACB7-B3BEEBEC2CEB}M:\program files\ditto\ditto.exe] => (Block) M:\program files\ditto\ditto.exe
FirewallRules: [{B4577D29-771C-48CD-A1E7-65339FE68945}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{4DB29EAC-77E7-41EC-99EB-570E5597E310}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [TCP Query User{A965A841-AE03-42FC-9F36-9BE27DA91E59}C:\program files\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\java.exe
FirewallRules: [UDP Query User{573A76E3-7DF7-4FAD-AEF0-67FDE6452099}C:\program files\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\java.exe
FirewallRules: [{34C111C1-EBAA-4987-AFD8-83EE4B0D0FD4}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [{DB2F5B50-E8F4-451C-B246-84561FAD53DA}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [TCP Query User{C70BBCDA-5126-4E1B-82C1-0A34064B2DEF}F:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) F:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{65D6FCA4-7447-4B0C-A805-F48B13CE81D4}F:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) F:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [{39BD05E6-034C-414E-8492-9A78F82FADD4}] => (Allow) M:\Games\Steam\SteamApps\common\SS2\Shock2.exe
FirewallRules: [{7E24D3D2-C045-43AA-8468-940A1423E5A1}] => (Allow) M:\Games\Steam\SteamApps\common\SS2\Shock2.exe
FirewallRules: [{A91A2A3D-69FE-478D-95DF-8E13C0A6F3BD}] => (Block) F:\Games\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{B08B78C4-702C-402E-9342-9F7FF8D98A97}] => (Block) F:\Games\Trials Fusion - After the Incident\datapack\trials_fusion.exe
FirewallRules: [{C76E1CA4-3F96-400F-A90A-87B12EF0417A}] => (Block) F:\Games\DEAD OR ALIVE 5 Last Round\game.exe
FirewallRules: [{2083F763-2AB4-4B67-9754-0D84DEF43F2C}] => (Block) F:\Games\DEAD OR ALIVE 5 Last Round\startup_setting.exe
FirewallRules: [{779CB0C0-93C8-40A1-9EA7-0227EF5E3309}] => (Block) F:\Games\Bloodsports TV\bloodsports.exe
FirewallRules: [TCP Query User{9FE9ED83-9B64-4FD4-AEBF-67739A0E27C7}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{B14740C1-962F-4B73-BF1B-6F892C6013B2}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{D44D9DE4-4333-493F-8612-D50976EFD424}] => (Block) F:\Games\Ori and the Blind Forest\ori.exe
FirewallRules: [{CE062D04-75A1-4186-9F23-EC9A12CE7715}] => (Allow) M:\Program Files\Wippien\Wippien.exe
FirewallRules: [{971FF926-DFC9-4AC2-B8D5-7AF50EA5AE63}] => (Allow) M:\Program Files\Wippien\Wippien.exe
FirewallRules: [{AECBF9FB-0FBB-4E78-8616-D5E91EAD280E}] => (Allow) C:\Users\mongole\AppData\Local\Maelstrom\Application\chrome.native.torrent.exe
FirewallRules: [{88E1287D-00D7-406A-96AB-5F593B01A404}] => (Allow) C:\Users\mongole\AppData\Local\Maelstrom\Application\chrome.native.torrent.exe
FirewallRules: [{CF7C1938-2A8A-46EB-AC5A-FEEDC692EC91}] => (Allow) M:\Games\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{16E625D0-D511-4E5D-BF1C-71F5DC0888FA}] => (Allow) M:\Games\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{641D6791-3FBC-4D66-BA37-0828F7A3DF4C}M:\games\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) M:\games\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{5E3155A6-D119-408B-B5CE-544F0B9E908A}M:\games\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) M:\games\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{73AD9C2C-228E-41B1-86DB-554541EE7022}] => (Block) M:\games\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{D4661D20-C5E0-4B2F-9B49-D355B2E44FDA}] => (Block) M:\games\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{CB34AD36-031F-43F7-A7B0-DBA351DAA6F2}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{127FE993-610A-4EE5-8D1E-DB2FF9F13367}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{1213E8AB-23AC-4820-B5C2-92F537D8F8E2}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{8D30DB3A-B89E-4C03-B1BA-A1C04C778825}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{11203B2E-2219-4493-9A4B-663998506188}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{D88E7769-DAD5-4764-9AEE-A5382D36FC6E}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{1A166CDC-F18D-49CB-B768-ED86C22697AC}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\Paradise Lost\System\ParadiseLost.exe
FirewallRules: [{5EF3BE44-4F20-42DF-9DD5-118EA597DEAB}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\Paradise Lost\System\ParadiseLost.exe
