Kann mal jemand drüber schauen: ad.adserver - log file von hjthis

Tommy25 · 23.10.2012, 10:56

Hilfe, ich bin ratlos... immer wieder Pop Up Fenster von ad.adserver....in Firefox
hier der File von Hijackthis:
HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:49:12, on 23.10.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Kaspersky Security Suite CBE 12\avp.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\CK Software\CK PopUp Killer Pro\pkillpro.exe
C:\Users\User\AppData\Roaming\BrowserCompanion\tbhcn.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\User\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\User\Desktop\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Security Suite CBE 12\ievkbd.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Security Suite CBE 12\klwtbbho.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\Windows\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Security Suite CBE 12\avp.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] "C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: PopUp Killer Pro.lnk = C:\Program Files\CK Software\CK PopUp Killer Pro\pkillpro.exe
O4 - Startup: tbhcn.lnk = C:\Users\User\AppData\Roaming\BrowserCompanion\tbhcn.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Security Suite CBE 12\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Security Suite CBE 12\ievkbd.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Security Suite CBE 12\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: hxxp://*.update.microsoft.com
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Kaspersky Security Suite CBE Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Security Suite CBE 12\avp.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 12858 bytes

--- --- ---

Psychotic · 23.10.2012, 11:19

-->Bitte keine HijackThis-Logfiles posten - lesen!

--------------
Um eine genauere Analyse zu ermöglichen, befolge bitte diesen Link:

An alle Hilfesuchenden! Was muss ich vor Eröffnung eines Themas beachten?

Hinweis: Poste die erstellten Logfiles hier in deinem Thema - erstelle kein neues!

Falls bereits installierte Antivirensoftware Funde gemeldet hat: Füge unbedingt die entsprechenden Logdateien bei!

Tommy25 · 24.10.2012, 09:56

Hallo nochmals,

@psychotic:

trotz einiger Forenerfahrung...man lernt immer dazu.
Danke aber nochmals für die Tipps.
Hier also die logfiles der 3 Scanprogramme- Anhang 45445 ich hoffe damit kannst Du und die Cracks was anfangen, damit ich ad.adserver bald los bin.

Dank Euch nochmals im Voraus.

Tom

Psychotic · 24.10.2012, 10:01

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

...und ganz wichtig:
Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).

Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.

Mit dem Zip kann ich nix anfangen, bitte poste die Logfiles hier in deinen Thread. Nutze dazu das #-Symbol oben im Antwortfenster!

Tommy25 · 24.10.2012, 10:14

Ok vielen Dank....

ähmmm hilf mir bitte nochmal kurz, wie ich die logfiles mit den Code-tags einfüge. Hab ich noch nie gemacht.

Tom

Psychotic · 24.10.2012, 10:21

Du klickst oben auf das #-Symbol.
Dann erscheinen so genannte code-tags:

[CODE][/CODE]

Innerhalb dieser fügst du den Inhalt jeweils einer Logdatei ein:

[CODE]Hier steht das Logfile[/CODE].

Das machst du einzeln mit jedem Logfile und dann klickst du unten auf "Anworten".

Sieht dann so aus:

Code:

ATTFilter

Hier steht das Logfile 1

Code:

ATTFilter

Hier steht das Logfile 2

und so weiter...

Tommy25 · 24.10.2012, 10:26

weiter....

Code:

ATTFilter

OTL logfile created on: 23.10.2012 12:53:24 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Downloads\Sysscanner
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 52,71% Memory free
6,19 Gb Paging File | 4,62 Gb Available in Paging File | 74,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,89 Gb Total Space | 44,19 Gb Free Space | 20,01% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 226,76 Gb Free Space | 97,37% Space Free | Partition Type: NTFS
Drive E: | 11,99 Gb Total Space | 1,50 Gb Free Space | 12,53% Space Free | Partition Type: NTFS
 
Computer Name: THOMAS-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.23 12:38:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\Sysscanner\OTL.exe
PRC - [2012.09.08 13:44:05 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.08.30 21:13:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.08.30 17:57:35 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.08.30 17:57:34 | 000,864,104 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.02 11:16:06 | 000,695,448 | ---- | M] () -- C:\Users\User\AppData\Roaming\BrowserCompanion\tbhcn.exe
PRC - [2012.04.10 19:21:22 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Security Suite CBE 12\avp.exe
PRC - [2012.01.20 21:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.06.04 13:18:49 | 000,253,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Programme\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
PRC - [2009.12.01 13:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Programme\DigitalPersona\Bin\DpHostW.exe
PRC - [2009.12.01 13:37:46 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Programme\DigitalPersona\Bin\DpAgent.exe
PRC - [2009.06.23 16:43:40 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\User\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
PRC - [2009.06.04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\conime.exe
PRC - [2007.09.15 10:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
PRC - [2007.09.05 14:09:54 | 001,620,520 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007.09.05 14:09:54 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.08.17 15:27:00 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2007.03.29 16:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
PRC - [2007.01.17 15:34:18 | 000,634,880 | ---- | M] (Motorola Inc.) -- C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2003.09.29 08:44:34 | 001,301,504 | ---- | M] (CK Software) -- C:\Programme\CK Software\CK PopUp Killer Pro\pkillpro.exe
PRC - [2002.12.06 12:16:42 | 000,886,272 | ---- | M] (Lexmark International Inc.) -- C:\WINDOWS\System32\LXSUPMON.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.08 13:44:05 | 002,244,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.07.02 11:16:06 | 000,695,448 | ---- | M] () -- C:\Users\User\AppData\Roaming\BrowserCompanion\tbhcn.exe
MOD - [2012.04.10 19:18:26 | 007,008,656 | ---- | M] () -- C:\Programme\Kaspersky Security Suite CBE 12\qtgui4.dll
MOD - [2012.04.10 19:18:24 | 001,270,160 | ---- | M] () -- C:\Programme\Kaspersky Security Suite CBE 12\qtscript4.dll
MOD - [2012.04.10 19:18:22 | 000,192,912 | ---- | M] () -- C:\Programme\Kaspersky Security Suite CBE 12\qtsql4.dll
MOD - [2012.04.10 19:18:20 | 002,118,032 | ---- | M] () -- C:\Programme\Kaspersky Security Suite CBE 12\qtcore4.dll
MOD - [2012.04.10 19:18:20 | 000,758,160 | ---- | M] () -- C:\Programme\Kaspersky Security Suite CBE 12\qtnetwork4.dll
MOD - [2012.04.10 19:18:18 | 002,089,360 | ---- | M] () -- C:\Programme\Kaspersky Security Suite CBE 12\qtdeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Programme\Kaspersky Security Suite CBE 12\imageformats\qgif4.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2007.09.30 20:33:32 | 000,066,856 | ---- | M] () -- C:\Programme\Hp\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007.09.05 14:03:06 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007.09.05 13:52:04 | 000,389,120 | ---- | M] () -- C:\WINDOWS\System32\btwhidcs.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.09 18:40:59 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.08 13:44:05 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.30 21:13:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.04.10 19:21:22 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Security Suite CBE 12\avp.exe -- (AVP)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.12.01 13:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Programme\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.03.05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.10.03 15:13:23 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\klif.sys -- (KLIF)
DRV - [2012.08.30 21:13:00 | 010,790,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.03.10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\kl2.sys -- (kl2)
DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\kl1.sys -- (KL1)
DRV - [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2008.12.13 11:27:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.11.17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.10.09 13:50:08 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\WINDOWS\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2008.10.09 13:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2007.09.30 20:34:02 | 000,039,408 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Hp\QuickPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263})
DRV - [2007.09.18 01:17:36 | 000,098,816 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.08.28 16:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007.07.11 11:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007.06.28 17:09:56 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.06.18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.03.21 23:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.02.24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.01.17 15:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\smserial.sys -- (smserial)
DRV - [2005.03.15 18:04:00 | 000,161,792 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ov530vid.sys -- (ovt530)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{32A10E6B-4466-4C22-ABD0-3177E7EE05BA}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{CD32024F-867F-498D-8290-012F95967AE4}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{32A10E6B-4466-4C22-ABD0-3177E7EE05BA}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{B5D193EA-A1B1-4A24-B8F7-C0B856C79406}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{CD32024F-867F-498D-8290-012F95967AE4}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Plus! Network"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledAddons: bbrs_002@blabbers.com:1.0.5
FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.14.0.100015
FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.3790
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://www.searchplusnetwork.com/?sp=vit4&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010.12.22 18:53:15 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2010.05.24 10:48:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Security Suite CBE 12\FFExt\virtualKeyboard@kaspersky.ru [2012.10.03 15:15:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 13:44:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 13:44:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\firefoxext [2010.05.24 10:48:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 13:44:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 13:44:00 | 000,000,000 | ---D | M]
 
