Trojaner-Board - Attention Required; Google, Youtube und viele andere Websiten sind gesperrt

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Attention Required; Google, Youtube und viele andere Websiten sind gesperrt (https://www.trojaner-board.de/132979-attention-required-google-youtube-viele-andere-websiten-gesperrt.html)

Attention Required; Google, Youtube und viele andere Websiten sind gesperrt

Wenn ich Google, Youtube oder was anderes besuchen will, kommt diese Meldung:
http://www.bilder-upload.eu/thumb/317596-1364643681.jpg
Wenn ich dann auf den Knopf (siehe Bild) drücke, kommen diese Surveys. Das einzige, was iich schnell sehen konnte, war dass auf dieser Leiste, wo steht warten auf www.google.de steht auch warten auf www.fileice.net stand. Könntet ihr mir bitte helfen?

Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Hat dein Virenscanner jemals angeschlagen? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

http://www.trojaner-board.de/picture...&pictureid=307

Ich habe schon mal viel früher den Virenscanner angemacht und habe das hier gelöscht:

Code:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.06.03.05
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Jonas :: JONAS-PC [Administrator]
 

03.06.2012 18:45:14

mbam-log-2012-06-03 (18-45-14).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 191807

Laufzeit: 1 Stunde(n), 28 Minute(n), 38 Sekunde(n) [Abgebrochen]
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 1

C:\Users\Jonas\AppData\Local\Temp\cs8v0k.exe (Trojan.Winlock.AI) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Ich weiß nicht, ob das weiterhilft, aber würde dringend Hilfe gebrauchen.

Dass hier jeder dringend Hilfe haben will ist mir klar. :pfeiff:
Ist das alles an Funden oder gibt es noch weitere?

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

OTL.txt:

Code:

OTL logfile created on: 08.04.2013 19:12:46 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jonas\Downloads

 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16438)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1014,21 Mb Total Physical Memory | 449,75 Mb Available Physical Memory | 44,34% Memory free

1,99 Gb Paging File | 1,16 Gb Available in Paging File | 58,10% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 201,78 Gb Total Space | 129,47 Gb Free Space | 64,16% Space Free | Partition Type: NTFS

Drive D: | 30,00 Gb Total Space | 20,69 Gb Free Space | 68,95% Space Free | Partition Type: NTFS

 

Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Jonas\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Programme\FileOpen\Services\FileOpenManagerService32.exe (FileOpen Systems Inc.)

PRC - C:\Programme\FileOpen\Services\FileOpenBroker32.exe (FileOpen Systems Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Programme\Pegatron\Hotkey\PHControl.exe (Pegatron)

PRC - C:\Programme\FSP\FspUip.exe (Sentelic Corporation)

PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)

PRC - C:\Programme\Pegatron\Hotkey\FastUserSwitching.exe ()

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)

PRC - c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)

PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

PRC - C:\Programme\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe ()

 

 
 ========== Modules (No Company Name) ==========

 

MOD - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()

MOD - C:\Programme\WinRAR\RarExt.dll ()

MOD - C:\Programme\Notepad++\NppShell_04.dll ()

MOD - C:\Programme\Pegatron\Hotkey\WLANV.dll ()

MOD - C:\Programme\Pegatron\Hotkey\TPS.dll ()

MOD - C:\Programme\FSP\KbdHook.dll ()

MOD - C:\Programme\FSP\FspLib.dll ()

MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()

MOD - C:\Programme\Pegatron\Hotkey\TPF.dll ()

MOD - C:\Programme\Pegatron\Hotkey\HKBD.dll ()

MOD - C:\Programme\Pegatron\Hotkey\PEGAACPIDLL32.dll ()

MOD - C:\Programme\Pegatron\Hotkey\LCSwit.dll ()

MOD - C:\Programme\Pegatron\Hotkey\FastUserSwitching.exe ()

MOD - C:\Programme\Pegatron\Hotkey\FspLib.dll ()

MOD - C:\Programme\PSPad editor\PSPadShell.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (WebOptimizer) -- C:\Windows\system32\dmwu.exe File not found

SRV - (BrowserProtect) -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()

SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

SRV - (FileOpenManagerService) -- C:\Programme\FileOpen\Services\FileOpenManagerService32.exe (FileOpen Systems Inc.)

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()

SRV - (pc essentials) -- C:\Programme\pc essentials\updater.exe ()

SRV - (BsUpdate) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (BullGuard Ltd.)

SRV - (BsMain) -- C:\Programme\BullGuard Ltd\BullGuard\BsMain.dll (BullGuard Ltd.)

SRV - (BsBrowser) -- C:\Programme\BullGuard Ltd\BullGuard\BsBrowser.dll (BullGuard Ltd.)

SRV - (BgRaSvc) -- C:\Programme\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe (BullGuard Ltd.)

SRV - (BsFire) -- C:\Programme\BullGuard Ltd\BullGuard\BsFire.dll (BullGuard Ltd.)

SRV - (BsScanner) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardScanner.exe (BullGuard Ltd.)

SRV - (BsBhvScan) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe (BullGuard Ltd.)

SRV - (BsMailProxy) -- C:\Programme\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll (BullGuard Ltd.)

SRV - (BsFileScan) -- C:\Programme\BullGuard Ltd\BullGuard\BsFileScan.dll (BullGuard Ltd.)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)

SRV - (MSSQLServerADHelper100) -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (MSSQL$SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)

SRV - (SQLBrowser) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)

SRV - (SQLAgent$SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)

SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)

SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

SRV - (AdobeActiveFileMonitor) -- C:\Programme\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe ()

SRV - (PhotoshopElementsDeviceConnect) -- C:\Programme\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe ()

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (afwcore) -- C:\Windows\System32\drivers\AfwCore.sys (Agnitum Ltd.)

DRV - (AFW) -- C:\Windows\System32\drivers\Afw.sys (Agnitum Ltd.)

DRV - (NovaShieldFilterDriver) -- C:\Windows\System32\drivers\NSKernel.sys (NovaShield, Inc.)

DRV - (NovaShieldTDIDriver) -- C:\Windows\System32\drivers\NSNetmon.sys (NovaShield, Inc.)

DRV - (BdSpy) -- C:\Windows\System32\drivers\BdSpy.sys (BullGuard Ltd.)

DRV - (Trufos) -- C:\Windows\System32\drivers\Trufos.sys (BitDefender S.R.L.)

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)

DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)

DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )

DRV - (fspad_wlh32) -- C:\Windows\System32\drivers\fspad_wlh32.sys (Sentelic Corporation)

DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)

DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)

DRV - (ACPIService) -- C:\Windows\System32\drivers\ATKACPI.SYS ()

DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)

DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=120133&babsrc=HP_ss&mntrId=883b5e6d0000000000001c4bd6e4a32e

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=120133&babsrc=HP_ss&mntrId=883b5e6d0000000000001c4bd6e4a32e

IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=120133&babsrc=SP_ss&mntrId=883b5e6d0000000000001c4bd6e4a32e

IE - HKCU\..\SearchScopes\{5F3A1B1D-B5C5-4577-9736-AD27A377C04E}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFB_deDE475

IE - HKCU\..\SearchScopes\{7A98FD23-0238-482A-8127-644B44A7B465}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}

IE - HKCU\..\SearchScopes\{ACBB78F7-FB64-4836-9A68-C5EED485C4FA}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}

IE - HKCU\..\SearchScopes\{CF405816-FE96-4902-B4B3-0FAE591E3034}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox

IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6R8vftSog1&i=26

IE - HKCU\..\SearchScopes\{E285E30D-1BA8-44F3-8BBC-FF78B6B07AA3}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"

FF - prefs.js..browser.search.selectedEngine: "Claro Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.claro-search.com/?affID=120133&babsrc=HP_ss&mntrId=883b5e6d0000000000001c4bd6e4a32e"

FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.2.1

FF - prefs.js..extensions.enabledAddons: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.7.5

FF - prefs.js..extensions.enabledAddons: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.6.7

FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10

FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35

FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.2.0

FF - prefs.js..extensions.enabledAddons: crossriderapp21058@crossrider.com:0.87.11

FF - prefs.js..extensions.enabledAddons: pricepeep@getpricepeep.com:2.1.0.22

FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6R8vftSog1&&i=26&search="

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - prefs.js..network.proxy.type: 0

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Users\Jonas\AppData\Local\mpDRM\Binaries\NPMPDRM.dll ( )

FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Jonas\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jonas\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jonas\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard\ [2012.03.17 14:05:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.09.03 13:34:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\pagealicious@pagealicious.com: C:\Program Files\Pagealicious\Pagealicious.xpi [2013.02.18 17:36:14 | 000,036,694 | ---- | M] ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.30 14:43:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.02.18 17:33:51 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin [2012.03.01 18:20:20 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\Spamfilter\TbSpamfilter [2012.03.17 14:05:22 | 000,000,000 | ---D | M]

 

[2011.07.22 19:17:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Extensions

[2013.02.18 17:35:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2ayl000g.default\extensions

[2012.10.18 10:19:43 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2ayl000g.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}

[2012.11.04 11:34:46 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2ayl000g.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012.09.01 11:54:10 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2ayl000g.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}

[2013.02.18 17:34:34 | 000,000,000 | ---D | M] ("Savings Explorer") -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2ayl000g.default\extensions\crossriderapp21058@crossrider.com

[2012.02.03 18:26:13 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2ayl000g.default\extensions\ffxtlbr@babylon.com

[2013.02.18 17:33:31 | 000,000,000 | ---D | M] (Claro Toolbar) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2ayl000g.default\extensions\ffxtlbr@claro.com

[2013.02.18 17:35:30 | 000,000,000 | ---D | M] (Pagealicious) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2ayl000g.default\extensions\Pagealicious

[2013.02.18 17:34:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2ayl000g.default\extensions\crossriderapp21058@crossrider.com\chrome\content\extensionCode

[2013.02.04 22:35:36 | 000,053,941 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2ayl000g.default\extensions\pricepeep@getpricepeep.com.xpi

[2012.08.30 14:43:39 | 000,526,409 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2ayl000g.default\extensions\toolbar@web.de.xpi

[2012.08.28 14:36:14 | 000,318,530 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2ayl000g.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi

[2012.08.30 14:45:36 | 000,000,853 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2ayl000g.default\searchplugins\11-suche.xml

[2013.02.18 17:33:36 | 000,001,300 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2ayl000g.default\searchplugins\claro.xml

[2012.08.30 14:45:36 | 000,002,209 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2ayl000g.default\searchplugins\englische-ergebnisse.xml

[2012.08.30 14:45:36 | 000,010,506 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2ayl000g.default\searchplugins\gmx-suche.xml