FirewallRules: [TCP Query User{EFE008D3-79C7-4413-B298-1A8C13399889}M:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) M:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CA960FFF-09E6-4DBF-9FEC-30078E7E18F7}M:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) M:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{05A367DC-A9AD-480C-A486-F0FDCB8A6CE0}] => (Block) M:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{318A177A-0184-4FF2-BAFD-2C3B0D2E7AC7}] => (Block) M:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{D77AAA5D-49E2-4562-AAA9-9A6789F4F407}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{CBF933FA-01D5-4200-85D8-90958F02DFAF}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{65B58FCE-85C8-4B19-B747-0C067DEAA68C}] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{F50DEFA1-AB04-4665-8620-E74261B95C31}] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{CB23A8B5-7631-44A5-A8A7-3B338917814F}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{52801A91-0552-494F-9891-472499331805}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{6759AF2D-B7BA-4662-9A18-24123561DBFA}] => (Allow) M:\Games\Steam\SteamApps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{25FFBEF5-EDBB-4AFE-A0E7-AFDFAD49EB60}] => (Allow) M:\Games\Steam\SteamApps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [TCP Query User{12A981BD-E07E-4110-BE87-A1AC5EF2C1B2}M:\program files (x86)\sabnzbd\sabnzbd.exe] => (Allow) M:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [UDP Query User{0DFEEF7D-5ABC-4AFF-A927-AD169872BC1B}M:\program files (x86)\sabnzbd\sabnzbd.exe] => (Allow) M:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [{52DA281E-9821-406D-A286-01C75E04A30B}] => (Block) M:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [{AB9BBED0-1FF8-486E-BCC9-E2C80BFE724E}] => (Block) M:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [{17382AC5-9476-4618-B108-4568A910BC63}] => (Block) G:\The Witcher 3 Wild Hunt\bin\x64\witcher3.exe
FirewallRules: [{1F0EDA63-387A-4E84-ACF6-C3CD2E0F49E6}] => (Allow) M:\Program Files (x86)\TV-Browser\tvbrowser.exe
FirewallRules: [{B1E3AF09-708F-46E0-91EA-D06A10529903}] => (Allow) M:\Program Files (x86)\TV-Browser\tvbrowser.exe
FirewallRules: [{4B091B33-232D-4E3B-BFDD-BED29239717C}] => (Allow) M:\Program Files (x86)\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{74C07DD3-D6E7-46D8-B311-D7F32E310458}] => (Allow) M:\Program Files (x86)\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{96AF514A-5398-45B6-BC6E-DE4420836BFA}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_45\bin\java.exe
FirewallRules: [{7138359E-C5DC-49F4-B8B3-193007C43EF9}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_45\bin\java.exe
FirewallRules: [{970B83BE-4ED5-4BB9-B20B-8F8B499F41BD}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{E440A275-5762-4E80-99E1-C3E9728ECAF3}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{8EB0BA31-7B99-4181-AFAE-C526D34AA2EC}] => (Block) G:\Hatred\Hatred\Binaries\Win64\Hatred-Win64-Shipping.exe
FirewallRules: [{89947782-B01B-489D-B391-1EBF191BFA53}] => (Block) F:\Gamez\Trine.3.The.Artifacts.of.Power.v0.06.Cracked-3DM\Trine 3\trine3_launcher.exe
FirewallRules: [{507F57F6-A191-4901-AC71-B6913F535D36}] => (Block) F:\Gamez\Trine.3.The.Artifacts.of.Power.v0.06.Cracked-3DM\Trine 3\trine3_64bit.exe
FirewallRules: [{90DE4BC8-1043-4DE3-9220-662E3444A074}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{06CB0103-7652-47F1-BDE8-FE744E614A48}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{11A69F30-6FBE-4C71-AD3A-3BE743364533}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{308744F5-3D25-4870-A6F6-99149F34AA3B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{45A10B15-5D3F-4267-B46F-8CD4D9CE4EF3}] => (Allow) M:\Games\Steam\SteamApps\common\Nidhogg\Nidhogg.exe
FirewallRules: [{2FE605A5-0756-4724-AC1F-24C64F04316A}] => (Allow) M:\Games\Steam\SteamApps\common\Nidhogg\Nidhogg.exe
FirewallRules: [{71764963-7970-4916-9E52-EEE8F9A590C5}] => (Allow) M:\Games\Steam\SteamApps\common\FORCED\FORCED.exe
FirewallRules: [{D8E79390-5873-4DA8-9A34-4429A18E062D}] => (Allow) M:\Games\Steam\SteamApps\common\FORCED\FORCED.exe
FirewallRules: [{66E4CD1B-797D-43A0-AD47-16F9F607FCF5}] => (Allow) M:\Games\Steam\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{33D865C0-874F-43CF-B308-18D3BA938064}] => (Allow) M:\Games\Steam\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{1F8B8068-4215-4F04-B340-D5E72C00CA69}] => (Allow) M:\Games\Steam\SteamApps\common\And Yet It Moves\And Yet It Moves.exe