[2010.05.24 14:35:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2012.10.23 08:12:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ngx4eebb.default\extensions
[2010.07.13 19:12:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ngx4eebb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.09.17 08:16:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ngx4eebb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.07.29 15:59:39 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com
[2012.08.24 08:32:49 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ngx4eebb.default\extensions\toolbar@ask.com
[2012.07.25 14:56:33 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.13 14:38:32 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.09.28 18:44:11 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire
[2012.09.03 19:46:36 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\170f337942c410233f577de5778810a6_expire
[2012.09.10 16:35:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1bcf5a8f2429c4942ad539ef2c5df336_expire
[2012.10.22 13:30:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire
[2012.10.22 13:30:30 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a09839275_expire
[2012.08.12 18:18:21 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2e74403c227112bec523796d5a77d77e_expire
[2012.08.13 18:11:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b507b6d0186efd3615b9b9233c5f708_expire
[2012.10.23 12:20:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire
[2012.10.20 04:04:33 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire
[2012.10.21 12:29:54 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5f4ce27504a73ff97d1936c597c769e5_expire
[2012.09.05 08:55:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\61e2ae11ba3d1cbe8887ea80f192e299_expire
[2012.10.23 12:36:40 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6ff6ea009817b27df633b37777d528cd_expire
[2012.09.05 08:55:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ccfda3ab1ab5bbc5d7af38840ba022b_expire
[2012.10.23 12:41:52 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire
[2012.08.19 14:24:51 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\9803c283e94e743374151c4bbe60a5df_expire
[2012.10.23 12:41:52 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire
[2012.10.22 13:30:29 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire
[2012.09.20 11:36:33 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a74277a9a3c0203a3093f810f43fbc11_expire
[2012.10.22 13:30:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba3880579_expire
[2012.10.22 13:30:31 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c6d8337e4b016a68fdbb60b29e7d254d_expire
[2012.10.22 13:30:31 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cbb647c72e5b13b52d1392c603dcfde6_expire
[2012.08.19 14:24:51 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b_expire
[2012.08.12 20:02:43 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d2458fd784f4eb7cff549c598cd14651_expire
[2012.08.26 17:16:59 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d83bb387de1d7c4401815e133de06c6b_expire
[2012.08.26 17:16:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire
[2012.09.20 11:36:33 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e02b35320e5111f1b626466c13c70a0a_expire
[2012.08.25 10:13:39 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e7215b147326809c45f6cf0952274624_expire
[2012.10.22 13:30:29 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire
[2012.10.21 12:29:54 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece71b71690fad200cbed95871ef4bb2_expire
[2012.10.22 13:30:29 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire
[2012.10.20 04:04:31 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire
[2012.10.20 04:04:31 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire
[2012.07.29 15:59:40 | 000,002,792 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ngx4eebb.default\searchplugins\Plusnetwork.xml
[2012.10.03 15:17:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.08 13:43:56 | 000,000,000 | ---D | M] (AdVantage) -- C:\Programme\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}
[2012.09.08 13:43:57 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2012.09.08 13:43:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\inspector@mozilla.org
[2012.10.03 15:17:07 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2012.10.03 15:17:03 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2012.10.23 10:41:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com
[2012.09.08 13:44:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.06 18:09:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 09:44:49 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.05.06 18:09:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.06 18:09:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.06 18:09:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.06 18:09:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Programme\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Security Suite CBE 12\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DataCardMonitor] C:\Programme\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [DpAgent] C:\Programme\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LXSUPMON] C:\Windows\System32\LXSUPMON.EXE (Lexmark International Inc.)
O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 File not found
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PopUp Killer Pro.lnk = C:\Programme\CK Software\CK PopUp Killer Pro\pkillpro.exe (CK Software)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\User\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Security Suite CBE 12\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F97D68C-104D-4AC6-8F1F-C7AE489FE1EA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AC3487A-978D-4A5E-9140-AB99C8709742}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\WINDOWS\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{36563216-6f96-11df-a0db-001e3770a76b}\Shell - "" = AutoRun
O33 - MountPoints2\{36563216-6f96-11df-a0db-001e3770a76b}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3cae0e31-6fcb-11df-bf5a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3cae0e31-6fcb-11df-bf5a-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ebc36a40-7010-11df-9b00-001e3770a76b}\Shell - "" = AutoRun
O33 - MountPoints2\{ebc36a40-7010-11df-9b00-001e3770a76b}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ebc36a41-7010-11df-9b00-001e3770a76b}\Shell - "" = AutoRun
O33 - MountPoints2\{ebc36a41-7010-11df-9b00-001e3770a76b}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.23 12:21:47 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\backups
[2012.10.23 10:39:08 | 000,000,000 | ---D | C] -- C:\Program Files\Hosts_Anti_Adwares_PUPs
[2012.10.23 10:25:12 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\User\Desktop\HiJackThis204.exe
[2012.10.19 10:00:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1A2182DF-39BE-415F-8EE6-2746450F68A7}
[2012.10.04 11:03:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D1537DA1-3079-4513-BBDF-CEB668BA804A}
[2012.10.03 15:50:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PhotoScape
[2012.10.03 15:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
[2012.10.03 15:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[2012.10.03 15:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Application Data
[2012.10.03 15:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Suite CBE 12
[2012.10.03 15:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Security Suite CBE 12
[2012.10.03 15:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.10.03 15:13:23 | 000,570,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012.09.26 10:36:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BF2DEFCA-5D8E-473F-AD7A-38518B324C14}
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.23 12:53:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.23 12:43:44 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.23 12:43:44 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.23 12:43:01 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable
[2012.10.23 12:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.23 10:53:11 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012.10.23 10:52:48 | 000,001,107 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PopUp Killer Pro.lnk
[2012.10.23 10:52:27 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.23 10:43:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.23 10:43:40 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.23 10:42:28 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.23 10:36:00 | 000,538,941 | ---- | M] () -- C:\Users\User\Desktop\322_adwcleaner.exe
[2012.10.23 10:25:13 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\User\Desktop\HiJackThis204.exe
[2012.10.23 10:10:18 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.19 21:41:08 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.19 21:41:08 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.19 21:41:08 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.19 21:41:08 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.19 21:38:40 | 000,000,187 | ---- | M] () -- C:\Users\User\Desktop\1&1.lnk
[2012.10.16 20:51:30 | 000,000,735 | ---- | M] () -- C:\Users\User\Desktop\World of Tanks.lnk
[2012.10.11 10:26:08 | 000,261,015 | ---- | M] () -- C:\Users\User\Documents\MHD Bestätigung.pdf
[2012.10.03 15:57:25 | 000,116,189 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2012.10.03 15:57:25 | 000,098,168 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2012.10.03 15:50:35 | 000,000,828 | ---- | M] () -- C:\Users\User\Desktop\PhotoScape.lnk
[2012.10.03 15:19:24 | 000,017,408 | ---- | M] () -- C:\Users\User\AppData\Local\WebpageIcons.db
[2012.10.03 15:13:23 | 000,570,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.10.23 12:43:01 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable
[2012.10.23 10:36:02 | 000,538,941 | ---- | C] () -- C:\Users\User\Desktop\322_adwcleaner.exe
[2012.10.23 10:10:18 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.19 21:38:40 | 000,000,187 | ---- | C] () -- C:\Users\User\Desktop\1&1.lnk
[2012.10.16 20:51:30 | 000,000,735 | ---- | C] () -- C:\Users\User\Desktop\World of Tanks.lnk
[2012.10.11 10:26:08 | 000,261,015 | ---- | C] () -- C:\Users\User\Documents\MHD Bestätigung.pdf
[2012.10.03 15:50:35 | 000,000,828 | ---- | C] () -- C:\Users\User\Desktop\PhotoScape.lnk
[2012.10.03 15:19:20 | 000,017,408 | ---- | C] () -- C:\Users\User\AppData\Local\WebpageIcons.db
[2012.10.03 15:17:11 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012.10.03 15:17:11 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2012.03.29 17:00:56 | 000,000,021 | ---- | C] () -- C:\Windows\preview.ini
[2012.03.29 16:19:03 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.08.30 11:11:40 | 000,000,136 | ---- | C] () -- C:\Users\User\AppData\Roaming\default.pls
[2011.08.18 11:28:23 | 000,000,680 | RHS- | C] () -- C:\Users\User\ntuser.pol
[2011.07.19 17:05:20 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.07.13 21:16:58 | 000,001,024 | ---- | C] () -- C:\Users\User\.rnd
[2011.05.25 13:05:24 | 000,008,510 | -HS- | C] () -- C:\Users\User\AppData\Local\kxc7c1637vq56
[2011.05.25 13:05:24 | 000,008,510 | -HS- | C] () -- C:\ProgramData\kxc7c1637vq56
[2011.05.25 11:06:52 | 000,008,600 | -HS- | C] () -- C:\Users\User\AppData\Local\4y45lgp07mmaj2x5as6v7u6172566q0405101bw5g3s
[2011.05.25 11:06:52 | 000,008,418 | -HS- | C] () -- C:\ProgramData\4y45lgp07mmaj2x5as6v7u6172566q0405101bw5g3s
[2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2010.07.11 17:55:42 | 000,007,916 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2010.06.21 11:55:57 | 000,002,878 | ---- | C] () -- C:\Users\User\AppData\Roaming\wklnhst.dat
[2010.05.28 12:16:24 | 000,133,800 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.05.28 12:16:24 | 000,133,800 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.05.23 11:04:09 | 000,027,240 | ---- | C] () -- C:\Users\User\AppData\Roaming\nvModes.001
[2010.05.22 19:24:29 | 000,017,920 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.22 19:22:44 | 000,027,240 | ---- | C] () -- C:\Users\User\AppData\Roaming\nvModes.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.06.10 16:20:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Acreon
[2012.09.14 14:03:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BOM
[2012.10.23 13:02:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BrowserCompanion
[2010.05.19 09:31:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DigitalPersona
[2012.05.28 19:01:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\elsterformular
[2010.12.29 18:51:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GARMIN
[2011.07.16 10:05:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IrfanView
[2012.10.03 15:55:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PhotoScape
[2010.06.04 13:18:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\T-Mobile
[2010.08.29 17:06:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\T-Mobile Internet Manager
[2011.11.12 20:26:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeamViewer
[2010.06.21 11:55:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Template
[2011.09.13 15:21:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TS3Client
[2011.09.13 13:26:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ts3overlay
[2012.08.31 14:07:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\wargaming.net
 