[2012.08.30 14:45:36 | 000,002,368 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2ayl000g.default\searchplugins\lastminute.xml

[2012.06.07 08:09:26 | 000,002,203 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2ayl000g.default\searchplugins\MyStart Search.xml

[2012.08.30 14:45:35 | 000,005,489 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2ayl000g.default\searchplugins\webde-suche.xml

[2012.10.25 15:51:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.10.25 15:51:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2012.10.25 15:51:27 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2012.08.25 04:00:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2013.02.18 17:33:16 | 000,006,484 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

[2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Claro Search (Enabled)

CHR - default_search_provider: search_url = hxxp://www.claro-search.com/?q={searchTerms}&affID=120133&babsrc=SP_ss&mntrId=883b5e6d0000000000001c4bd6e4a32e

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: hxxp://www.claro-search.com/?affID=120133&babsrc=HP_ss&mntrId=883b5e6d0000000000001c4bd6e4a32e

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jonas\AppData\Local\Google\Chrome\Application\26.0.1410.43\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll

CHR - plugin: Java(TM) Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Jonas\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jonas\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Jonas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Angry Birds = C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\

CHR - Extension: GeoGebra = C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee\4.2.0.0_0\

CHR - Extension: CT Sobrio = C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cogcpnmcioajbgpnmaeibpnjbepkbhec\1_0\

CHR - Extension: Angry Birds Space Unlocked = C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdcmhjnadmfnaiaaeloheclgidakomnn\2.3.1_0\

CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\

 

O1 HOSTS File: ([2013.02.20 17:08:58 | 000,010,201 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 198.167.139.182 google.com

O1 - Hosts: 198.167.139.182 www.google.ae

O1 - Hosts: 198.167.139.182 www.google.com.af

O1 - Hosts: 198.167.139.182 www.google.com.ag

O1 - Hosts: 198.167.139.182 www.google.off.ai

O1 - Hosts: 198.167.139.182 www.google.am

O1 - Hosts: 198.167.139.182 www.google.com.ar

O1 - Hosts: 198.167.139.182 www.google.as

O1 - Hosts: 198.167.139.182 www.google.at

O1 - Hosts: 198.167.139.182 www.google.com.au

O1 - Hosts: 198.167.139.182 www.google.az

O1 - Hosts: 198.167.139.182 www.google.ba

O1 - Hosts: 198.167.139.182 www.google.com.bd

O1 - Hosts: 198.167.139.182 www.google.be

O1 - Hosts: 198.167.139.182 www.google.bg

O1 - Hosts: 198.167.139.182 www.google.com.bh

O1 - Hosts: 198.167.139.182 www.google.bi

O1 - Hosts: 198.167.139.182 www.google.com.bo

O1 - Hosts: 198.167.139.182 www.google.com.br

O1 - Hosts: 198.167.139.182 www.google.bs

O1 - Hosts: 198.167.139.182 www.google.co.bw

O1 - Hosts: 198.167.139.182 www.google.com.bz

O1 - Hosts: 198.167.139.182 www.google.ca

O1 - Hosts: 198.167.139.182 www.google.cd

O1 - Hosts: 198.167.139.182 www.google.cg

O1 - Hosts: 313 more lines...

O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Programme\Claro LTD\claro\1.8.8.5\bh\claro.dll (Montera Technologeis LTD)

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (Babylon BHO)

O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Pagealicious) - {60C07B56-542E-4054-A503-4E9E08DF2F84} - C:\Programme\Pagealicious\Pagealicious.dll (TODO: <Company name>)

O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (BGAntiphishingBHO Class) - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Programme\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.)

O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Programme\PricePeep\pricepeep.dll (PricePeep)

O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll (Babylon Ltd.)

O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Programme\Claro LTD\claro\1.8.8.5\claroTlbr.dll (Montera Technologeis LTD)

O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O4 - HKLM..\Run: [FileOpenBroker] C:\Programme\FileOpen\Services\FileOpenBroker32.exe (FileOpen Systems Inc.)

O4 - HKLM..\Run: [fspuip] c:\Program Files\FSP\fspuip.exe (Sentelic Corporation)

O4 - HKLM..\Run: [Hotkey] C:\Programme\Pegatron\Hotkey\FastUserSwitching.exe ()

O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - Startup: C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkg_0ll.exe.lnk =  File not found

O4 - Startup: C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WKCALREM.LNK =  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found

O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Programme\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)

O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)

O13 - gopher Prefix: missing

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/armhelper.ocx (ArmHelper Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24BC267C-80AB-44F3-96CC-B5B660E05A41}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D372648-D01A-4949-8ABB-5FF287D19DB7}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()

O20 - AppInit_DLLs: (BgGamingMonitor.dll) - C:\Windows\System32\BgGamingMonitor.dll (BullGuard Ltd.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.03.23 08:09:29 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\Programs

[2013.03.20 18:52:00 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\magical8bitPlug_for_win

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.04.08 19:44:09 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3102065283-3266553345-849421369-1000UA.job

[2013.04.08 19:39:49 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat

[2013.04.08 19:24:04 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3102065283-3266553345-849421369-1000Core.job

[2013.04.07 09:04:22 | 000,002,330 | ---- | M] () -- C:\Users\Jonas\Desktop\Google Chrome.lnk

[2013.03.31 21:06:06 | 000,010,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.03.31 21:06:06 | 000,010,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.03.30 14:14:05 | 000,001,015 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2013.03.30 14:13:25 | 000,000,983 | ---- | M] () -- C:\Users\Jonas\Desktop\Dropbox.lnk

[2013.03.30 14:10:05 | 000,000,004 | ---- | M] () -- C:\ProgramData\WBLD.INI

[2013.03.30 14:09:17 | 797,605,888 | -HS- | M] () -- C:\hiberfil.sys

[2013.03.30 13:39:55 | 000,274,431 | ---- | M] () -- C:\Users\Jonas\Desktop\Virus.jpg

[2013.03.23 08:09:52 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.03.30 13:39:55 | 000,274,431 | ---- | C] () -- C:\Users\Jonas\Desktop\Virus.jpg

[2013.03.23 08:09:52 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013.01.05 19:19:52 | 000,001,451 | ---- | C] () -- C:\Users\Jonas\AppData\Local\recently-used.xbel

[2012.11.19 09:33:32 | 000,065,656 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll

[2012.11.19 09:33:30 | 000,022,640 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll

[2012.06.07 08:14:54 | 000,001,206 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\CamStudio.Producer.ini

[2012.06.07 08:14:54 | 000,000,000 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\CamStudio.Producer.Data.ini

[2012.06.07 08:14:00 | 000,004,416 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\CamStudio.cfg

[2012.06.07 08:14:00 | 000,000,408 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\CamShapes.ini

[2012.06.07 08:14:00 | 000,000,408 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\CamLayout.ini

[2012.06.07 08:14:00 | 000,000,096 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\Camdata.ini

[2011.09.11 18:40:05 | 000,000,180 | ---- | C] () -- C:\Windows\_delis43.ini

[2011.09.11 18:01:53 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe

[2011.07.25 14:19:31 | 000,000,680 | RHS- | C] () -- C:\Users\Jonas\ntuser.pol

[2011.07.11 19:12:31 | 000,018,944 | ---- | C] () -- C:\Windows\eraser.exe

[2011.07.09 14:12:58 | 000,000,075 | ---- | C] () -- C:\Windows\TassWin.INI

[2011.07.09 13:55:21 | 000,149,504 | R--- | C] () -- C:\Windows\System32\CETNUASM.DLL

[2011.01.18 17:54:52 | 000,005,120 | ---- | C] () -- C:\Users\Jonas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.07.26 18:53:26 | 000,001,092 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\wklnhst.dat

[2009.12.18 13:08:32 | 000,000,004 | ---- | C] () -- C:\ProgramData\WBLD.INI

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:7D6EC5BE

@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:B1FBBD09
 

< End of report >

Extras.txt:

Code:

OTL Extras logfile created on: 08.04.2013 19:12:46 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jonas\Downloads

 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16438)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1014,21 Mb Total Physical Memory | 449,75 Mb Available Physical Memory | 44,34% Memory free

1,99 Gb Paging File | 1,16 Gb Available in Paging File | 58,10% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 201,78 Gb Total Space | 129,47 Gb Free Space | 64,16% Space Free | Partition Type: NTFS

Drive D: | 30,00 Gb Total Space | 20,69 Gb Free Space | 68,95% Space Free | Partition Type: NTFS

 

Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0F4FF172-B855-4E96-9CD9-1F0D3AD19E4B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 

"{C465D422-A97A-441B-A4FB-75CD505ADA5E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{D29967A3-00B0-492A-B942-4419287820B9}" = lport=2869 | protocol=6 | dir=in | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{000E0A1A-B8B5-44B3-8370-6DA8563226B4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{2AF8EA48-7105-4B5E-BAF7-00546BBBE436}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{325909D8-5C33-4F7D-8D01-569DB4A6F565}" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 

"{34247A01-3C06-4CEF-B8F4-DBC0539CB96F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{35F2F544-C2ED-436A-BA20-56C6C566DB30}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{3C98DE40-5D53-4DC7-940D-421DDA0A99CA}" = protocol=6 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe | 

"{3DE11477-FD36-4F37-A419-7FD353EE6CDC}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe | 

"{51394D7C-1251-46E6-A195-F492F54BAD6E}" = protocol=17 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe | 

"{647EE00C-681D-43AD-BA48-BC63DFCBCD23}" = protocol=17 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe | 

"{68560169-E59F-4608-9901-837017DD3C34}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 

"{790A5BE2-9B43-4AE7-988B-0AD0A7B7FB6E}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 

"{7B255AA4-32E5-4B3C-B55F-7C2256994904}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 

"{7D472E7F-807B-4629-AEA2-99FF174F72AD}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 

"{82ED29F6-1415-4A41-8278-6CA2ED3B63CB}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 

"{836B6F3B-7D2B-45BF-9855-4A9169A6A39F}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 

"{90DCCFFF-1D8A-4C43-B7D7-84FEDEEBFB61}" = dir=in | app=c:\program files\itunes\itunes.exe | 

"{A6CC47F8-90B9-4E00-8898-AC87850956FD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{B9562208-6BE0-435D-A775-7A0D65295D80}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 

"{C20150C8-2923-4D8E-9F39-0783E23416BC}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 

"{C2E587F4-1302-402C-83E0-A7AD6B48B54E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 

"{D9EBD722-95DD-4A9C-A9AB-3FD5C2A6B9CF}" = protocol=6 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe | 