FirewallRules: [{BACAE36C-F4C7-44B4-9866-D47900B4688B}] => (Allow) M:\Games\Steam\SteamApps\common\And Yet It Moves\And Yet It Moves.exe
FirewallRules: [{5C1E7824-B02C-4FCC-A39F-9F1D263A079A}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{4A674C27-C404-4E2A-98C3-61DCD39C0DC5}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{BD88A5D0-576A-48C2-84BB-9FC5306D4E91}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{E629AB3E-863F-4E04-A962-69D844A6DA10}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{6B9B3657-81CD-4F66-AE00-8BA5AF84C23D}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{D3E3A14D-4AE7-4D6E-A24C-E5E2E2BA37AE}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [TCP Query User{D9753E3C-9082-462F-AF67-922F33F2DECB}M:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) M:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [UDP Query User{B5F6FA34-9057-49F5-BCE2-6F250F08D27C}M:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) M:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [{065F22E2-E281-402C-85D8-A7E4DA317DF3}] => (Allow) M:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{16139CE7-9FAE-434A-8951-AE36A5672C35}] => (Allow) M:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{051289DE-CFC1-4850-B197-E523E3C340E1}] => (Allow) M:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{57501666-57BF-4A5A-8099-09157351DAE1}] => (Allow) M:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{61A8946B-D000-48CC-B097-0DCB32246503}] => (Allow) M:\Games\Steam\SteamApps\common\Jamestown\Jamestown.exe
FirewallRules: [{8C18E07B-3F1E-4B87-9BD9-E7102C7EBA68}] => (Allow) M:\Games\Steam\SteamApps\common\Jamestown\Jamestown.exe
FirewallRules: [{505362FB-C4C7-45C7-87BE-6C8E4229EF8B}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Wreckfest_x64.exe
FirewallRules: [{74BFEB60-AAA2-41DE-A381-15B9E8C3A44C}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Wreckfest_x64.exe
FirewallRules: [{F975DE6E-91DD-4EC6-805A-D2EF82169F40}] => (Allow) M:\Games\Steam\SteamApps\common\Contagion\contagion.exe
FirewallRules: [{87DCA32C-F9F5-423E-99B3-3233D44F1B4D}] => (Allow) M:\Games\Steam\SteamApps\common\Contagion\contagion.exe
FirewallRules: [{D7DED483-1733-4F91-BB0E-0487D7D7B266}] => (Allow) M:\Games\Steam\SteamApps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{920D4BE6-06D0-44B1-9BAC-77BDDEBA048D}] => (Allow) M:\Games\Steam\SteamApps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{76F30BFB-CC77-4906-A75A-E3D5093A1F00}] => (Allow) M:\Games\Steam\SteamApps\common\How to Survive\Detect.exe
FirewallRules: [{D98EAAC6-9BAC-4531-B6AF-3B1F0E52B3D6}] => (Allow) M:\Games\Steam\SteamApps\common\How to Survive\Detect.exe
FirewallRules: [{1C8B61E4-0FB6-4894-ACEE-B49FF131F16D}] => (Allow) M:\Games\Steam\SteamApps\common\Depth\Binaries\Win64\DepthGame.exe
FirewallRules: [{12427FBA-C50C-48D9-86B1-4F958253598F}] => (Allow) M:\Games\Steam\SteamApps\common\Depth\Binaries\Win64\DepthGame.exe
FirewallRules: [{E71C36B8-6B00-4EC0-8662-9F53AB8A4A92}] => (Allow) M:\Games\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{6C74104F-2FC5-4AE5-A7D9-7C4722F69829}] => (Allow) M:\Games\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{8EC9B25A-4EDB-48C8-B6E0-2898F9A3E025}] => (Allow) M:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{5383EA28-70CB-4517-AB71-32CB05193080}] => (Allow) M:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{55A108E5-A6A7-4AD2-94AE-D3F97CE3F476}M:\program files\jitsi\jitsi.exe] => (Allow) M:\program files\jitsi\jitsi.exe
FirewallRules: [UDP Query User{B63A07FF-59FD-4580-A09E-73DAE9161CAF}M:\program files\jitsi\jitsi.exe] => (Allow) M:\program files\jitsi\jitsi.exe
FirewallRules: [{EC0633FB-51D5-49C4-AADC-184C8ABC411D}] => (Block) M:\program files\jitsi\jitsi.exe
FirewallRules: [{E4D48C8C-5D30-41BA-811C-7C4214CB8F51}] => (Block) M:\program files\jitsi\jitsi.exe
FirewallRules: [TCP Query User{00235518-81DE-4051-B77A-C71B70D27B37}M:\program files (x86)\free download manager\fdm.exe] => (Allow) M:\program files (x86)\free download manager\fdm.exe
FirewallRules: [UDP Query User{8FB43FF3-EE4A-4059-A1BF-4B595DACF09A}M:\program files (x86)\free download manager\fdm.exe] => (Allow) M:\program files (x86)\free download manager\fdm.exe