========== Purity Check ==========
 
 

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 23.10.2012 12:53:25 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Downloads\Sysscanner
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 52,71% Memory free
6,19 Gb Paging File | 4,62 Gb Available in Paging File | 74,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,89 Gb Total Space | 44,19 Gb Free Space | 20,01% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 226,76 Gb Free Space | 97,37% Space Free | Partition Type: NTFS
Drive E: | 11,99 Gb Total Space | 1,50 Gb Free Space | 12,53% Space Free | Partition Type: NTFS
 
Computer Name: THOMAS-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [Browse with Paint Shop Pro 9] -- "C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\\Paint Shop Pro 9.exe" "/Browse" "%L" (Jasc Software, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{111CE623-4EFA-472B-88A3-909A23F0CEAE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{1A845E83-C59D-4CDE-9C49-B81DECDD1F5B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{2B7F17B6-D007-4CAA-A223-336F4CF32B9A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{2BB85F69-D742-42CD-BD7A-AEAE3B2C7F7B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{3852C6F2-B272-49A3-8BDC-659136B37509}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{59D1C9F6-1963-43C4-A41C-4976FDFC350C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{71057922-5A67-4EDB-90E0-AD3CAF494002}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{88B051C9-A1B9-4EBB-B5F7-93DFE83AFCB9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8AD9B13E-C7B0-463F-8434-8D8DFEF670B8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{95024284-9823-49D4-B4B1-7D666CCEC72D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9A8BC985-558C-4E46-AD52-F38848007B17}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{9F8B468C-E074-48C3-BD05-C2E98A3B0E3B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ADDF083E-F134-4A68-B428-6B70BBC00634}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C1EBEB00-5FC3-482A-8A1B-EFFAED8A3ACD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C775918F-D80A-46BB-9600-208B5660BBD1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{E9689643-7B7D-42BA-A681-15D921B526C7}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08B8FED9-15E9-4827-A52C-C300CA7CC76B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{0DABEBE9-CADE-4E20-AAEC-8701FE68AF3E}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"{16B8BE30-7250-45A4-96BC-D6AA0CCF30A9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{17B95879-6150-4CA3-B184-FC5A8616BD94}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{2BFD9EDC-1FD1-42D6-9343-FD79137558B7}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{2D5C1955-E4BC-40ED-BED1-F08CEB74A1AE}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{469061BF-CD74-48F5-B56D-F94525A78E89}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{4806BC46-FE67-4198-B9BC-9C9462E4E82A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{4EC45D1E-8DF2-4459-BAF4-E047CD162C78}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{5FF5F681-C6DD-4CC1-9DA9-2A7FCA4024BA}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{6051874C-4098-4B25-A013-2A378720923D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6AEC4BD6-FA46-40A4-B13F-0842AE72D61B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{6F5395E3-D807-4CF5-A9D7-34101007F0AF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{75E20AE5-376C-444B-8D1F-960EE93AE1E0}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{79809554-E69A-4B62-96F0-B6D95A5E8FD6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{91C8BEAB-C19B-41FE-8FE3-0FF8D25917FB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{95DC623E-7129-4F25-8244-53145FFA038D}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{A5906DAB-7BEB-4D25-B1D6-215F8AE9BDCF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{A719B6AD-5B5E-40E9-A6DE-3AE733092BBE}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"{A97BA7C4-F51A-4603-9A86-1A558AA0C1F4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{AF2739CD-3196-452E-8D54-81B0CFEA651E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{C92666C1-2B57-452B-9C3D-13E5CD5DB426}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{D7310273-E9FA-4EDF-9BAC-FA461E9E3705}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{DB9697FA-65D0-4FB2-A6C7-6AE0A50CA501}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"TCP Query User{1063C014-A2B4-4CB2-9B8B-50097999E8D1}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{290EA689-5694-4C6B-99BC-250B09A1271A}C:\users\public\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"TCP Query User{40F151EA-6173-42FA-B4B6-168E4AD9154C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{56C8D7A0-28DD-4F8C-9811-302491058194}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | 
"TCP Query User{6295E97E-C460-477E-AFEE-31E08D5EF606}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{80136E72-6519-4AD7-9FBE-40A599948E76}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{92129A43-85C9-4CC3-9A8B-728351325767}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"TCP Query User{9D8E216C-EAAC-441C-9750-BA5629C1CD37}C:\users\public\games\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"TCP Query User{9EBEC926-544A-41AC-8E0D-A0B5A171996B}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{A23D0C11-132C-49E0-A23C-9012A2072EEF}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe | 
"TCP Query User{AD151BDF-450A-41D9-852D-B674F5EB61D6}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{B48BD3B8-6232-4C81-9081-153605F85D8B}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 
"TCP Query User{B551A4C2-1B71-4601-B43C-DB1958A0B26C}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"TCP Query User{BC789C6D-0ECA-4492-859F-699FF242CDF8}C:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | 
"TCP Query User{C4174ED5-87FA-4E70-9451-6FC159CC099B}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"TCP Query User{C8A80A8D-6334-4F27-B798-ABDEB26A46D8}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"TCP Query User{EAF702DA-12F9-4139-9130-DE1A8ACF5D70}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{055B13E3-4AD8-4B3B-95D3-394E615A0E97}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{0BF006CB-2B40-4D4F-B76D-B80EA1084C5A}C:\users\public\games\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"UDP Query User{0C325E71-4363-4A15-AEF6-3B49BF78D0E8}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{11B4AA9B-0DD1-45C3-9C64-D5335D47F7DE}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{129A6B53-9FF5-4ABA-AD4E-1B0751855793}C:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | 
"UDP Query User{1772F24C-4FE9-4D38-8AF2-B982DC61CEB5}C:\users\public\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"UDP Query User{32F4D3C1-A3C1-4FE3-9B68-1E8C6948B902}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{6BD585CD-3E3E-483A-83CB-47E42B9E5E84}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{6BDD1661-8BB8-4F07-9E4A-637FABC35571}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"UDP Query User{6C546C10-4FB6-4660-BEA7-F0488BDFB6EF}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"UDP Query User{6CBBE23B-E9EB-476F-8004-28F7DF0B9788}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 
"UDP Query User{8461974C-6269-4A63-909A-E251DC80AFD6}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"UDP Query User{8703058B-CB1E-4735-8CAB-0F8AA56084EE}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{C8DDA51B-F2FD-4DB8-B85E-25E116C46FFD}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | 
"UDP Query User{E13218D1-AA9F-4BD1-880A-C3F6F40ED14D}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe | 
"UDP Query User{E8696085-7DC2-40E8-BAF3-4AC0D8592232}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{FA9CB66D-877E-4600-81FC-656D8455F953}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.5500
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1C12B0B2-91FB-439A-A64D-1A239F0B7FAB}" = Die ersten 10 Jahre
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D356AA9-2D0C-4373-A762-B42F1A289233}" = MSCU for Microsoft Vista
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Security Suite CBE 12
"{47F3EDF5-C821-49E6-B9B3-D00BF0A9BAB8}" = DigitalPersona Personal 4.11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F0EE12C-44B1-4FCB-87E3-4686C888774A}" = Hercules Classic Webcam Drivers
"{65AA10FF-6F32-48AE-881F-FC96E7BF3A5E}" = ESU for Microsoft Vista
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install
"{8347A7A5-4AB8-433F-82AA-496B0D189A9B}" = HP User Guides 0088
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE52F670-9E10-4C0A-B0CB-D78BAB0A7923}" = NimoFilm
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BH - RT" = BH - RT
"Biet-O-Matic v2.14.6" = Biet-O-Matic v2.14.6
"CK PopUp Killer Pro" = CK PopUp Killer Pro
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Security Suite CBE 12
"IrfanView" = IrfanView (remove only)
"Lexmark Supplies Monitor" = Lexmark Supplies Monitor
"Lexmark Z65" = Lexmark Z65
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PhotoScape" = PhotoScape
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"T-Mobile Internet Manager" = T-Mobile Internet Manager
"VLC media player" = VLC media player 2.0.3
"VueScan" = VueScan
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.10.2012 03:34:38 | Computer Name = Thomas-PC | Source = VSS | ID = 8193
Description = 
 
Error - 18.10.2012 05:58:43 | Computer Name = Thomas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16450, Zeitstempel
 0x503723f6, fehlerhaftes Modul GenericAskToolbar.dll, Version 5.14.1.20064, Zeitstempel
 0x4f052516, Ausnahmecode 0xc0000409, Fehleroffset 0x0001153e,  Prozess-ID 0xad8, 
Anwendungsstartzeit 01cdad16eec01d50.
 
Error - 18.10.2012 06:15:45 | Computer Name = Thomas-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 12bc  Anfangszeit: 01cdad170b2eadd0  Zeitpunkt
 der Beendigung: 109
 
Error - 18.10.2012 06:16:16 | Computer Name = Thomas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16450, Zeitstempel
 0x503723f6, fehlerhaftes Modul GenericAskToolbar.dll, Version 5.14.1.20064, Zeitstempel
 0x4f052516, Ausnahmecode 0xc0000409, Fehleroffset 0x0001153e,  Prozess-ID 0x1234,
 Anwendungsstartzeit 01cdad1996177dd0.
 