"{F7BA547E-191A-44BF-A11B-46481F0631BB}" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 

"{FD2A3CCE-7718-45F3-8E68-1CD978D33D62}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"TCP Query User{043CAA8A-9943-4E6A-BB1B-86FD229FB4CC}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 

"TCP Query User{3B935FFA-E24C-41AB-8966-0837186FD051}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 

"TCP Query User{434A8A98-C86A-4763-9B3B-E4116DF0E1F8}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"TCP Query User{4A094AA9-F125-4EF8-A1B7-9BEFE46FA554}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 

"TCP Query User{8715BB9D-133E-4476-A255-57FCCBC087F1}C:\xampp\filezillaftp\filezilla server.exe" = protocol=6 | dir=in | app=c:\xampp\filezillaftp\filezilla server.exe | 

"TCP Query User{9701844B-8AA0-44B7-AC5F-5E02113B1642}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 

"TCP Query User{A8E13F43-1D69-4FA8-9169-7786D2F511D8}C:\udk\udk-2009-11-2\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\udk-2009-11-2\binaries\win32\udk.exe | 

"TCP Query User{AE671140-BD8B-4998-8E6A-6B38A4472BB7}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 

"TCP Query User{D82F4D2B-34E4-4EF8-967B-AD5CDB635C1E}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 

"TCP Query User{DDB883BC-FB40-436F-91DE-29F20A7A0047}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 

"UDP Query User{1B35C50C-DDDD-47C4-B81D-FA79DA08BCFB}C:\udk\udk-2009-11-2\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\udk-2009-11-2\binaries\win32\udk.exe | 

"UDP Query User{55CAFEEF-B74C-491C-8AF9-863B8B469CE1}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 

"UDP Query User{874DDC5E-7656-4789-A4C6-42374E05F4B0}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 

"UDP Query User{8C55A407-0EFA-4313-96E8-15666C2FF9B0}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 

"UDP Query User{A63772CD-CB37-4D86-BF77-B446D2942DE7}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 

"UDP Query User{CFEC05A1-0826-4750-BC9B-BBB1101499F3}C:\xampp\filezillaftp\filezilla server.exe" = protocol=17 | dir=in | app=c:\xampp\filezillaftp\filezilla server.exe | 

"UDP Query User{DBF7A7E0-025F-48D9-9BF2-0C710A90C78B}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 

"UDP Query User{E5A8469D-46C9-44C1-8847-F79AEFC02815}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 

"UDP Query User{EC38BEA6-A6B0-41A1-B582-5429F5588A3A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"UDP Query User{EFD9EDC8-3321-409A-B80B-607058340908}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4

"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension

"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32

"{069B290F-5398-4629-A009-85B4BCB4B1B9}" = Claro Chrome Toolbar

"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu

"{0E5FDD1D-DCE8-4F9D-9BFD-4E4CF89811E2}" = iCloud

"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE

"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes

"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi

"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent

"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319

"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content

"{1C2B3CEA-482E-4453-B3E2-C9731337828A}" = Microsoft SQL Server 2008 Native Client

"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{21B64483-4848-11DB-AB11-000374890932}" = Homepage Maker 5

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}" = TubeBox!

"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11

"{2864C41B-EF2D-4640-95A2-526276524519}" = Borland C++Builder 6

"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver

"{31D47283-7B4C-46C1-BC62-99CFD66CDD66}" = MAGIX Speed burnR (MSI)

"{32A3A4F4-B792-11D6-A78A-00B0D0160350}" = Java(TM) SE Development Kit 6 Update 35

"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.478

"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver

"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN

"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition

"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT

"{3791BEF3-C86F-448F-B48A-A83F1B2B1886}" = MAGIX Screenshare

"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared

"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files

"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL

"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II

"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types

"{5A627DFB-EA4C-4FFA-B711-69E849FB40D8}" = Hotkey

"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services

"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{69B77D45-F5AD-4AB9-933D-352703324469}_is1" = RAR Password Unlocker

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7223945A-F037-4AE1-92F9-BA8304F0E21A}" = TubeBox!

"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint

"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1

"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync

"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.8.0

"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries

"{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage

"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4

"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9AA2D735-3375-42D4-9A61-3FFEF82599D6}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver

"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software

"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema

"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR

"{AC184566-C420-4995-934B-97BE1A7DEC06}" = FileOpen Client

"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch

"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services

"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw

"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR

"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{C53F001E-5912-4E76-AC49-9AC20B36B1A2}" = MSM2MSI_gstudio

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES

"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack

"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86

"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU

"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension

"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer

"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support

"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga

"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Evaluation

"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E3E30FF7-5EAE-4E0E-B394-78214222D60C}" = Windows Internet Explorer Platform Preview

"{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = Finger Sensing Pad Driver

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters

"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared

"{F369DA4F-7993-4E8D-ADBD-60D82FCF93EC}" = MAGIX Music Maker 17

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files

"{FFBE334E-06EF-44B5-8CF7-129F7F9526A2}" = Mindjet MindManager Lite 7

"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung

"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer

"755087041320E005CB1E8A67C5C55A260EB81B90" = Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407)

"97CEB8209F0BC014131F0864966F5B9C9345570E" = Windows Driver Package - Broadcom Bluetooth  (05/27/2009 6.1.7100.0)

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"ALDI Foto Service D" = ALDI Foto Service

"ALDI Nord Foto Manager Free D" = ALDI Nord Foto Manager Free

"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice

"ALDI Nord Online Druck Service D" = ALDI Nord Online Druck Service

"Alfons Lernwelt" = Alfons Lernwelt

"BabylonToolbar" = Babylon toolbar on IE

"Bandicam" = Bandicam

"BandiMPEG1" = Bandisoft MPEG-1 Decoder

"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)

"Blender" = Blender

"Borland JBuilder 2.0" = Borland JBuilder 2.0

"BullGuard" = BullGuard

"capella_1200 5.2" = capella 1200 Version 5.2

"capella2002-v4.0" = capella 1200, Version 4.0

"CCleaner" = CCleaner

"claro" = Claro toolbar  

"FileZilla Client" = FileZilla Client 3.2.7.1

"Fraps" = Fraps (remove only)

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031

"Gamestudio A8" = Gamestudio A8

"Genesis3D11Key" = Genesis3D11

"GIMP-2_is1" = GIMP 2.8.0

"Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy)

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"incredibar" = Incredibar Toolbar  on IE and Chrome

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II

"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint

"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga

"InterActual Player" = InterActual Player

"LeechFTP" = LeechFTP AL PLAYE

"LogMeIn Hamachi" = LogMeIn Hamachi

"logoscreensaver" = logoscreensaver Screen Saver

"MAGIX_MSI_mm17" = MAGIX Music Maker 17

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100

"MEDION Fotos auf CD & DVD SE Nord D" = MEDION Fotos auf CD & DVD SE Nord

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack

"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0

"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU

"Microsoft SQL Server 10" = Microsoft SQL Server 2008

"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008

"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU

"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU

"Minecraft Texturepack Editor" = Minecraft Texturepack Editor

"MinecraftAlpha" = MinecraftAlpha

"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NetObjects Fusion 3.0.1" = NetObjects Fusion 3.0.1

"New LEGO Digital Designer" = LEGO Digital Designer

"NoIPDUC" = No-IP DUC

"Notepad++" = Notepad++

"Pagealicious" = Pagealicious

"PDF-XChange 3_is1" = PDF-XChange 3

"PhotoScape" = PhotoScape

"PriceGong" = PriceGong 2.6.7

"PricePeep" = PricePeep

"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11

"PSPad editor_is1" = PSPad editor

"Savings Explorer" = Savings Explorer

"UDK-f9f58a61-e443-4469-a6b7-8cf436caa0e6" = Unreal Development Kit: 2009-11-2

"VLC media player" = VLC media player 2.0.2

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.11 (32-Bit)

"Wissen macht Ah! - Bildschirmschoner" = Wissen macht Ah! - Bildschirmschoner Bildschirmschoner

"Your Product1.0" = Your Product

"ZetaProducer10" = Zeta Producer 10 10.7.0 (nur entfernen)

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"Google Chrome" = Google Chrome

"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 22.09.2012 09:41:59 | Computer Name = Jonas-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 22.09.2012 09:41:59 | Computer Name = Jonas-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 4227

 

Error - 22.09.2012 09:41:59 | Computer Name = Jonas-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 4227

 

Error - 22.09.2012 09:42:00 | Computer Name = Jonas-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 22.09.2012 09:42:00 | Computer Name = Jonas-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 5241

 

Error - 22.09.2012 09:42:00 | Computer Name = Jonas-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 5241

 

Error - 22.09.2012 09:42:01 | Computer Name = Jonas-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 22.09.2012 09:42:01 | Computer Name = Jonas-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 6240

 

Error - 22.09.2012 09:42:01 | Computer Name = Jonas-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 6240

 

Error - 22.09.2012 09:42:02 | Computer Name = Jonas-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

[ System Events ]

Error - 30.03.2013 07:13:51 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst Wlansvc erreicht.

 

Error - 30.03.2013 08:09:38 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "WebOptimizer" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 30.03.2013 08:09:47 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   cdrom

 

Error - 30.03.2013 13:05:29 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst wlidsvc erreicht.

 

Error - 31.03.2013 04:16:03 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst ShellHWDetection erreicht.

 

Error - 31.03.2013 09:02:49 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst PlugPlay erreicht.

 

Error - 07.04.2013 10:06:45 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst PlugPlay erreicht.

 

Error - 08.04.2013 08:15:42 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst WinDefend erreicht.

 

Error - 08.04.2013 08:56:32 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst Netman erreicht.

 

Error - 08.04.2013 13:11:33 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst Wlansvc erreicht.

 

 

< End of report >

Rootkitscan mit GMER

Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

mbar:

Code:

Malwarebytes Anti-Rootkit BETA 1.01.0.1022

www.malwarebytes.org
 

Database version: v2013.04.09.08
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 10.0.9200.16438

Jonas :: JONAS-PC [administrator]
 

09.04.2013 19:34:42

mbar-log-2013-04-09 (19-34-42).txt
 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: 

Objects scanned: 31177

Time elapsed: 22 minute(s), 27 second(s)
 

Memory Processes Detected: 0

(No malicious items detected)
 

Memory Modules Detected: 0

(No malicious items detected)
 

Registry Keys Detected: 1

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110211101158} (PUP.215Apps) -> Delete on reboot.
 