FirewallRules: [{BE8EFA65-8618-4B50-A992-1368DDB3D0E8}] => (Block) M:\program files (x86)\free download manager\fdm.exe
FirewallRules: [{31D00BD2-AF45-4E1B-8FD5-89E5B44088E4}] => (Block) M:\program files (x86)\free download manager\fdm.exe
FirewallRules: [{A0924598-58FE-46FA-A8A1-60FD1DA618BA}] => (Allow) M:\Program Files\Halite\Halite.exe
FirewallRules: [TCP Query User{7261A86F-2A25-48DC-878E-ABA339604219}B:\temp\mozopendownload\hfs.exe] => (Allow) B:\temp\mozopendownload\hfs.exe
FirewallRules: [UDP Query User{264C444C-77A6-4B4C-86EB-386217A7B862}B:\temp\mozopendownload\hfs.exe] => (Allow) B:\temp\mozopendownload\hfs.exe
FirewallRules: [{ECE4BD9E-E075-4D5D-B3DA-CD7819ADA9B9}] => (Allow) M:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{27925614-EE31-4402-A4B7-2D56EC8B840E}] => (Allow) M:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{D75C508E-E7A4-42F7-9F95-B171F7EFD21F}] => (Block) M:\Games\Tembo the Badass Elephant\Tembo The Badass Elephant.exe
FirewallRules: [{A1E91B3E-A276-4E9D-BD76-5724EDB18EFC}] => (Allow) M:\Games\Steam\SteamApps\common\Worms Reloaded\WormsReloaded.exe
FirewallRules: [{F2F5A0B3-D8A1-447E-88B0-52F757466A2F}] => (Allow) M:\Games\Steam\SteamApps\common\Worms Reloaded\WormsReloaded.exe
FirewallRules: [{EA560A31-A9E0-4356-9AD2-0EC8EBDA0B46}] => (Allow) M:\Games\Steam\SteamApps\common\Unreal Tournament\System\UnrealTournament.exe
FirewallRules: [{D8767F0C-DC04-4901-B2E7-D41A4B2E850E}] => (Allow) M:\Games\Steam\SteamApps\common\Unreal Tournament\System\UnrealTournament.exe
FirewallRules: [{7FC58F41-7894-4C15-AB3E-481BE5CD75BA}] => (Block) M:\Games\Trine 3 The Artifacts of Power\trine3_64bit.exe
FirewallRules: [{33F3AADD-F31E-4307-BE48-11D18ECBA39D}] => (Block) M:\Games\Trine 3 The Artifacts of Power\trine3_32bit.exe
FirewallRules: [{660ACE76-CC78-424D-A3F0-1640D22637A1}] => (Block) M:\Games\Trine 3 The Artifacts of Power\trine3_launcher.exe
FirewallRules: [TCP Query User{0E7FB79C-8EAC-48E9-ADF2-C1941E96B5DB}M:\program files\vuze\azureus.exe] => (Block) M:\program files\vuze\azureus.exe
FirewallRules: [UDP Query User{A2F161B0-9851-4656-8291-A7B664DFFBFF}M:\program files\vuze\azureus.exe] => (Block) M:\program files\vuze\azureus.exe
FirewallRules: [{023F5A2A-5189-4841-8332-99CA51500362}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{8864B29C-6D8A-4028-95D7-CBF99A82CC4F}] => (Block) F:\Games\Act of Aggression\ActOfAggression.exe
FirewallRules: [{9AA66804-AAAA-4728-AB35-5DEBBD9C730C}] => (Block) F:\Games\Act of Aggression\unins000.exe
FirewallRules: [{FAC1FAEA-0888-4F8A-A6F9-FA227B60DF70}] => (Allow) M:\Games\Steam\SteamApps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{8BF725F0-1371-4144-B039-C0C89604EAB4}] => (Allow) M:\Games\Steam\SteamApps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [TCP Query User{95A37C24-AE84-42A0-89B5-594944937687}B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpncmd.exe] => (Allow) B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpncmd.exe
FirewallRules: [UDP Query User{0141E4FC-BA4F-4A11-9A20-5B6EF376D63D}B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpncmd.exe] => (Allow) B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpncmd.exe
FirewallRules: [TCP Query User{B0462F46-07E7-425C-A6B2-C015FB0E3FF6}B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpnsmgr.exe] => (Allow) B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpnsmgr.exe
FirewallRules: [UDP Query User{BE8A9421-3A21-4817-AB58-8EB244F33A76}B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpnsmgr.exe] => (Allow) B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpnsmgr.exe
FirewallRules: [{E3B7C074-AB1B-4244-B1C2-1F6D2F2E2FA3}] => (Allow) M:\Games\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{E12E2D98-51B2-482A-9824-B05C64E5BD33}] => (Allow) M:\Games\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{4577AF07-B811-4769-A76F-D5E1CBE67F3B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5C817070-8E84-46F7-9C27-89795EFF21A1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2B8D7556-880E-42A2-836B-CB23F598688A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E2C39B42-2952-4551-951E-4C987C9585C7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Faulty Device Manager Devices =============

Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WeOnlyDo Network Adapter 2.5
Description: WeOnlyDo Network Adapter 2.5
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: WeOnlyDo Network Provider
Service: wod0205
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/29/2015 01:31:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm explorer.exe, Version 6.3.9600.17667 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: aac

Startzeit: 01d0faaa67fc6840

Endzeit: 12

Anwendungspfad: C:\Windows\explorer.exe

Berichts-ID: b194b1ce-669d-11e5-82c1-0015833d0a57

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/29/2015 01:31:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17667 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: fa8

Startzeit: 01d0faaa1dc9cc8a

Endzeit: 0

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: a5768fe1-669d-11e5-82c1-0015833d0a57

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/29/2015 01:31:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (09/27/2015 11:51:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8

Error: (09/27/2015 11:51:19 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (09/27/2015 11:51:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL8

Error: (09/27/2015 11:51:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll8

Error: (09/27/2015 11:51:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\Windows\system32\esentprf.dll8

Error: (09/27/2015 11:51:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (09/27/2015 11:41:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8


System errors:
=============
Error: (09/29/2015 01:33:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Restart the service.

Error: (09/29/2015 01:33:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Client for NFS" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Restart the service.

Error: (09/29/2015 01:33:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "uvnc_service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/29/2015 01:33:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MSI_LiveUpdate_Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/29/2015 01:33:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MSI_ECOSERVICE" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/29/2015 01:33:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MSIDDR_CC" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/29/2015 01:33:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MSICTL_CC" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/29/2015 01:33:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Logitech Gaming Registry Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/29/2015 01:33:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Killer Service V2" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/29/2015 01:33:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "GlassWire Control Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


CodeIntegrity:
===================================
  Date: 2015-09-27 04:31:06.038
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-11 02:34:41.736
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Programme\SysinternalsSuite\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-15 21:34:14.261
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-03-25 01:39:52.738
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-10 15:21:43.872
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-29 21:40:08.346
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-29 21:39:57.492
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-31 12:45:17.155
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-31 12:45:08.818
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-02 22:09:44.251
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 31%
Total physical RAM: 32716.61 MB
Available physical RAM: 22480.84 MB
Total Virtual: 36812.61 MB
Available Virtual: 26289.66 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:7.99 GB) (Free:7.98 GB) exFAT
Drive c: () (Fixed) (Total:111.45 GB) (Free:32.04 GB) NTFS
Drive f: (Backup) (Fixed) (Total:465.76 GB) (Free:53.51 GB) NTFS
Drive g: (SSD) (Fixed) (Total:59.62 GB) (Free:9.89 GB) NTFS
Drive m: (Data) (Fixed) (Total:931.39 GB) (Free:53.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 49A204F8)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 3064FF80)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=06)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 00000001)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 59.6 GB) (Disk ID: 000BF271)
Partition 1: (Not Active) - (Size=59.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

schrauber 30.09.2015 14:20

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:29 Uhr.

Copyright ©2000-2026, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58