Error - 18.10.2012 06:16:21 | Computer Name = Thomas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16450, Zeitstempel
 0x503723f6, fehlerhaftes Modul GenericAskToolbar.dll, Version 5.14.1.20064, Zeitstempel
 0x4f052516, Ausnahmecode 0xc0000409, Fehleroffset 0x0001153e,  Prozess-ID 0x11dc,
 Anwendungsstartzeit 01cdad199dc3c160.
 
Error - 19.10.2012 02:11:56 | Computer Name = Thomas-PC | Source = VSS | ID = 8193
Description = 
 
Error - 19.10.2012 03:34:07 | Computer Name = Thomas-PC | Source = VSS | ID = 8193
Description = 
 
Error - 21.10.2012 06:27:40 | Computer Name = Thomas-PC | Source = VSS | ID = 8193
Description = 
 
Error - 22.10.2012 06:22:20 | Computer Name = Thomas-PC | Source = VSS | ID = 8193
Description = 
 
Error - 23.10.2012 03:15:07 | Computer Name = Thomas-PC | Source = VSS | ID = 8193
Description = 
 
[ DigitalPersona Pro Events ]
Error - 22.02.2011 07:54:56 | Computer Name = Thomas-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
 
Error - 14.03.2011 12:12:14 | Computer Name = Thomas-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
 
Error - 17.06.2011 13:10:42 | Computer Name = Thomas-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
 
Error - 17.06.2011 13:10:44 | Computer Name = Thomas-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
 
Error - 19.08.2011 14:04:43 | Computer Name = Thomas-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
 
Error - 01.11.2011 12:12:50 | Computer Name = Thomas-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
 
[ System Events ]
Error - 21.10.2012 01:59:35 | Computer Name = Thomas-PC | Source = DCOM | ID = 10001
Description = 
 
Error - 21.10.2012 02:00:42 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.10.2012 20:09:55 | Computer Name = Thomas-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 22.10.2012 05:36:32 | Computer Name = Thomas-PC | Source = DCOM | ID = 10001
Description = 
 
Error - 22.10.2012 05:37:44 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.10.2012 03:51:57 | Computer Name = Thomas-PC | Source = DCOM | ID = 10001
Description = 
 
Error - 23.10.2012 03:53:10 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.10.2012 04:39:15 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 23.10.2012 04:43:49 | Computer Name = Thomas-PC | Source = DCOM | ID = 10001
Description = 
 
Error - 23.10.2012 04:45:17 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

Psychotic · 24.10.2012, 10:37

Prima!

Fehlt nur noch das Gmer-log!

Tommy25 · 24.10.2012, 10:42

und das GMER Log ist das Problem, es läßt sich nicht hochladen als Code tag...ist wohl zu lang

..was tun?

Psychotic · 24.10.2012, 10:46

Zippe das log und hänge es als Anhang an! Diese Option findest du unterhalb des
Antwortfensters!

Tommy25 · 24.10.2012, 10:51

hier der Versuch...Anhang 45446

Psychotic · 24.10.2012, 12:15

Schritt 1: Scan mit TDSS-Killer

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

Tommy25 · 24.10.2012, 13:48

Code:

ATTFilter

14:22:41.0644 0648  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
14:22:42.0065 0648  ============================================================
14:22:42.0065 0648  Current date / time: 2012/10/24 14:22:42.0065
14:22:42.0065 0648  SystemInfo:
14:22:42.0065 0648  
14:22:42.0065 0648  OS Version: 6.0.6002 ServicePack: 2.0
14:22:42.0065 0648  Product type: Workstation
14:22:42.0065 0648  ComputerName: THOMAS-PC
14:22:42.0065 0648  UserName: User
14:22:42.0065 0648  Windows directory: C:\Windows
14:22:42.0065 0648  System windows directory: C:\Windows
14:22:42.0065 0648  Processor architecture: Intel x86
14:22:42.0065 0648  Number of processors: 2
14:22:42.0065 0648  Page size: 0x1000
14:22:42.0065 0648  Boot type: Normal boot
14:22:42.0065 0648  ============================================================
14:22:42.0486 0648  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:22:42.0486 0648  Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:22:42.0486 0648  ============================================================
14:22:42.0486 0648  \Device\Harddisk0\DR0:
14:22:42.0486 0648  MBR partitions:
14:22:42.0486 0648  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1B9CA365
14:22:42.0486 0648  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B9CA3A4, BlocksNum 0x17FA1DD
14:22:42.0486 0648  \Device\Harddisk1\DR1:
14:22:42.0486 0648  MBR partitions:
14:22:42.0486 0648  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
14:22:42.0486 0648  ============================================================
14:22:42.0502 0648  C: <-> \Device\Harddisk0\DR0\Partition1
14:22:42.0502 0648  D: <-> \Device\Harddisk1\DR1\Partition1
14:22:42.0549 0648  E: <-> \Device\Harddisk0\DR0\Partition2
14:22:42.0549 0648  ============================================================
14:22:42.0549 0648  Initialize success
14:22:42.0549 0648  ============================================================
14:23:02.0766 1472  ============================================================
14:23:02.0766 1472  Scan started
14:23:02.0766 1472  Mode: Manual; 
14:23:02.0766 1472  ============================================================
14:23:03.0078 1472  ================ Scan system memory ========================
14:23:03.0078 1472  System memory - ok
14:23:03.0078 1472  ================ Scan services =============================
14:23:03.0297 1472  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
14:23:03.0297 1472  ACPI - ok
14:23:03.0390 1472  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:23:03.0390 1472  AdobeARMservice - ok
14:23:03.0453 1472  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:23:03.0453 1472  AdobeFlashPlayerUpdateSvc - ok
14:23:03.0515 1472  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:23:03.0515 1472  adp94xx - ok
14:23:03.0562 1472  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:23:03.0562 1472  adpahci - ok
14:23:03.0577 1472  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
14:23:03.0577 1472  adpu160m - ok
14:23:03.0624 1472  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:23:03.0624 1472  adpu320 - ok
14:23:03.0655 1472  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:23:03.0671 1472  AeLookupSvc - ok
14:23:03.0718 1472  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
14:23:03.0718 1472  AFD - ok
14:23:03.0765 1472  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:23:03.0765 1472  agp440 - ok
14:23:03.0780 1472  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
14:23:03.0780 1472  aic78xx - ok
14:23:03.0811 1472  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
14:23:03.0811 1472  ALG - ok
14:23:03.0827 1472  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:23:03.0827 1472  aliide - ok
14:23:03.0843 1472  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
14:23:03.0843 1472  amdagp - ok
14:23:03.0858 1472  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
14:23:03.0858 1472  amdide - ok
14:23:03.0874 1472  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
14:23:03.0874 1472  AmdK7 - ok
14:23:03.0905 1472  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:23:03.0905 1472  AmdK8 - ok
14:23:03.0983 1472  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
14:23:03.0983 1472  Appinfo - ok
14:23:04.0014 1472  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
14:23:04.0014 1472  arc - ok
14:23:04.0061 1472  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:23:04.0061 1472  arcsas - ok
14:23:04.0108 1472  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:23:04.0108 1472  AsyncMac - ok
14:23:04.0155 1472  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:23:04.0155 1472  atapi - ok
14:23:04.0201 1472  [ 69E65A2CE11619F0C868967CA9540B80 ] ATSWPDRV        C:\Windows\system32\DRIVERS\ATSwpDrv.sys
14:23:04.0201 1472  ATSWPDRV - ok
14:23:04.0248 1472  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:23:04.0248 1472  AudioEndpointBuilder - ok
14:23:04.0248 1472  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
14:23:04.0264 1472  Audiosrv - ok
14:23:04.0373 1472  [ 38AE54966E8C0004F20965BBC00F74FB ] AVP             C:\Program Files\Kaspersky Security Suite CBE 12\avp.exe
14:23:04.0373 1472  AVP - ok
14:23:04.0435 1472  [ CF6A67C90951E3E763D2135DEDE44B85 ] BCM43XV         C:\Windows\system32\DRIVERS\bcmwl6.sys
14:23:04.0435 1472  BCM43XV - ok
14:23:04.0498 1472  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:23:04.0498 1472  Beep - ok
14:23:04.0545 1472  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
14:23:04.0545 1472  BFE - ok
14:23:04.0810 1472  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
14:23:04.0810 1472  BITS - ok
14:23:04.0825 1472  blbdrive - ok
14:23:04.0857 1472  [ D002033C1A37F6AF51B5F0BA6D0211BC ] BMLoad          C:\Windows\system32\drivers\BMLoad.sys
14:23:04.0857 1472  BMLoad - ok
14:23:04.0888 1472  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:23:04.0888 1472  bowser - ok
14:23:04.0919 1472  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
14:23:04.0919 1472  BrFiltLo - ok
14:23:04.0935 1472  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
14:23:04.0935 1472  BrFiltUp - ok
14:23:04.0981 1472  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
14:23:04.0981 1472  Browser - ok
14:23:05.0013 1472  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
14:23:05.0013 1472  Brserid - ok
14:23:05.0028 1472  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
14:23:05.0028 1472  BrSerWdm - ok
14:23:05.0059 1472  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
14:23:05.0059 1472  BrUsbMdm - ok
14:23:05.0059 1472  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
14:23:05.0059 1472  BrUsbSer - ok
14:23:05.0122 1472  [ 6D39C954799B63BA866910234CF7D726 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
14:23:05.0122 1472  BthEnum - ok
14:23:05.0153 1472  [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
14:23:05.0153 1472  BTHMODEM - ok
14:23:05.0215 1472  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
14:23:05.0215 1472  BthPan - ok
14:23:05.0278 1472  [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
14:23:05.0278 1472  BTHPORT - ok
14:23:05.0309 1472  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ         C:\Windows\System32\bthserv.dll
14:23:05.0309 1472  BthServ - ok
14:23:05.0325 1472  [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
14:23:05.0325 1472  BTHUSB - ok
14:23:05.0371 1472  [ 99AEEA7CEFDFC6E4151A8F620D682088 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
14:23:05.0371 1472  btwaudio - ok
14:23:05.0387 1472  [ 195872E48A7FB01F8BC9B800F70F4054 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
14:23:05.0387 1472  btwavdt - ok
14:23:05.0403 1472  [ 0724E7D6C9B6A289EDDDA33FA8176E80 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
14:23:05.0403 1472  btwrchid - ok
14:23:05.0449 1472  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:23:05.0449 1472  cdfs - ok
14:23:05.0512 1472  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:23:05.0512 1472  cdrom - ok
14:23:05.0574 1472  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
14:23:05.0574 1472  CertPropSvc - ok
14:23:05.0605 1472  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
14:23:05.0605 1472  circlass - ok
14:23:05.0652 1472  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
14:23:05.0652 1472  CLFS - ok
14:23:05.0730 1472  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:23:05.0730 1472  clr_optimization_v2.0.50727_32 - ok
14:23:05.0808 1472  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:23:05.0808 1472  clr_optimization_v4.0.30319_32 - ok
14:23:05.0839 1472  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:23:05.0839 1472  CmBatt - ok
14:23:05.0871 1472  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:23:05.0871 1472  cmdide - ok
14:23:05.0964 1472  [ D8774ACE03B46C9B01A49818055F9AD4 ] Com4Qlb         C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
14:23:05.0964 1472  Com4Qlb - ok
14:23:05.0980 1472  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:23:05.0980 1472  Compbatt - ok
14:23:05.0980 1472  COMSysApp - ok
14:23:06.0011 1472  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:23:06.0011 1472  crcdisk - ok
14:23:06.0027 1472  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
14:23:06.0027 1472  Crusoe - ok
14:23:06.0089 1472  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:23:06.0089 1472  CryptSvc - ok
14:23:06.0167 1472  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:23:06.0167 1472  DcomLaunch - ok
14:23:06.0198 1472  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:23:06.0214 1472  DfsC - ok
14:23:06.0292 1472  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
14:23:06.0292 1472  DFSR - ok
14:23:06.0339 1472  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
14:23:06.0339 1472  Dhcp - ok
14:23:06.0385 1472  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
14:23:06.0385 1472  disk - ok
14:23:06.0417 1472  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:23:06.0432 1472  Dnscache - ok
14:23:06.0479 1472  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:23:06.0479 1472  dot3svc - ok
14:23:06.0526 1472  [ 4F59C172C094E1A1D46463A8DC061CBD ] dot4            C:\Windows\system32\DRIVERS\Dot4.sys
14:23:06.0526 1472  dot4 - ok
14:23:06.0557 1472  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:23:06.0557 1472  Dot4Print - ok
14:23:06.0588 1472  [ A84D8A9006B1AE515CC7B6B3586C295A ] Dot4Scan        C:\Windows\system32\DRIVERS\Dot4Scan.sys
14:23:06.0588 1472  Dot4Scan - ok
14:23:06.0604 1472  [ C55004CA6B419B6695970DFE849B122F ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
14:23:06.0604 1472  dot4usb - ok
14:23:06.0791 1472  [ 5BC1D876DFD53C31C5FC65D2E9614015 ] DpHost          C:\Program Files\DigitalPersona\Bin\DpHostW.exe
14:23:06.0791 1472  DpHost - ok
14:23:06.0822 1472  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
14:23:06.0838 1472  DPS - ok
14:23:06.0885 1472  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:23:06.0885 1472  drmkaud - ok
14:23:06.0931 1472  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:23:06.0931 1472  DXGKrnl - ok
14:23:06.0978 1472  [ C0B00E55CF82D122D25983C7A6A53DEA ] E100B           C:\Windows\system32\DRIVERS\e100b325.sys
14:23:06.0978 1472  E100B - ok
14:23:07.0009 1472  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
14:23:07.0009 1472  E1G60 - ok
14:23:07.0072 1472  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
14:23:07.0072 1472  EapHost - ok
14:23:07.0119 1472  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
14:23:07.0119 1472  Ecache - ok
14:23:07.0181 1472  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:23:07.0181 1472  ehRecvr - ok
14:23:07.0197 1472  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
14:23:07.0197 1472  ehSched - ok
14:23:07.0212 1472  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
14:23:07.0212 1472  ehstart - ok
14:23:07.0228 1472  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:23:07.0243 1472  elxstor - ok
14:23:07.0290 1472  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
14:23:07.0290 1472  EMDMgmt - ok
14:23:07.0337 1472  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
14:23:07.0337 1472  EventSystem - ok
14:23:07.0399 1472  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
14:23:07.0415 1472  exfat - ok
14:23:07.0446 1472  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:23:07.0446 1472  fastfat - ok