Registry Values Detected: 0

(No malicious items detected)
 

Registry Data Items Detected: 0

(No malicious items detected)
 

Folders Detected: 0

(No malicious items detected)
 

Files Detected: 0

(No malicious items detected)
 

(end)

GMER:

Code:

GMER 2.1.19163 - hxxp://www.gmer.net

Rootkit scan 2013-04-09 19:02:17

Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVT-00A23T0 rev.01.01A01 232,89GB

Running: gmer_2.1.19163.exe; Driver: C:\Users\Jonas\AppData\Local\Temp\fwdoypow.sys
 
 

---- Kernel code sections - GMER 2.1 ----
 

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                       81C7CA49 1 Byte  [06]

.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                         81CB64D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

?      System32\drivers\oukmlnes.sys                                                                                                  Das System kann den angegebenen Pfad nicht finden. !

.vmp2  C:\Windows\system32\drivers\acedrv11.sys                                                                                       entry point in ".vmp2" section [0xA88D069D]
 

---- User code sections - GMER 2.1 ----
 

.text  c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[332] USER32.dll!DialogBoxParamW               773B3B9B 5 Bytes  JMP 756346C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll

.text  C:\Windows\system32\wininit.exe[500] USER32.dll!DialogBoxParamW                                                                773B3B9B 5 Bytes  JMP 756346C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll

.text  C:\Windows\system32\taskhost.exe[548] USER32.dll!DialogBoxParamW                                                               773B3B9B 5 Bytes  JMP 756346C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll

.text  C:\Windows\system32\services.exe[556] USER32.dll!DialogBoxParamW                                                               773B3B9B 5 Bytes  JMP 756346C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll

.text  C:\Windows\system32\winlogon.exe[592] USER32.dll!DialogBoxParamW                                                               773B3B9B 5 Bytes  JMP 756346C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll

.text  ...                                                                                                                            
 

---- Registry - GMER 2.1 ----
 

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a147f0                                                    

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a147fa                                                    

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6006445                                                    

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd612c05d                                                    

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd612c05d@001060d10359                                       0x38 0x50 0x3E 0xB9 ...

Reg    HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{6A754A24-241A-4705-9362-E5ADA199D175}@LeaseObtainedTime    1365523262

Reg    HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{6A754A24-241A-4705-9362-E5ADA199D175}@T1                   1365523389

Reg    HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{6A754A24-241A-4705-9362-E5ADA199D175}@T2                   1365523485

Reg    HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{6A754A24-241A-4705-9362-E5ADA199D175}@LeaseTerminatesTime  1365523517

Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a147f0 (not active ControlSet)                                

Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a147fa (not active ControlSet)                                

Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd6006445 (not active ControlSet)                                

Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd612c05d (not active ControlSet)                                

Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd612c05d@001060d10359                                           0x38 0x50 0x3E 0xB9 ...
 

---- Disk sectors - GMER 2.1 ----
 

Disk   \Device\Harddisk0\DR0                                                                                                          unknown MBR code
 

---- EOF - GMER 2.1 ----

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

aswmbr:

Code:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software

Run date: 2013-04-10 13:45:42

-----------------------------

13:45:42.551    OS Version: Windows 6.1.7601 Service Pack 1

13:45:42.552    Number of processors: 2 586 0x1C0A

13:45:42.554    ComputerName: JONAS-PC  UserName: Jonas

13:45:43.812    Initialize success

13:48:43.885    AVAST engine defs: 13040901

13:49:07.320    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

13:49:07.326    Disk 0 Vendor: WDC_WD2500BEVT-00A23T0 01.01A01 Size: 238475MB BusType: 3

13:49:07.654    Disk 0 MBR read successfully

13:49:07.661    Disk 0 MBR scan

13:49:07.772    Disk 0 unknown MBR code

13:49:07.801    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048

13:49:07.835    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       206627 MB offset 206848

13:49:07.879    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        30720 MB offset 423378944

13:49:07.968    Disk 0 Partition 4 00     12  Compaq diag NTFS         1026 MB offset 486293504

13:49:07.989    Disk 0 scanning sectors +488394752

13:49:08.330    Disk 0 scanning C:\Windows\system32\drivers

13:49:47.734    Service scanning

13:50:50.368    Modules scanning

13:51:35.498    Disk 0 trace - called modules:

13:51:35.514    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 

13:51:35.515    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84529030]

13:51:35.515    3 CLASSPNP.SYS[867cc59e] -> nt!IofCallDriver -> [0x84063898]

13:51:35.515    5 ACPI.sys[864d73d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84455030]

13:51:36.440    AVAST engine scan C:\Windows

13:51:45.152    AVAST engine scan C:\Windows\system32

13:59:13.098    AVAST engine scan C:\Windows\system32\drivers

13:59:35.776    AVAST engine scan C:\Users\Jonas

14:17:09.305    File: C:\Users\Jonas\Downloads\MC\MPAC.exe  **INFECTED** Win32:Dropper-gen [Drp]

14:17:09.648    File: C:\Users\Jonas\Downloads\MCP\MPAC.exe  **INFECTED** Win32:Dropper-gen [Drp]

14:19:24.759    AVAST engine scan C:\ProgramData

14:21:36.335    Scan finished successfully

14:31:42.234    Disk 0 MBR has been saved successfully to "C:\Users\Jonas\Desktop\MBR.dat"

14:31:42.276    The log file has been saved successfully to "C:\Users\Jonas\Desktop\aswMBR.txt"

TDSSKiller:

Code:

14:37:42.0670 4192  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

14:37:43.0745 4192  ============================================================

14:37:43.0746 4192  Current date / time: 2013/04/10 14:37:43.0745

14:37:43.0746 4192  SystemInfo:

14:37:43.0746 4192  

14:37:43.0746 4192  OS Version: 6.1.7601 ServicePack: 1.0

14:37:43.0746 4192  Product type: Workstation

14:37:43.0747 4192  ComputerName: JONAS-PC

14:37:43.0747 4192  UserName: Jonas

14:37:43.0747 4192  Windows directory: C:\Windows

14:37:43.0747 4192  System windows directory: C:\Windows

14:37:43.0747 4192  Processor architecture: Intel x86

14:37:43.0747 4192  Number of processors: 2

14:37:43.0747 4192  Page size: 0x1000

14:37:43.0747 4192  Boot type: Normal boot

14:37:43.0747 4192  ============================================================

14:37:46.0101 4192  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

14:37:46.0114 4192  ============================================================

14:37:46.0114 4192  \Device\Harddisk0\DR0:

14:37:46.0114 4192  MBR partitions:

14:37:46.0114 4192  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

14:37:46.0114 4192  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x19391800

14:37:46.0114 4192  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x193C4000, BlocksNum 0x3C00000

14:37:46.0114 4192  ============================================================

14:37:46.0151 4192  C: <-> \Device\Harddisk0\DR0\Partition2

14:37:46.0214 4192  D: <-> \Device\Harddisk0\DR0\Partition3

14:37:46.0275 4192  ============================================================

14:37:46.0276 4192  Initialize success

14:37:46.0276 4192  ============================================================

14:38:56.0482 4052  Deinitialize success

Zitat:

C:\Users\Jonas\Downloads\MC\MPAC.exe

Was soll das sein, wo hast du das her?

Und das Log vom tdsskiller ist unvollständig

Mein Freund hat mir das per Email geschickt und sagte, dass das ein Texturpack-Editor für Minecraft wäre. Er hat mir aber eine Infizierte Datei geschickt und so hab ich es bekommen. Und die Logdatei:

Code:

14:37:42.0670 4192  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

14:37:43.0745 4192  ============================================================

14:37:43.0746 4192  Current date / time: 2013/04/10 14:37:43.0745

14:37:43.0746 4192  SystemInfo:

14:37:43.0746 4192  

14:37:43.0746 4192  OS Version: 6.1.7601 ServicePack: 1.0

14:37:43.0746 4192  Product type: Workstation

14:37:43.0747 4192  ComputerName: JONAS-PC

14:37:43.0747 4192  UserName: Jonas

14:37:43.0747 4192  Windows directory: C:\Windows

14:37:43.0747 4192  System windows directory: C:\Windows

14:37:43.0747 4192  Processor architecture: Intel x86

14:37:43.0747 4192  Number of processors: 2

14:37:43.0747 4192  Page size: 0x1000

14:37:43.0747 4192  Boot type: Normal boot

14:37:43.0747 4192  ============================================================

14:37:46.0101 4192  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

14:37:46.0114 4192  ============================================================

14:37:46.0114 4192  \Device\Harddisk0\DR0:

14:37:46.0114 4192  MBR partitions:

14:37:46.0114 4192  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

14:37:46.0114 4192  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x19391800

14:37:46.0114 4192  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x193C4000, BlocksNum 0x3C00000

14:37:46.0114 4192  ============================================================

14:37:46.0151 4192  C: <-> \Device\Harddisk0\DR0\Partition2

14:37:46.0214 4192  D: <-> \Device\Harddisk0\DR0\Partition3

14:37:46.0275 4192  ============================================================

14:37:46.0276 4192  Initialize success

14:37:46.0276 4192  ============================================================

14:38:56.0482 4052  Deinitialize success

tdsskiller Log ist immer noch unvollständig. Da fehlt eine ganze Ecke an Infos, hast wohl falsch ausgeführt

Code:

14:40:39.0725 3728  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

14:40:40.0051 3728  ============================================================

14:40:40.0051 3728  Current date / time: 2013/04/10 14:40:40.0051

14:40:40.0051 3728  SystemInfo:

14:40:40.0051 3728  

14:40:40.0051 3728  OS Version: 6.1.7601 ServicePack: 1.0

14:40:40.0051 3728  Product type: Workstation

14:40:40.0052 3728  ComputerName: JONAS-PC

14:40:40.0052 3728  UserName: Jonas

14:40:40.0052 3728  Windows directory: C:\Windows

14:40:40.0052 3728  System windows directory: C:\Windows

14:40:40.0052 3728  Processor architecture: Intel x86

14:40:40.0052 3728  Number of processors: 2

14:40:40.0052 3728  Page size: 0x1000

14:40:40.0052 3728  Boot type: Normal boot

14:40:40.0052 3728  ============================================================

14:40:41.0490 3728  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

14:40:41.0496 3728  ============================================================

14:40:41.0496 3728  \Device\Harddisk0\DR0:

14:40:41.0496 3728  MBR partitions:

14:40:41.0496 3728  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

14:40:41.0496 3728  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x19391800

14:40:41.0497 3728  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x193C4000, BlocksNum 0x3C00000

14:40:41.0497 3728  ============================================================

14:40:41.0518 3728  C: <-> \Device\Harddisk0\DR0\Partition2

14:40:41.0570 3728  D: <-> \Device\Harddisk0\DR0\Partition3

14:40:41.0570 3728  ============================================================

14:40:41.0570 3728  Initialize success

14:40:41.0570 3728  ============================================================

14:40:43.0523 1912  ============================================================

14:40:43.0524 1912  Scan started

14:40:43.0524 1912  Mode: Manual; 

14:40:43.0524 1912  ============================================================

14:40:46.0233 1912  ================ Scan system memory ========================

14:40:46.0233 1912  System memory - ok

14:40:46.0235 1912  ================ Scan services =============================

14:40:46.0470 1912  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys

14:40:46.0475 1912  1394ohci - ok

14:40:46.0553 1912  [ E6F53D6C0DEA3D375362265E175CA638 ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys

14:40:46.0559 1912  acedrv11 - ok

14:40:46.0637 1912  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys

14:40:46.0645 1912  ACPI - ok

14:40:46.0706 1912  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys

14:40:46.0709 1912  AcpiPmi - ok

14:40:46.0770 1912  [ C1C7EEF1A53A6B47323187A22559E553 ] ACPIService     C:\Windows\system32\DRIVERS\ATKACPI.SYS

14:40:46.0773 1912  ACPIService - ok

14:40:46.0927 1912  [ 0F6D872FD048D437DCBF5C1A80194886 ] AdobeActiveFileMonitor C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

14:40:46.0931 1912  AdobeActiveFileMonitor - ok

14:40:46.0994 1912  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys

14:40:47.0003 1912  adp94xx - ok

14:40:47.0090 1912  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys

14:40:47.0099 1912  adpahci - ok

14:40:47.0152 1912  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys

14:40:47.0158 1912  adpu320 - ok

14:40:47.0214 1912  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll

14:40:47.0217 1912  AeLookupSvc - ok

14:40:47.0284 1912  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys

14:40:47.0292 1912  AFD - ok

14:40:47.0341 1912  [ 5C4125D2AF6DDBB6422CE5F6E9BE7098 ] AFW             C:\Windows\system32\DRIVERS\afw.sys

14:40:47.0344 1912  AFW - ok

14:40:47.0383 1912  [ C223C5327FF06330B0251F1830FEE1AF ] afwcore         C:\Windows\system32\DRIVERS\afwcore.sys

14:40:47.0391 1912  afwcore - ok

14:40:47.0436 1912  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys

14:40:47.0440 1912  agp440 - ok

14:40:47.0487 1912  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys

14:40:47.0491 1912  aic78xx - ok

14:40:47.0540 1912  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe

14:40:47.0544 1912  ALG - ok

14:40:47.0579 1912  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys

14:40:47.0582 1912  aliide - ok

14:40:47.0624 1912  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys

14:40:47.0628 1912  amdagp - ok

14:40:47.0658 1912  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys

14:40:47.0661 1912  amdide - ok

14:40:47.0718 1912  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys

14:40:47.0722 1912  AmdK8 - ok

14:40:47.0744 1912  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys

14:40:47.0747 1912  AmdPPM - ok

14:40:47.0808 1912  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys

14:40:47.0812 1912  amdsata - ok

14:40:47.0861 1912  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys

14:40:47.0867 1912  amdsbs - ok

14:40:47.0897 1912  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys

14:40:47.0901 1912  amdxata - ok

14:40:47.0956 1912  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys

14:40:47.0960 1912  AppID - ok

14:40:48.0024 1912  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll

14:40:48.0027 1912  AppIDSvc - ok

14:40:48.0071 1912  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll

14:40:48.0074 1912  Appinfo - ok

14:40:48.0190 1912  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

14:40:48.0198 1912  Apple Mobile Device - ok

14:40:48.0250 1912  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys

14:40:48.0254 1912  arc - ok

14:40:48.0277 1912  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys

14:40:48.0281 1912  arcsas - ok

14:40:48.0461 1912  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

14:40:48.0501 1912  aspnet_state - ok

14:40:48.0561 1912  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys

14:40:48.0564 1912  AsyncMac - ok

14:40:48.0605 1912  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys

14:40:48.0606 1912  atapi - ok

14:40:48.0672 1912  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

14:40:48.0683 1912  AudioEndpointBuilder - ok

14:40:48.0717 1912  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll

14:40:48.0724 1912  Audiosrv - ok

14:40:48.0762 1912  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll

14:40:48.0766 1912  AxInstSV - ok

14:40:48.0818 1912  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys

14:40:48.0828 1912  b06bdrv - ok

14:40:48.0892 1912  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys

14:40:48.0899 1912  b57nd60x - ok

14:40:48.0963 1912  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll

14:40:48.0977 1912  BDESVC - ok

14:40:49.0021 1912  [ FE7D7035833981F5B4EE746805E9C30E ] BdSpy           C:\Windows\system32\DRIVERS\BdSpy.sys

14:40:49.0024 1912  BdSpy - ok

14:40:49.0043 1912  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys

14:40:49.0045 1912  Beep - ok

14:40:49.0111 1912  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll

14:40:49.0123 1912  BFE - ok

14:40:49.0239 1912  [ C4F6B64F61934523E2DAD838D4B23B12 ] BgRaSvc         C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe

14:40:49.0253 1912  BgRaSvc - ok

14:40:49.0333 1912  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll

14:40:49.0400 1912  BITS - ok

14:40:49.0466 1912  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys

14:40:49.0468 1912  blbdrive - ok

14:40:49.0566 1912  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

14:40:49.0575 1912  Bonjour Service - ok

14:40:49.0673 1912  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys

14:40:49.0677 1912  bowser - ok

14:40:49.0716 1912  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys

14:40:49.0720 1912  BrFiltLo - ok

14:40:49.0755 1912  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys

14:40:49.0757 1912  BrFiltUp - ok

14:40:49.0824 1912  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll

14:40:49.0828 1912  Browser - ok

14:40:50.0035 1912  [ 639838B4BD0ED95F308650B910E3EC82 ] BrowserProtect  C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe

14:40:50.0105 1912  BrowserProtect - ok

14:40:50.0152 1912  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys

14:40:50.0160 1912  Brserid - ok

14:40:50.0220 1912  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys

14:40:50.0223 1912  BrSerWdm - ok

14:40:50.0278 1912  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys

14:40:50.0281 1912  BrUsbMdm - ok

14:40:50.0348 1912  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys

14:40:50.0351 1912  BrUsbSer - ok

14:40:50.0430 1912  [ CD40B39A3DAC59BD00BA0C76941133D2 ] BsBhvScan       C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe

14:40:50.0439 1912  BsBhvScan - ok

14:40:50.0494 1912  [ 5F15F8A2FE5D087F6EBDC3961A8B198E ] BsBrowser       C:\Program Files\BullGuard Ltd\BullGuard\BsBrowser.dll

14:40:50.0497 1912  BsBrowser - ok

14:40:50.0578 1912  [ 514E96F4037B98067863A65E89349D80 ] BsFileScan      C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll

14:40:50.0586 1912  BsFileScan - ok

14:40:50.0664 1912  [ 9C6066552E2BF2360667E15730DC0995 ] BsFire          C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll

14:40:50.0675 1912  BsFire - ok

14:40:50.0733 1912  [ 162266BFCEADACEBBB628DFD0C1AB152 ] BsMailProxy     C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll

14:40:50.0738 1912  BsMailProxy - ok

14:40:50.0799 1912  [ 60D6ECED581EFC2D237721F72BC6FBAC ] BsMain          C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll

14:40:50.0804 1912  BsMain - ok

14:40:50.0840 1912  [ 173EE0192B8A172D1E7AEA6F36E1058E ] BsScanner       C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe

14:40:50.0848 1912  BsScanner - ok

14:40:50.0899 1912  [ 7951E867B9C89A2F4156F3AB8FD28E82 ] BsUpdate        C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe

14:40:50.0908 1912  BsUpdate - ok

14:40:50.0974 1912  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys

14:40:50.0977 1912  BthEnum - ok

14:40:50.0999 1912  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys

14:40:51.0002 1912  BTHMODEM - ok

14:40:51.0041 1912  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys

14:40:51.0045 1912  BthPan - ok

14:40:51.0100 1912  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys

14:40:51.0110 1912  BTHPORT - ok

14:40:51.0160 1912  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll

14:40:51.0163 1912  bthserv - ok

14:40:51.0232 1912  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys

14:40:51.0235 1912  BTHUSB - ok

14:40:51.0271 1912  [ 92C5B845803F3662637EB691AC0B250F ] btusbflt        C:\Windows\system32\drivers\btusbflt.sys

14:40:51.0274 1912  btusbflt - ok

14:40:51.0305 1912  [ 7E826BE3B3558208D5C9B00034E51BE5 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys

14:40:51.0309 1912  btwaudio - ok

14:40:51.0347 1912  [ AF9148C3E844131AC954CB53FF43D971 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys

14:40:51.0352 1912  btwavdt - ok

14:40:51.0419 1912  [ 0E3EE2BC0EC56BFE869FCDE3E5806684 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

14:40:51.0438 1912  btwdins - ok

14:40:51.0478 1912  [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys

14:40:51.0481 1912  btwl2cap - ok

14:40:51.0522 1912  [ 480B3D195854B2E55299CDDDDC50BCF9 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys

14:40:51.0524 1912  btwrchid - ok

14:40:51.0573 1912  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys

14:40:51.0577 1912  cdfs - ok

14:40:51.0640 1912  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys

14:40:51.0644 1912  cdrom - ok

14:40:51.0695 1912  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll

14:40:51.0699 1912  CertPropSvc - ok

14:40:51.0748 1912  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys

14:40:51.0750 1912  circlass - ok

14:40:51.0804 1912  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys

14:40:51.0812 1912  CLFS - ok

14:40:51.0866 1912  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:40:51.0877 1912  clr_optimization_v2.0.50727_32 - ok

14:40:51.0948 1912  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:40:52.0004 1912  clr_optimization_v4.0.30319_32 - ok