14:23:07.0477 1472  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:23:07.0477 1472  fdc - ok
14:23:07.0509 1472  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:23:07.0509 1472  fdPHost - ok
14:23:07.0540 1472  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:23:07.0540 1472  FDResPub - ok
14:23:07.0587 1472  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:23:07.0587 1472  FileInfo - ok
14:23:07.0618 1472  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:23:07.0618 1472  Filetrace - ok
14:23:07.0618 1472  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:23:07.0618 1472  flpydisk - ok
14:23:07.0727 1472  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:23:07.0727 1472  FltMgr - ok
14:23:07.0805 1472  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
14:23:07.0805 1472  FontCache - ok
14:23:07.0867 1472  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:23:07.0867 1472  FontCache3.0.0.0 - ok
14:23:07.0883 1472  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:23:07.0899 1472  Fs_Rec - ok
14:23:07.0930 1472  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:23:07.0930 1472  gagp30kx - ok
14:23:07.0961 1472  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:23:07.0977 1472  gpsvc - ok
14:23:08.0055 1472  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
14:23:08.0055 1472  gupdate - ok
14:23:08.0070 1472  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
14:23:08.0070 1472  gupdatem - ok
14:23:08.0101 1472  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:23:08.0117 1472  HdAudAddService - ok
14:23:08.0164 1472  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:23:08.0179 1472  HDAudBus - ok
14:23:08.0195 1472  [ FCB3F4BE408F72C1BD81BCABA87FC22F ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
14:23:08.0195 1472  HidBth - ok
14:23:08.0226 1472  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:23:08.0226 1472  HidIr - ok
14:23:08.0273 1472  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
14:23:08.0273 1472  hidserv - ok
14:23:08.0273 1472  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:23:08.0273 1472  HidUsb - ok
14:23:08.0320 1472  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:23:08.0320 1472  hkmsvc - ok
14:23:08.0398 1472  [ 89F9E1984C1CD9E5F4FE39642D886E11 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
14:23:08.0398 1472  HP Health Check Service - ok
14:23:08.0445 1472  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
14:23:08.0445 1472  HpCISSs - ok
14:23:08.0460 1472  [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
14:23:08.0460 1472  HpqKbFiltr - ok
14:23:08.0476 1472  [ 115C0933B3ED51DFBEC4449348C8065B ] HpqRemHid       C:\Windows\system32\DRIVERS\HpqRemHid.sys
14:23:08.0476 1472  HpqRemHid - ok
14:23:08.0523 1472  [ 04C1DCBB226C6AE647B794833CE3CEB6 ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
14:23:08.0523 1472  hpqwmiex - ok
14:23:08.0538 1472  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
14:23:08.0538 1472  HSFHWAZL - ok
14:23:08.0585 1472  [ EC36F1D542ED4252390D446BF6D4DFD0 ] HSF_DPV         C:\Windows\system32\DRIVERS\VSTDPV3.SYS
14:23:08.0601 1472  HSF_DPV - ok
14:23:08.0632 1472  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:23:08.0632 1472  HTTP - ok
14:23:08.0757 1472  [ 92CA47DA32009CCC00A5ADED04ABBD78 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
14:23:08.0757 1472  hwdatacard - ok
14:23:08.0819 1472  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
14:23:08.0819 1472  i2omp - ok
14:23:08.0866 1472  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
14:23:08.0866 1472  i8042prt - ok
14:23:08.0913 1472  [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
14:23:08.0928 1472  IAANTMON - ok
14:23:09.0006 1472  [ 496DB78E6A0C4C44023D9A92B4A7AC31 ] ialm            C:\Windows\system32\DRIVERS\igdkmd32.sys
14:23:09.0006 1472  ialm - ok
14:23:09.0053 1472  [ D483687EACE0C065EE772481A96E05F5 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
14:23:09.0053 1472  iaStor - ok
14:23:09.0084 1472  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
14:23:09.0084 1472  iaStorV - ok
14:23:09.0162 1472  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:23:09.0162 1472  IDriverT - ok
14:23:09.0271 1472  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:23:09.0271 1472  idsvc - ok
14:23:09.0303 1472  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:23:09.0303 1472  iirsp - ok
14:23:09.0349 1472  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
14:23:09.0349 1472  IKEEXT - ok
14:23:09.0443 1472  [ 9F5898EBD3BBE82EADF2EFA595F02A72 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
14:23:09.0459 1472  IntcAzAudAddService - ok
14:23:09.0505 1472  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:23:09.0505 1472  intelide - ok
14:23:09.0521 1472  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:23:09.0521 1472  intelppm - ok
14:23:09.0568 1472  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:23:09.0568 1472  IPBusEnum - ok
14:23:09.0599 1472  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:23:09.0599 1472  IpFilterDriver - ok
14:23:09.0646 1472  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:23:09.0646 1472  iphlpsvc - ok
14:23:09.0646 1472  IpInIp - ok
14:23:09.0771 1472  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
14:23:09.0771 1472  IPMIDRV - ok
14:23:09.0833 1472  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
14:23:09.0833 1472  IPNAT - ok
14:23:09.0895 1472  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:23:09.0895 1472  IRENUM - ok
14:23:09.0911 1472  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:23:09.0911 1472  isapnp - ok
14:23:09.0973 1472  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
14:23:09.0973 1472  iScsiPrt - ok
14:23:09.0989 1472  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
14:23:09.0989 1472  iteatapi - ok
14:23:10.0020 1472  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
14:23:10.0020 1472  iteraid - ok
14:23:10.0067 1472  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:23:10.0067 1472  kbdclass - ok
14:23:10.0098 1472  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:23:10.0098 1472  kbdhid - ok
14:23:10.0129 1472  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
14:23:10.0129 1472  KeyIso - ok
14:23:10.0192 1472  [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] KL1             C:\Windows\system32\DRIVERS\kl1.sys
14:23:10.0192 1472  KL1 - ok
14:23:10.0207 1472  [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2             C:\Windows\system32\DRIVERS\kl2.sys
14:23:10.0207 1472  kl2 - ok
14:23:10.0270 1472  [ AF04D0CE7939324E9A605B159295706C ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
14:23:10.0270 1472  KLIF - ok
14:23:10.0301 1472  [ 6295A19003F935ECC6CCBE9E2376427B ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
14:23:10.0301 1472  KLIM6 - ok
14:23:10.0317 1472  [ 3DE1771C135328420315E21DDE229BBA ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
14:23:10.0317 1472  klmouflt - ok
14:23:10.0363 1472  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:23:10.0363 1472  KSecDD - ok
14:23:10.0410 1472  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:23:10.0426 1472  KtmRm - ok
14:23:10.0457 1472  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:23:10.0473 1472  LanmanServer - ok
14:23:10.0488 1472  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:23:10.0504 1472  LanmanWorkstation - ok
14:23:10.0535 1472  [ D043E4074A0C16D26CCC53C1278F9FF6 ] LexBceS         C:\Windows\System32\LEXBCES.EXE
14:23:10.0535 1472  LexBceS - ok
14:23:10.0582 1472  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:23:10.0582 1472  lltdio - ok
14:23:10.0613 1472  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:23:10.0613 1472  lltdsvc - ok
14:23:10.0644 1472  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:23:10.0644 1472  lmhosts - ok
14:23:10.0691 1472  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:23:10.0691 1472  LSI_FC - ok
14:23:10.0707 1472  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:23:10.0707 1472  LSI_SAS - ok
14:23:10.0722 1472  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:23:10.0722 1472  LSI_SCSI - ok
14:23:10.0753 1472  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
14:23:10.0753 1472  luafv - ok
14:23:10.0769 1472  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:23:10.0769 1472  Mcx2Svc - ok
14:23:10.0816 1472  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
14:23:10.0816 1472  megasas - ok
14:23:10.0878 1472  Microsoft SharePoint Workspace Audit Service - ok
14:23:10.0909 1472  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
14:23:10.0925 1472  MMCSS - ok
14:23:10.0941 1472  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
14:23:10.0941 1472  Modem - ok
14:23:10.0987 1472  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:23:10.0987 1472  monitor - ok
14:23:11.0034 1472  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:23:11.0034 1472  mouclass - ok
14:23:11.0050 1472  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:23:11.0050 1472  mouhid - ok
14:23:11.0081 1472  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
14:23:11.0081 1472  MountMgr - ok
14:23:11.0143 1472  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:23:11.0143 1472  MozillaMaintenance - ok
14:23:11.0175 1472  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:23:11.0175 1472  mpio - ok
14:23:11.0221 1472  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:23:11.0221 1472  mpsdrv - ok
14:23:11.0268 1472  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:23:11.0268 1472  MpsSvc - ok
14:23:11.0299 1472  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
14:23:11.0299 1472  Mraid35x - ok
14:23:11.0331 1472  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:23:11.0331 1472  MRxDAV - ok
14:23:11.0346 1472  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:23:11.0346 1472  mrxsmb - ok
14:23:11.0377 1472  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:23:11.0377 1472  mrxsmb10 - ok
14:23:11.0424 1472  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:23:11.0424 1472  mrxsmb20 - ok
14:23:11.0455 1472  [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:23:11.0455 1472  msahci - ok
14:23:11.0471 1472  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:23:11.0471 1472  msdsm - ok
14:23:11.0502 1472  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
14:23:11.0502 1472  MSDTC - ok
14:23:11.0533 1472  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:23:11.0533 1472  Msfs - ok
14:23:11.0580 1472  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:23:11.0580 1472  msisadrv - ok
14:23:11.0611 1472  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:23:11.0611 1472  MSiSCSI - ok
14:23:11.0627 1472  msiserver - ok
14:23:11.0658 1472  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:23:11.0658 1472  MSKSSRV - ok
14:23:11.0674 1472  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:23:11.0674 1472  MSPCLOCK - ok
14:23:11.0689 1472  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:23:11.0689 1472  MSPQM - ok
14:23:11.0736 1472  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:23:11.0736 1472  MsRPC - ok
14:23:11.0752 1472  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
14:23:11.0767 1472  mssmbios - ok
14:23:11.0783 1472  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:23:11.0783 1472  MSTEE - ok
14:23:11.0814 1472  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
14:23:11.0814 1472  Mup - ok
14:23:11.0845 1472  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
14:23:11.0861 1472  napagent - ok
14:23:11.0908 1472  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:23:11.0908 1472  NativeWifiP - ok
14:23:11.0955 1472  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:23:11.0970 1472  NDIS - ok
14:23:12.0001 1472  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:23:12.0001 1472  NdisTapi - ok
14:23:12.0033 1472  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:23:12.0033 1472  Ndisuio - ok
14:23:12.0079 1472  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:23:12.0079 1472  NdisWan - ok
14:23:12.0111 1472  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:23:12.0111 1472  NDProxy - ok
14:23:12.0126 1472  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:23:12.0126 1472  NetBIOS - ok