14:40:52.0056 1912  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys

14:40:52.0058 1912  CmBatt - ok

14:40:52.0087 1912  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys

14:40:52.0090 1912  cmdide - ok

14:40:52.0145 1912  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys

14:40:52.0155 1912  CNG - ok

14:40:52.0202 1912  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys

14:40:52.0205 1912  Compbatt - ok

14:40:52.0263 1912  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys

14:40:52.0266 1912  CompositeBus - ok

14:40:52.0288 1912  COMSysApp - ok

14:40:52.0342 1912  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys

14:40:52.0345 1912  crcdisk - ok

14:40:52.0407 1912  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll

14:40:52.0413 1912  CryptSvc - ok

14:40:52.0473 1912  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll

14:40:52.0497 1912  DcomLaunch - ok

14:40:52.0539 1912  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll

14:40:52.0547 1912  defragsvc - ok

14:40:52.0603 1912  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys

14:40:52.0607 1912  DfsC - ok

14:40:52.0633 1912  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll

14:40:52.0642 1912  Dhcp - ok

14:40:52.0683 1912  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys

14:40:52.0685 1912  discache - ok

14:40:52.0737 1912  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys

14:40:52.0740 1912  Disk - ok

14:40:52.0802 1912  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll

14:40:52.0808 1912  Dnscache - ok

14:40:52.0870 1912  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll

14:40:52.0880 1912  dot3svc - ok

14:40:52.0943 1912  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll

14:40:52.0950 1912  DPS - ok

14:40:53.0006 1912  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys

14:40:53.0008 1912  drmkaud - ok

14:40:53.0075 1912  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys

14:40:53.0097 1912  DXGKrnl - ok

14:40:53.0154 1912  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll

14:40:53.0160 1912  EapHost - ok

14:40:53.0310 1912  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys

14:40:53.0415 1912  ebdrv - ok

14:40:53.0476 1912  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe

14:40:53.0483 1912  EFS - ok

14:40:53.0545 1912  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys

14:40:53.0556 1912  elxstor - ok

14:40:53.0608 1912  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys

14:40:53.0611 1912  ErrDev - ok

14:40:53.0711 1912  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll

14:40:53.0722 1912  EventSystem - ok

14:40:53.0768 1912  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys

14:40:53.0773 1912  exfat - ok

14:40:53.0829 1912  Fabs - ok

14:40:53.0847 1912  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys

14:40:53.0855 1912  fastfat - ok

14:40:53.0921 1912  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe

14:40:53.0945 1912  Fax - ok

14:40:53.0986 1912  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys

14:40:53.0989 1912  fdc - ok

14:40:54.0034 1912  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll

14:40:54.0039 1912  fdPHost - ok

14:40:54.0052 1912  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll

14:40:54.0058 1912  FDResPub - ok

14:40:54.0086 1912  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys

14:40:54.0089 1912  FileInfo - ok

14:40:54.0220 1912  [ 2B0BCCF997721163E97889DC56EFDBDE ] FileOpenManagerService C:\Program Files\FileOpen\Services\FileOpenManagerService32.exe

14:40:54.0225 1912  FileOpenManagerService - ok

14:40:54.0251 1912  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys

14:40:54.0255 1912  Filetrace - ok

14:40:54.0377 1912  [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe

14:40:54.0511 1912  FirebirdServerMAGIXInstance - ok

14:40:54.0558 1912  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys

14:40:54.0560 1912  flpydisk - ok

14:40:54.0624 1912  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys

14:40:54.0629 1912  FltMgr - ok

14:40:54.0704 1912  [ AA85D09261FBF080CD9415853BD7B559 ] FontCache       C:\Windows\system32\FntCache.dll

14:40:54.0746 1912  FontCache - ok

14:40:54.0841 1912  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

14:40:54.0845 1912  FontCache3.0.0.0 - ok

14:40:54.0885 1912  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys

14:40:54.0887 1912  FsDepends - ok

14:40:54.0940 1912  [ 01BB4A70EA1F47422C1646B06164A8FB ] fspad_wlh32     C:\Windows\system32\DRIVERS\fspad_wlh32.sys

14:40:54.0943 1912  fspad_wlh32 - ok

14:40:54.0984 1912  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys

14:40:54.0986 1912  Fs_Rec - ok

14:40:55.0042 1912  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys

14:40:55.0047 1912  fvevol - ok

14:40:55.0098 1912  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys

14:40:55.0101 1912  gagp30kx - ok

14:40:55.0163 1912  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

14:40:55.0165 1912  GEARAspiWDM - ok

14:40:55.0225 1912  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll

14:40:55.0245 1912  gpsvc - ok

14:40:55.0313 1912  [ 833051C6C6C42117191935F734CFBD97 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys

14:40:55.0316 1912  hamachi - ok

14:40:55.0450 1912  [ 616399E27A55C97AE859230EB13984D8 ] Hamachi2Svc     C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

14:40:55.0498 1912  Hamachi2Svc - ok

14:40:55.0543 1912  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys

14:40:55.0546 1912  hcw85cir - ok

14:40:55.0607 1912  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

14:40:55.0614 1912  HdAudAddService - ok

14:40:55.0647 1912  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys

14:40:55.0651 1912  HDAudBus - ok

14:40:55.0664 1912  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys

14:40:55.0670 1912  HidBatt - ok

14:40:55.0715 1912  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys

14:40:55.0719 1912  HidBth - ok

14:40:55.0753 1912  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys

14:40:55.0757 1912  HidIr - ok

14:40:55.0799 1912  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll

14:40:55.0804 1912  hidserv - ok

14:40:55.0861 1912  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys

14:40:55.0863 1912  HidUsb - ok

14:40:55.0916 1912  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll

14:40:55.0924 1912  hkmsvc - ok

14:40:55.0981 1912  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

14:40:55.0989 1912  HomeGroupListener - ok

14:40:56.0020 1912  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

14:40:56.0032 1912  HomeGroupProvider - ok

14:40:56.0082 1912  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys

14:40:56.0085 1912  HpSAMD - ok

14:40:56.0140 1912  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys

14:40:56.0151 1912  HTTP - ok

14:40:56.0194 1912  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys

14:40:56.0196 1912  hwpolicy - ok

14:40:56.0253 1912  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys

14:40:56.0257 1912  i8042prt - ok

14:40:56.0322 1912  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys

14:40:56.0330 1912  iaStorV - ok

14:40:56.0459 1912  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

14:40:56.0463 1912  IDriverT - ok

14:40:56.0542 1912  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

14:40:56.0577 1912  idsvc - ok

14:40:56.0745 1912  [ E21A74A91F7AA3BB2E985C4CDDCA63F2 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys

14:40:56.0870 1912  igfx - ok

14:40:56.0903 1912  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys

14:40:56.0906 1912  iirsp - ok

14:40:56.0978 1912  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll

14:40:56.0999 1912  IKEEXT - ok

14:40:57.0133 1912  [ 09BF2EFC833A4848665E439EB4DB3331 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

14:40:57.0221 1912  IntcAzAudAddService - ok

14:40:57.0257 1912  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys

14:40:57.0259 1912  intelide - ok

14:40:57.0312 1912  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys

14:40:57.0315 1912  intelppm - ok

14:40:57.0358 1912  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll

14:40:57.0365 1912  IPBusEnum - ok

14:40:57.0425 1912  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:40:57.0429 1912  IpFilterDriver - ok

14:40:57.0506 1912  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll

14:40:57.0518 1912  iphlpsvc - ok

14:40:57.0565 1912  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys

14:40:57.0568 1912  IPMIDRV - ok

14:40:57.0600 1912  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys

14:40:57.0603 1912  IPNAT - ok

14:40:57.0689 1912  [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe

14:40:57.0723 1912  iPod Service - ok

14:40:57.0775 1912  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys

14:40:57.0778 1912  IRENUM - ok

14:40:57.0800 1912  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys

14:40:57.0803 1912  isapnp - ok

14:40:57.0853 1912  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys

14:40:57.0859 1912  iScsiPrt - ok

14:40:57.0909 1912  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys

14:40:57.0912 1912  kbdclass - ok

14:40:57.0955 1912  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys

14:40:57.0958 1912  kbdhid - ok

14:40:57.0987 1912  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe

14:40:57.0992 1912  KeyIso - ok

14:40:58.0044 1912  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys

14:40:58.0048 1912  KSecDD - ok

14:40:58.0099 1912  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys

14:40:58.0103 1912  KSecPkg - ok

14:40:58.0156 1912  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll

14:40:58.0167 1912  KtmRm - ok

14:40:58.0216 1912  [ 3705B2273E8EFC9A707864AB7324B614 ] L1C             C:\Windows\system32\DRIVERS\L1C62x86.sys

14:40:58.0219 1912  L1C - ok

14:40:58.0263 1912  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll

14:40:58.0274 1912  LanmanServer - ok

14:40:58.0295 1912  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

14:40:58.0307 1912  LanmanWorkstation - ok

14:40:58.0358 1912  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys

14:40:58.0361 1912  lltdio - ok

14:40:58.0397 1912  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll

14:40:58.0405 1912  lltdsvc - ok

14:40:58.0437 1912  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll

14:40:58.0443 1912  lmhosts - ok

14:40:58.0506 1912  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys

14:40:58.0511 1912  LSI_FC - ok

14:40:58.0561 1912  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys

14:40:58.0565 1912  LSI_SAS - ok

14:40:58.0604 1912  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys

14:40:58.0607 1912  LSI_SAS2 - ok

14:40:58.0658 1912  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys

14:40:58.0661 1912  LSI_SCSI - ok

14:40:58.0704 1912  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys

14:40:58.0708 1912  luafv - ok

14:40:58.0731 1912  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys

14:40:58.0734 1912  megasas - ok

14:40:58.0799 1912  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys

14:40:58.0806 1912  MegaSR - ok

14:40:58.0839 1912  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll

14:40:58.0845 1912  MMCSS - ok

14:40:58.0870 1912  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys

14:40:58.0873 1912  Modem - ok

14:40:58.0904 1912  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys

14:40:58.0907 1912  monitor - ok

14:40:58.0930 1912  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys

14:40:58.0932 1912  mouclass - ok

14:40:58.0971 1912  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys

14:40:58.0974 1912  mouhid - ok

14:40:59.0030 1912  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys

14:40:59.0033 1912  mountmgr - ok

14:40:59.0124 1912  [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

14:40:59.0128 1912  MozillaMaintenance - ok

14:40:59.0158 1912  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys

14:40:59.0162 1912  mpio - ok

14:40:59.0205 1912  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys

14:40:59.0208 1912  mpsdrv - ok

14:40:59.0294 1912  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll

14:40:59.0315 1912  MpsSvc - ok

14:40:59.0362 1912  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys

14:40:59.0365 1912  MRxDAV - ok

14:40:59.0431 1912  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys

14:40:59.0435 1912  mrxsmb - ok

14:40:59.0489 1912  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:40:59.0495 1912  mrxsmb10 - ok

14:40:59.0519 1912  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:40:59.0523 1912  mrxsmb20 - ok

14:40:59.0570 1912  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys

14:40:59.0573 1912  msahci - ok

14:40:59.0612 1912  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys

14:40:59.0616 1912  msdsm - ok

14:40:59.0658 1912  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe

14:40:59.0666 1912  MSDTC - ok

14:40:59.0727 1912  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys

14:40:59.0730 1912  Msfs - ok

14:40:59.0751 1912  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys

14:40:59.0753 1912  mshidkmdf - ok

14:40:59.0789 1912  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys

14:40:59.0791 1912  msisadrv - ok

14:40:59.0831 1912  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll

14:40:59.0838 1912  MSiSCSI - ok

14:40:59.0851 1912  msiserver - ok

14:40:59.0888 1912  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys

14:40:59.0891 1912  MSKSSRV - ok

14:40:59.0911 1912  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys

14:40:59.0915 1912  MSPCLOCK - ok

14:40:59.0942 1912  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys

14:40:59.0945 1912  MSPQM - ok

14:40:59.0975 1912  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys

14:40:59.0980 1912  MsRPC - ok

14:41:00.0039 1912  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys

14:41:00.0041 1912  mssmbios - ok

14:41:00.0154 1912  MSSQL$SQLEXPRESS - ok

14:41:00.0262 1912  [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE

14:41:00.0281 1912  MSSQLServerADHelper100 - ok

14:41:00.0330 1912  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys

14:41:00.0333 1912  MSTEE - ok

14:41:00.0376 1912  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys

14:41:00.0379 1912  MTConfig - ok

14:41:00.0408 1912  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys

14:41:00.0411 1912  Mup - ok

14:41:00.0459 1912  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll

14:41:00.0472 1912  napagent - ok

14:41:00.0511 1912  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys

14:41:00.0518 1912  NativeWifiP - ok

14:41:00.0598 1912  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys

14:41:00.0618 1912  NDIS - ok

14:41:00.0661 1912  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys

14:41:00.0664 1912  NdisCap - ok

14:41:00.0697 1912  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys

14:41:00.0700 1912  NdisTapi - ok

14:41:00.0749 1912  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys

14:41:00.0751 1912  Ndisuio - ok

14:41:00.0792 1912  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys

14:41:00.0796 1912  NdisWan - ok

14:41:00.0844 1912  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys

14:41:00.0847 1912  NDProxy - ok

14:41:00.0865 1912  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys

14:41:00.0868 1912  NetBIOS - ok

14:41:00.0915 1912  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys

14:41:00.0920 1912  NetBT - ok

14:41:00.0942 1912  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe

14:41:00.0947 1912  Netlogon - ok

14:41:00.0997 1912  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll

14:41:01.0010 1912  Netman - ok

14:41:01.0062 1912  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

14:41:01.0107 1912  NetMsmqActivator - ok

14:41:01.0117 1912  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

14:41:01.0121 1912  NetPipeActivator - ok

14:41:01.0142 1912  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll

14:41:01.0154 1912  netprofm - ok

14:41:01.0166 1912  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

14:41:01.0170 1912  NetTcpActivator - ok

14:41:01.0184 1912  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

14:41:01.0188 1912  NetTcpPortSharing - ok

14:41:01.0228 1912  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys

14:41:01.0231 1912  nfrd960 - ok

14:41:01.0284 1912  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll

14:41:01.0294 1912  NlaSvc - ok

14:41:01.0386 1912  [ DD8B7B1EEFE8D36CD9F070619CBB66C2 ] NovaShieldFilterDriver C:\Windows\system32\DRIVERS\NSKernel.sys

14:41:01.0391 1912  NovaShieldFilterDriver - ok

14:41:01.0418 1912  [ F137D033742CE16FA8AAF974A899AAF2 ] NovaShieldTDIDriver C:\Windows\system32\DRIVERS\NSNetmon.sys

14:41:01.0420 1912  NovaShieldTDIDriver - ok

14:41:01.0464 1912  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys

14:41:01.0467 1912  Npfs - ok

14:41:01.0515 1912  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll

14:41:01.0522 1912  nsi - ok

14:41:01.0534 1912  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys

14:41:01.0540 1912  nsiproxy - ok

14:41:01.0625 1912  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys

14:41:01.0660 1912  Ntfs - ok

14:41:01.0680 1912  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys

14:41:01.0683 1912  Null - ok

14:41:01.0730 1912  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys

14:41:01.0734 1912  nvraid - ok

14:41:01.0788 1912  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys

14:41:01.0792 1912  nvstor - ok

14:41:01.0841 1912  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys

14:41:01.0845 1912  nv_agp - ok

14:41:01.0877 1912  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys

14:41:01.0880 1912  ohci1394 - ok

14:41:01.0930 1912  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll

14:41:01.0941 1912  p2pimsvc - ok

14:41:01.0969 1912  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll

14:41:01.0981 1912  p2psvc - ok

14:41:02.0020 1912  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys

14:41:02.0024 1912  Parport - ok

14:41:02.0073 1912  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys

14:41:02.0078 1912  partmgr - ok

14:41:02.0109 1912  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys

14:41:02.0111 1912  Parvdm - ok

14:41:02.0344 1912  [ 0C7B85E8655E2774466E941B42AD9121 ] pc essentials   C:\Program Files\pc essentials\updater.exe

14:41:02.0513 1912  pc essentials - ok

14:41:02.0591 1912  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll

14:41:02.0600 1912  PcaSvc - ok

14:41:02.0628 1912  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys

14:41:02.0633 1912  pci - ok

14:41:02.0679 1912  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys

14:41:02.0682 1912  pciide - ok

14:41:02.0729 1912  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys

14:41:02.0734 1912  pcmcia - ok

14:41:02.0771 1912  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys

14:41:02.0774 1912  pcw - ok

14:41:02.0810 1912  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys

14:41:02.0822 1912  PEAUTH - ok

14:41:02.0948 1912  [ E0297D369962F00E52BBACE14A554DF5 ] PhotoshopElementsDeviceConnect C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

14:41:02.0952 1912  PhotoshopElementsDeviceConnect - ok

14:41:03.0044 1912  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll

14:41:03.0089 1912  pla - ok

14:41:03.0160 1912  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll

14:41:03.0173 1912  PlugPlay - ok

14:41:03.0212 1912  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll

14:41:03.0220 1912  PNRPAutoReg - ok

14:41:03.0252 1912  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll

14:41:03.0261 1912  PNRPsvc - ok

14:41:03.0308 1912  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll

14:41:03.0318 1912  PolicyAgent - ok

14:41:03.0369 1912  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll

14:41:03.0379 1912  Power - ok

14:41:03.0417 1912  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys

14:41:03.0420 1912  PptpMiniport - ok

14:41:03.0444 1912  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys

14:41:03.0447 1912  Processor - ok

14:41:03.0494 1912  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll

14:41:03.0504 1912  ProfSvc - ok

14:41:03.0520 1912  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe

14:41:03.0525 1912  ProtectedStorage - ok

14:41:03.0571 1912  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys

14:41:03.0575 1912  Psched - ok

14:41:03.0628 1912  [ B5DFB86A6CAEAE9B2BF3DEDB43BE6393 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys

14:41:03.0630 1912  PxHelp20 - ok

14:41:03.0705 1912  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys

14:41:03.0751 1912  ql2300 - ok

14:41:03.0796 1912  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys

14:41:03.0800 1912  ql40xx - ok

14:41:03.0841 1912  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll

14:41:03.0853 1912  QWAVE - ok

14:41:03.0883 1912  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys

14:41:03.0886 1912  QWAVEdrv - ok

14:41:03.0913 1912  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys

14:41:03.0915 1912  RasAcd - ok

14:41:03.0969 1912  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys

14:41:03.0972 1912  RasAgileVpn - ok

14:41:04.0009 1912  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll

14:41:04.0017 1912  RasAuto - ok

14:41:04.0048 1912  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys

14:41:04.0051 1912  Rasl2tp - ok

14:41:04.0112 1912  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll

14:41:04.0124 1912  RasMan - ok

14:41:04.0144 1912  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys

14:41:04.0149 1912  RasPppoe - ok

14:41:04.0163 1912  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys

14:41:04.0168 1912  RasSstp - ok

14:41:04.0226 1912  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys

14:41:04.0231 1912  rdbss - ok

14:41:04.0265 1912  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys

14:41:04.0268 1912  rdpbus - ok

14:41:04.0318 1912  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys

14:41:04.0320 1912  RDPCDD - ok

14:41:04.0374 1912  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys

14:41:04.0377 1912  RDPENCDD - ok

14:41:04.0402 1912  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys

14:41:04.0405 1912  RDPREFMP - ok

14:41:04.0451 1912  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys

14:41:04.0456 1912  RDPWD - ok

14:41:04.0513 1912  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys

14:41:04.0518 1912  rdyboost - ok

14:41:04.0555 1912  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll

14:41:04.0562 1912  RemoteAccess - ok

14:41:04.0602 1912  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll

14:41:04.0614 1912  RemoteRegistry - ok

14:41:04.0654 1912  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys

14:41:04.0658 1912  RFCOMM - ok

14:41:04.0752 1912  [ 999AA77152F16A40A5727FC657EF66C3 ] RichVideo       C:\Program Files\CyberLink\Shared files\RichVideo.exe

14:41:04.0759 1912  RichVideo - ok

14:41:04.0810 1912  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll

14:41:04.0818 1912  RpcEptMapper - ok

14:41:04.0863 1912  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe

14:41:04.0871 1912  RpcLocator - ok

14:41:04.0906 1912  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll

14:41:04.0917 1912  RpcSs - ok

14:41:04.0985 1912  [ FD692C6FFADE58F7C4C3C3C9A0EC35BD ] RsFx0103        C:\Windows\system32\DRIVERS\RsFx0103.sys

14:41:04.0992 1912  RsFx0103 - ok

14:41:05.0043 1912  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys

14:41:05.0046 1912  rspndr - ok

14:41:05.0108 1912  [ 44B7739F2D623AD6FB46755BB60351A4 ] rtl8192se       C:\Windows\system32\DRIVERS\rtl8192se.sys