14:23:12.0157 1472  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
14:23:12.0157 1472  netbt - ok
14:23:12.0173 1472  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
14:23:12.0173 1472  Netlogon - ok
14:23:12.0220 1472  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
14:23:12.0220 1472  Netman - ok
14:23:12.0267 1472  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
14:23:12.0267 1472  netprofm - ok
14:23:12.0313 1472  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:23:12.0313 1472  NetTcpPortSharing - ok
14:23:12.0423 1472  [ 25ACCCFC33DD448B9D3037C5E439E830 ] NETw4v32        C:\Windows\system32\DRIVERS\NETw4v32.sys
14:23:12.0438 1472  NETw4v32 - ok
14:23:12.0579 1472  [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32        C:\Windows\system32\DRIVERS\NETw5v32.sys
14:23:12.0594 1472  NETw5v32 - ok
14:23:12.0625 1472  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:23:12.0625 1472  nfrd960 - ok
14:23:12.0672 1472  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:23:12.0672 1472  NlaSvc - ok
14:23:12.0719 1472  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:23:12.0719 1472  Npfs - ok
14:23:12.0750 1472  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
14:23:12.0750 1472  nsi - ok
14:23:12.0781 1472  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:23:12.0781 1472  nsiproxy - ok
14:23:12.0844 1472  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:23:12.0844 1472  Ntfs - ok
14:23:12.0875 1472  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
14:23:12.0875 1472  ntrigdigi - ok
14:23:12.0906 1472  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
14:23:12.0906 1472  Null - ok
14:23:13.0281 1472  [ D3F22DA8F670EFD15D348B5952769CEF ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:23:13.0343 1472  nvlddmkm - ok
14:23:13.0374 1472  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:23:13.0374 1472  nvraid - ok
14:23:13.0390 1472  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:23:13.0390 1472  nvstor - ok
14:23:13.0452 1472  [ A3B80E6B7CDE9660F639658739A5824E ] nvsvc           C:\Windows\system32\nvvsvc.exe
14:23:13.0452 1472  nvsvc - ok
14:23:13.0546 1472  [ 61FF84F865B4414EFDC11856BF5757AD ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:23:13.0561 1472  nvUpdatusService - ok
14:23:13.0593 1472  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:23:13.0593 1472  nv_agp - ok
14:23:13.0593 1472  NwlnkFlt - ok
14:23:13.0608 1472  NwlnkFwd - ok
14:23:13.0655 1472  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
14:23:13.0655 1472  ohci1394 - ok
14:23:13.0717 1472  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:23:13.0717 1472  ose - ok
14:23:13.0905 1472  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:23:13.0936 1472  osppsvc - ok
14:23:13.0998 1472  [ 71CFFB1E06AA8978A7B4A346C191F8BA ] ovt530          C:\Windows\system32\Drivers\ov530vid.sys
14:23:13.0998 1472  ovt530 - ok
14:23:14.0045 1472  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
14:23:14.0045 1472  p2pimsvc - ok
14:23:14.0061 1472  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:23:14.0061 1472  p2psvc - ok
14:23:14.0092 1472  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
14:23:14.0092 1472  Parport - ok
14:23:14.0139 1472  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:23:14.0139 1472  partmgr - ok
14:23:14.0170 1472  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
14:23:14.0170 1472  Parvdm - ok
14:23:14.0201 1472  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:23:14.0217 1472  PcaSvc - ok
14:23:14.0263 1472  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
14:23:14.0263 1472  pci - ok
14:23:14.0279 1472  [ 3B1901E401473E03EB8C874271E50C26 ] pciide          C:\Windows\system32\drivers\pciide.sys
14:23:14.0279 1472  pciide - ok
14:23:14.0310 1472  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:23:14.0310 1472  pcmcia - ok
14:23:14.0357 1472  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:23:14.0373 1472  PEAUTH - ok
14:23:14.0451 1472  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
14:23:14.0466 1472  pla - ok
14:23:14.0513 1472  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:23:14.0513 1472  PlugPlay - ok
14:23:14.0575 1472  [ 2B81B089D9364083F5046AD1307A65BE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
14:23:14.0575 1472  Pml Driver HPZ12 - ok
14:23:14.0607 1472  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
14:23:14.0607 1472  PNRPAutoReg - ok
14:23:14.0622 1472  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
14:23:14.0622 1472  PNRPsvc - ok
14:23:14.0669 1472  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:23:14.0669 1472  PolicyAgent - ok
14:23:14.0716 1472  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:23:14.0716 1472  PptpMiniport - ok
14:23:14.0747 1472  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
14:23:14.0747 1472  Processor - ok
14:23:14.0778 1472  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:23:14.0778 1472  ProfSvc - ok
14:23:14.0794 1472  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
14:23:14.0794 1472  ProtectedStorage - ok
14:23:14.0825 1472  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
14:23:14.0825 1472  PSched - ok
14:23:14.0872 1472  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:23:14.0887 1472  ql2300 - ok
14:23:14.0919 1472  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:23:14.0919 1472  ql40xx - ok
14:23:15.0012 1472  [ 599FF0B96561CA4F0899FE7F1C4CCE9A ] QPCapSvc        C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
14:23:15.0012 1472  QPCapSvc - ok
14:23:15.0043 1472  [ 8FF5CAD74C3C5E692E1610E861609A3B ] QPSched         C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
14:23:15.0043 1472  QPSched - ok
14:23:15.0075 1472  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
14:23:15.0075 1472  QWAVE - ok
14:23:15.0121 1472  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:23:15.0121 1472  QWAVEdrv - ok
14:23:15.0153 1472  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:23:15.0153 1472  RasAcd - ok
14:23:15.0168 1472  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
14:23:15.0184 1472  RasAuto - ok
14:23:15.0215 1472  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:23:15.0215 1472  Rasl2tp - ok
14:23:15.0262 1472  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
14:23:15.0262 1472  RasMan - ok
14:23:15.0324 1472  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:23:15.0324 1472  RasPppoe - ok
14:23:15.0355 1472  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:23:15.0355 1472  RasSstp - ok
14:23:15.0387 1472  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:23:15.0402 1472  rdbss - ok
14:23:15.0418 1472  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:23:15.0433 1472  RDPCDD - ok
14:23:15.0449 1472  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
14:23:15.0465 1472  rdpdr - ok
14:23:15.0465 1472  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:23:15.0465 1472  RDPENCDD - ok
14:23:15.0511 1472  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:23:15.0511 1472  RDPWD - ok
14:23:15.0574 1472  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:23:15.0574 1472  RemoteAccess - ok
14:23:15.0605 1472  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:23:15.0605 1472  RemoteRegistry - ok
14:23:15.0636 1472  [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
14:23:15.0636 1472  RFCOMM - ok
14:23:15.0730 1472  [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
14:23:15.0730 1472  RichVideo - ok
14:23:15.0761 1472  [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
14:23:15.0761 1472  rimmptsk - ok
14:23:15.0792 1472  [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
14:23:15.0792 1472  rimsptsk - ok
14:23:15.0792 1472  [ D231B577024AA324AF13A42F3A807D10 ] rismxdp         C:\Windows\system32\DRIVERS\rixdptsk.sys
14:23:15.0792 1472  rismxdp - ok
14:23:15.0808 1472  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
14:23:15.0823 1472  RpcLocator - ok
14:23:15.0870 1472  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
14:23:15.0870 1472  RpcSs - ok
14:23:15.0901 1472  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:23:15.0901 1472  rspndr - ok
14:23:15.0948 1472  [ 9A929308A64183D3D9DCCBB6DF4BADAE ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
14:23:15.0948 1472  RTL8169 - ok
14:23:15.0948 1472  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
14:23:15.0948 1472  SamSs - ok
14:23:15.0979 1472  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:23:15.0979 1472  sbp2port - ok
14:23:16.0026 1472  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:23:16.0042 1472  SCardSvr - ok
14:23:16.0089 1472  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
14:23:16.0089 1472  Schedule - ok
14:23:16.0135 1472  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:23:16.0135 1472  SCPolicySvc - ok
14:23:16.0167 1472  [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
14:23:16.0167 1472  sdbus - ok
14:23:16.0198 1472  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:23:16.0198 1472  SDRSVC - ok
14:23:16.0229 1472  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:23:16.0229 1472  secdrv - ok
14:23:16.0260 1472  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
14:23:16.0260 1472  seclogon - ok
14:23:16.0276 1472  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
14:23:16.0291 1472  SENS - ok
14:23:16.0291 1472  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
14:23:16.0291 1472  Serenum - ok
14:23:16.0323 1472  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
14:23:16.0323 1472  Serial - ok
14:23:16.0338 1472  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:23:16.0338 1472  sermouse - ok
14:23:16.0385 1472  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:23:16.0385 1472  SessionEnv - ok
14:23:16.0432 1472  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
14:23:16.0432 1472  sffdisk - ok
14:23:16.0463 1472  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:23:16.0463 1472  sffp_mmc - ok
14:23:16.0479 1472  [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
14:23:16.0479 1472  sffp_sd - ok
14:23:16.0479 1472  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:23:16.0479 1472  sfloppy - ok
14:23:16.0510 1472  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:23:16.0510 1472  SharedAccess - ok
14:23:16.0541 1472  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:23:16.0557 1472  ShellHWDetection - ok
14:23:16.0572 1472  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
14:23:16.0572 1472  sisagp - ok
14:23:16.0588 1472  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
14:23:16.0588 1472  SiSRaid2 - ok
14:23:16.0603 1472  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:23:16.0603 1472  SiSRaid4 - ok
14:23:16.0713 1472  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
14:23:16.0744 1472  slsvc - ok
14:23:16.0791 1472  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
14:23:16.0791 1472  SLUINotify - ok
14:23:16.0822 1472  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:23:16.0822 1472  Smb - ok
14:23:16.0900 1472  [ 63B3B77BDB67EE674771C0E6FB96DA9E ] smserial        C:\Windows\system32\DRIVERS\smserial.sys
14:23:16.0900 1472  smserial - ok
14:23:16.0931 1472  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:23:16.0931 1472  SNMPTRAP - ok
14:23:16.0962 1472  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
14:23:16.0962 1472  spldr - ok
14:23:16.0993 1472  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
14:23:17.0009 1472  Spooler - ok
14:23:17.0040 1472  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:23:17.0040 1472  srv - ok
14:23:17.0071 1472  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:23:17.0071 1472  srv2 - ok
14:23:17.0087 1472  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:23:17.0087 1472  srvnet - ok
14:23:17.0103 1472  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:23:17.0103 1472  SSDPSRV - ok
14:23:17.0149 1472  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:23:17.0149 1472  SstpSvc - ok
14:23:17.0181 1472  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
14:23:17.0181 1472  stisvc - ok
14:23:17.0212 1472  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
14:23:17.0212 1472  swenum - ok
14:23:17.0259 1472  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
14:23:17.0259 1472  swprv - ok
14:23:17.0321 1472  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
14:23:17.0321 1472  Symc8xx - ok
14:23:17.0337 1472  SymIM - ok
14:23:17.0337 1472  SymIMMP - ok
14:23:17.0352 1472  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
14:23:17.0352 1472  Sym_hi - ok
14:23:17.0368 1472  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
14:23:17.0368 1472  Sym_u3 - ok
14:23:17.0415 1472  [ 3D6316279C3540AA268BF025F4621EF3 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
14:23:17.0415 1472  SynTP - ok
14:23:17.0446 1472  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
14:23:17.0461 1472  SysMain - ok
14:23:17.0493 1472  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:23:17.0493 1472  TabletInputService - ok
14:23:17.0524 1472  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:23:17.0524 1472  TapiSrv - ok
14:23:17.0571 1472  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
14:23:17.0571 1472  TBS - ok
14:23:17.0633 1472  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:23:17.0649 1472  Tcpip - ok
14:23:17.0664 1472  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
14:23:17.0664 1472  Tcpip6 - ok
14:23:17.0695 1472  [ DCFEB82CA988598CEB8F83148616038E ] tcpipBM         C:\Windows\system32\drivers\tcpipBM.sys
14:23:17.0695 1472  tcpipBM - ok
14:23:17.0727 1472  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:23:17.0727 1472  tcpipreg - ok
14:23:17.0758 1472  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:23:17.0758 1472  TDPIPE - ok
14:23:17.0805 1472  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:23:17.0805 1472  TDTCP - ok
14:23:17.0836 1472  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:23:17.0836 1472  tdx - ok
14:23:17.0867 1472  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
14:23:17.0867 1472  TermDD - ok
14:23:17.0914 1472  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
14:23:17.0914 1472  TermService - ok
14:23:17.0929 1472  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
14:23:17.0945 1472  Themes - ok
14:23:17.0961 1472  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
14:23:17.0961 1472  THREADORDER - ok
14:23:18.0007 1472  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
14:23:18.0007 1472  TrkWks - ok
14:23:18.0070 1472  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:23:18.0070 1472  TrustedInstaller - ok
14:23:18.0101 1472  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:23:18.0101 1472  tssecsrv - ok
14:23:18.0132 1472  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
14:23:18.0132 1472  tunmp - ok
14:23:18.0148 1472  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:23:18.0148 1472  tunnel - ok
14:23:18.0179 1472  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:23:18.0179 1472  uagp35 - ok
14:23:18.0195 1472  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:23:18.0195 1472  udfs - ok
14:23:18.0241 1472  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:23:18.0257 1472  UI0Detect - ok
14:23:18.0273 1472  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:23:18.0273 1472  uliagpkx - ok
14:23:18.0304 1472  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
14:23:18.0304 1472  uliahci - ok
14:23:18.0335 1472  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
14:23:18.0335 1472  UlSata - ok
14:23:18.0351 1472  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
14:23:18.0366 1472  ulsata2 - ok
14:23:18.0397 1472  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:23:18.0397 1472  umbus - ok
14:23:18.0444 1472  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
14:23:18.0444 1472  upnphost - ok
14:23:18.0491 1472  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:23:18.0491 1472  usbccgp - ok
14:23:18.0522 1472  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:23:18.0522 1472  usbcir - ok
14:23:18.0585 1472  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:23:18.0585 1472  usbehci - ok
14:23:18.0616 1472  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:23:18.0616 1472  usbhub - ok
14:23:18.0631 1472  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:23:18.0631 1472  usbohci - ok
14:23:18.0678 1472  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:23:18.0678 1472  usbprint - ok
14:23:18.0725 1472  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
14:23:18.0725 1472  usbscan - ok
14:23:18.0756 1472  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:23:18.0756 1472  USBSTOR - ok
14:23:18.0803 1472  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
14:23:18.0803 1472  usbuhci - ok
14:23:18.0834 1472  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
14:23:18.0834 1472  usbvideo - ok
14:23:18.0865 1472  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
14:23:18.0865 1472  UxSms - ok
14:23:18.0912 1472  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
14:23:18.0912 1472  vds - ok
14:23:18.0959 1472  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:23:18.0959 1472  vga - ok
14:23:18.0990 1472  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:23:18.0990 1472  VgaSave - ok
14:23:19.0021 1472  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
14:23:19.0021 1472  viaagp - ok
14:23:19.0037 1472  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
14:23:19.0037 1472  ViaC7 - ok
14:23:19.0084 1472  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
14:23:19.0084 1472  viaide - ok
14:23:19.0115 1472  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:23:19.0115 1472  volmgr - ok
14:23:19.0146 1472  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:23:19.0146 1472  volmgrx - ok
14:23:19.0193 1472  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:23:19.0209 1472  volsnap - ok
14:23:19.0240 1472  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:23:19.0240 1472  vsmraid - ok
14:23:19.0287 1472  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
14:23:19.0302 1472  VSS - ok
14:23:19.0333 1472  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
14:23:19.0333 1472  W32Time - ok
14:23:19.0365 1472  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:23:19.0365 1472  WacomPen - ok
14:23:19.0396 1472  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
14:23:19.0396 1472  Wanarp - ok
14:23:19.0411 1472  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:23:19.0411 1472  Wanarpv6 - ok
14:23:19.0443 1472  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:23:19.0443 1472  wcncsvc - ok
14:23:19.0474 1472  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:23:19.0474 1472  WcsPlugInService - ok
14:23:19.0489 1472  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
14:23:19.0489 1472  Wd - ok
14:23:19.0536 1472  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:23:19.0536 1472  Wdf01000 - ok
14:23:19.0583 1472  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:23:19.0583 1472  WdiServiceHost - ok
14:23:19.0583 1472  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:23:19.0599 1472  WdiSystemHost - ok
14:23:19.0630 1472  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
14:23:19.0645 1472  WebClient - ok
14:23:19.0677 1472  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:23:19.0677 1472  Wecsvc - ok
14:23:19.0708 1472  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:23:19.0708 1472  wercplsupport - ok
14:23:19.0755 1472  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:23:19.0755 1472  WerSvc - ok
14:23:19.0801 1472  [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf        C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
14:23:19.0817 1472  winachsf - ok
14:23:19.0817 1472  WinHttpAutoProxySvc - ok
14:23:19.0879 1472  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:23:19.0879 1472  Winmgmt - ok
14:23:19.0942 1472  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
14:23:19.0957 1472  WinRM - ok
14:23:20.0004 1472  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:23:20.0004 1472  Wlansvc - ok
14:23:20.0113 1472  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:23:20.0113 1472  wlidsvc - ok
14:23:20.0160 1472  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
14:23:20.0160 1472  WmiAcpi - ok
14:23:20.0207 1472  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:23:20.0207 1472  wmiApSrv - ok
14:23:20.0285 1472  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
14:23:20.0301 1472  WMPNetworkSvc - ok
14:23:20.0347 1472  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:23:20.0347 1472  WPCSvc - ok
14:23:20.0363 1472  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:23:20.0363 1472  WPDBusEnum - ok
14:23:20.0410 1472  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
14:23:20.0410 1472  WpdUsb - ok
14:23:20.0503 1472  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:23:20.0503 1472  WPFFontCache_v0400 - ok
14:23:20.0535 1472  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:23:20.0535 1472  ws2ifsl - ok
14:23:20.0581 1472  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
14:23:20.0581 1472  wscsvc - ok
14:23:20.0581 1472  WSearch - ok
14:23:20.0659 1472  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
14:23:20.0675 1472  wuauserv - ok
14:23:20.0753 1472  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:23:20.0753 1472  WUDFRd - ok
14:23:20.0784 1472  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:23:20.0800 1472  wudfsvc - ok
14:23:20.0815 1472  [ 8903C6979EA677A9AF3D36E0D3709203 ] {22D78859-9CE9-4B77-BF18-AC83E81A9263} C:\Program Files\HP\QuickPlay\000.fcl
14:23:20.0815 1472  {22D78859-9CE9-4B77-BF18-AC83E81A9263} - ok
14:23:20.0815 1472  ================ Scan global ===============================
14:23:20.0862 1472  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
14:23:20.0893 1472  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:23:20.0909 1472  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:23:20.0956 1472  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
14:23:20.0956 1472  [Global] - ok
14:23:20.0956 1472  ================ Scan MBR ==================================
14:23:20.0971 1472  [ 1A1A06F62E891045814007163C1C76C3 ] \Device\Harddisk0\DR0
14:23:21.0237 1472  \Device\Harddisk0\DR0 - ok
14:23:21.0237 1472  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
14:23:21.0252 1472  \Device\Harddisk1\DR1 - ok
14:23:21.0252 1472  ================ Scan VBR ==================================
14:23:21.0252 1472  [ BE23F2E2EC21D415BC891F7B9CC9E943 ] \Device\Harddisk0\DR0\Partition1
14:23:21.0252 1472  \Device\Harddisk0\DR0\Partition1 - ok
14:23:21.0252 1472  [ 4EC942026C93E04D32C5A6AF10B8BFAB ] \Device\Harddisk0\DR0\Partition2
14:23:21.0252 1472  \Device\Harddisk0\DR0\Partition2 - ok
14:23:21.0268 1472  [ F74C189D852247F8E5590213191FB476 ] \Device\Harddisk1\DR1\Partition1
14:23:21.0268 1472  \Device\Harddisk1\DR1\Partition1 - ok
14:23:21.0268 1472  ============================================================
14:23:21.0268 1472  Scan finished
14:23:21.0268 1472  ============================================================
14:23:21.0268 3796  Detected object count: 0
14:23:21.0268 3796  Actual detected object count: 0

Psychotic · 24.10.2012, 14:46

Scan mit adwCleaner

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Tommy25 · 24.10.2012, 14:56

Code:

ATTFilter

 AdwCleaner v2.005 - Datei am 24/10/2012 um 15:54:56 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : User - THOMAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\User\Desktop\322_adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files\Mozilla Firefox\Extensions\search@searchsettings.com

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

*************************

AdwCleaner[R5].txt - [827 octets] - [24/10/2012 15:54:56]

########## EOF - C:\AdwCleaner[R5].txt - [886 octets] ##########

24.10.2012, 10:37	#8
Psychotic /// Malwareteam	Kann mal jemand drüber schauen: ad.adserver - log file von hjthis Prima! Fehlt nur noch das Gmer-log! __________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

24.10.2012, 10:46	#10
Psychotic /// Malwareteam	Kann mal jemand drüber schauen: ad.adserver - log file von hjthis Zippe das log und hänge es als Anhang an! Diese Option findest du unterhalb des Antwortfensters! __________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Kann mal jemand drüber schauen: ad.adserver - log file von hjthis

Plagegeister aller Art und deren Bekämpfung: Kann mal jemand drüber schauen: ad.adserver - log file von hjthis