14:41:05.0139 1912  rtl8192se - ok

14:41:05.0164 1912  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe

14:41:05.0169 1912  SamSs - ok

14:41:05.0221 1912  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys

14:41:05.0224 1912  sbp2port - ok

14:41:05.0258 1912  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll

14:41:05.0268 1912  SCardSvr - ok

14:41:05.0288 1912  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys

14:41:05.0291 1912  scfilter - ok

14:41:05.0352 1912  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll

14:41:05.0386 1912  Schedule - ok

14:41:05.0429 1912  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll

14:41:05.0431 1912  SCPolicySvc - ok

14:41:05.0471 1912  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll

14:41:05.0481 1912  SDRSVC - ok

14:41:05.0521 1912  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys

14:41:05.0523 1912  secdrv - ok

14:41:05.0563 1912  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll

14:41:05.0571 1912  seclogon - ok

14:41:05.0603 1912  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll

14:41:05.0614 1912  SENS - ok

14:41:05.0643 1912  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys

14:41:05.0646 1912  Serenum - ok

14:41:05.0698 1912  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys

14:41:05.0701 1912  Serial - ok

14:41:05.0753 1912  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys

14:41:05.0755 1912  sermouse - ok

14:41:05.0820 1912  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll

14:41:05.0830 1912  SessionEnv - ok

14:41:05.0875 1912  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys

14:41:05.0878 1912  sffdisk - ok

14:41:05.0905 1912  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys

14:41:05.0908 1912  sffp_mmc - ok

14:41:05.0929 1912  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys

14:41:05.0931 1912  sffp_sd - ok

14:41:05.0971 1912  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys

14:41:05.0974 1912  sfloppy - ok

14:41:06.0010 1912  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll

14:41:06.0020 1912  SharedAccess - ok

14:41:06.0073 1912  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

14:41:06.0086 1912  ShellHWDetection - ok

14:41:06.0141 1912  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys

14:41:06.0145 1912  sisagp - ok

14:41:06.0198 1912  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys

14:41:06.0201 1912  SiSRaid2 - ok

14:41:06.0244 1912  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys

14:41:06.0247 1912  SiSRaid4 - ok

14:41:06.0333 1912  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe

14:41:06.0337 1912  SkypeUpdate - ok

14:41:06.0394 1912  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys

14:41:06.0398 1912  Smb - ok

14:41:06.0463 1912  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe

14:41:06.0471 1912  SNMPTRAP - ok

14:41:06.0488 1912  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys

14:41:06.0491 1912  spldr - ok

14:41:06.0547 1912  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe

14:41:06.0560 1912  Spooler - ok

14:41:06.0693 1912  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe

14:41:06.0784 1912  sppsvc - ok

14:41:06.0843 1912  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll

14:41:06.0852 1912  sppuinotify - ok

14:41:06.0919 1912  [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE

14:41:06.0942 1912  SQLAgent$SQLEXPRESS - ok

14:41:07.0038 1912  [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser      c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

14:41:07.0062 1912  SQLBrowser - ok

14:41:07.0141 1912  [ 637A0F23F9012358E92E6F99835494D1 ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

14:41:07.0144 1912  SQLWriter - ok

14:41:07.0203 1912  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys

14:41:07.0210 1912  srv - ok

14:41:07.0255 1912  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys

14:41:07.0262 1912  srv2 - ok

14:41:07.0276 1912  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys

14:41:07.0282 1912  srvnet - ok

14:41:07.0337 1912  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll

14:41:07.0348 1912  SSDPSRV - ok

14:41:07.0363 1912  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll

14:41:07.0374 1912  SstpSvc - ok

14:41:07.0416 1912  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys

14:41:07.0419 1912  stexstor - ok

14:41:07.0475 1912  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll

14:41:07.0497 1912  StiSvc - ok

14:41:07.0543 1912  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys

14:41:07.0546 1912  swenum - ok

14:41:07.0570 1912  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll

14:41:07.0583 1912  swprv - ok

14:41:07.0654 1912  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll

14:41:07.0702 1912  SysMain - ok

14:41:07.0751 1912  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll

14:41:07.0760 1912  TabletInputService - ok

14:41:07.0803 1912  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll

14:41:07.0815 1912  TapiSrv - ok

14:41:07.0864 1912  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll

14:41:07.0874 1912  TBS - ok

14:41:07.0949 1912  [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys

14:41:07.0984 1912  Tcpip - ok

14:41:08.0041 1912  [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys

14:41:08.0056 1912  TCPIP6 - ok

14:41:08.0111 1912  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys

14:41:08.0115 1912  tcpipreg - ok

14:41:08.0171 1912  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys

14:41:08.0173 1912  TDPIPE - ok

14:41:08.0217 1912  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys

14:41:08.0220 1912  TDTCP - ok

14:41:08.0267 1912  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys

14:41:08.0270 1912  tdx - ok

14:41:08.0295 1912  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys

14:41:08.0298 1912  TermDD - ok

14:41:08.0354 1912  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll

14:41:08.0377 1912  TermService - ok

14:41:08.0422 1912  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll

14:41:08.0431 1912  Themes - ok

14:41:08.0450 1912  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll

14:41:08.0455 1912  THREADORDER - ok

14:41:08.0471 1912  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll

14:41:08.0481 1912  TrkWks - ok

14:41:08.0562 1912  [ D391F1171A2E3A7080DF6FAAE7A20C0B ] Trufos          C:\Windows\system32\DRIVERS\Trufos.sys

14:41:08.0569 1912  Trufos - ok

14:41:08.0663 1912  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

14:41:08.0668 1912  TrustedInstaller - ok

14:41:08.0723 1912  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys

14:41:08.0726 1912  tssecsrv - ok

14:41:08.0788 1912  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys

14:41:08.0791 1912  TsUsbFlt - ok

14:41:08.0851 1912  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys

14:41:08.0854 1912  tunnel - ok

14:41:08.0894 1912  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys

14:41:08.0899 1912  uagp35 - ok

14:41:08.0941 1912  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys

14:41:08.0947 1912  udfs - ok

14:41:09.0010 1912  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe

14:41:09.0019 1912  UI0Detect - ok

14:41:09.0053 1912  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys

14:41:09.0057 1912  uliagpkx - ok

14:41:09.0085 1912  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys

14:41:09.0089 1912  umbus - ok

14:41:09.0136 1912  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys

14:41:09.0152 1912  UmPass - ok

14:41:09.0202 1912  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll

14:41:09.0215 1912  upnphost - ok

14:41:09.0275 1912  [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys

14:41:09.0279 1912  USBAAPL - ok

14:41:09.0324 1912  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys

14:41:09.0327 1912  usbccgp - ok

14:41:09.0377 1912  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys

14:41:09.0381 1912  usbcir - ok

14:41:09.0407 1912  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\drivers\usbehci.sys

14:41:09.0410 1912  usbehci - ok

14:41:09.0448 1912  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys

14:41:09.0454 1912  usbhub - ok

14:41:09.0509 1912  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys

14:41:09.0512 1912  usbohci - ok

14:41:09.0552 1912  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys

14:41:09.0555 1912  usbprint - ok

14:41:09.0580 1912  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:41:09.0584 1912  USBSTOR - ok

14:41:09.0617 1912  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys

14:41:09.0620 1912  usbuhci - ok

14:41:09.0690 1912  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys

14:41:09.0694 1912  usbvideo - ok

14:41:09.0745 1912  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll

14:41:09.0755 1912  UxSms - ok

14:41:09.0797 1912  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe

14:41:09.0802 1912  VaultSvc - ok

14:41:09.0839 1912  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys

14:41:09.0842 1912  vdrvroot - ok

14:41:09.0897 1912  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe

14:41:09.0920 1912  vds - ok

14:41:09.0963 1912  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys

14:41:09.0966 1912  vga - ok

14:41:10.0012 1912  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys

14:41:10.0014 1912  VgaSave - ok

14:41:10.0067 1912  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys

14:41:10.0072 1912  vhdmp - ok

14:41:10.0115 1912  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys

14:41:10.0119 1912  viaagp - ok

14:41:10.0173 1912  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys

14:41:10.0177 1912  ViaC7 - ok

14:41:10.0213 1912  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys

14:41:10.0216 1912  viaide - ok

14:41:10.0260 1912  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys

14:41:10.0263 1912  volmgr - ok

14:41:10.0298 1912  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys

14:41:10.0306 1912  volmgrx - ok

14:41:10.0350 1912  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys

14:41:10.0357 1912  volsnap - ok

14:41:10.0409 1912  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys

14:41:10.0414 1912  vsmraid - ok

14:41:10.0492 1912  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe

14:41:10.0526 1912  VSS - ok

14:41:10.0564 1912  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys

14:41:10.0567 1912  vwifibus - ok

14:41:10.0589 1912  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys

14:41:10.0593 1912  vwififlt - ok

14:41:10.0630 1912  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys

14:41:10.0633 1912  vwifimp - ok

14:41:10.0679 1912  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll

14:41:10.0693 1912  W32Time - ok

14:41:10.0733 1912  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys

14:41:10.0736 1912  WacomPen - ok

14:41:10.0778 1912  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys

14:41:10.0781 1912  WANARP - ok

14:41:10.0791 1912  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys

14:41:10.0794 1912  Wanarpv6 - ok

14:41:10.0870 1912  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe

14:41:10.0917 1912  wbengine - ok

14:41:10.0969 1912  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll

14:41:10.0980 1912  WbioSrvc - ok

14:41:11.0029 1912  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll

14:41:11.0042 1912  wcncsvc - ok

14:41:11.0071 1912  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

14:41:11.0081 1912  WcsPlugInService - ok

14:41:11.0108 1912  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys

14:41:11.0111 1912  Wd - ok

14:41:11.0177 1912  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys

14:41:11.0188 1912  Wdf01000 - ok

14:41:11.0222 1912  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll

14:41:11.0232 1912  WdiServiceHost - ok

14:41:11.0242 1912  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll

14:41:11.0255 1912  WdiSystemHost - ok

14:41:11.0364 1912  [ F4A9476AA49B69D28BE439C64F96C714 ] Web Assistant Updater C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

14:41:11.0369 1912  Web Assistant Updater - ok

14:41:11.0420 1912  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll

14:41:11.0443 1912  WebClient - ok

14:41:11.0470 1912  WebOptimizer - ok

14:41:11.0515 1912  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll

14:41:11.0526 1912  Wecsvc - ok

14:41:11.0554 1912  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll

14:41:11.0564 1912  wercplsupport - ok

14:41:11.0597 1912  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll

14:41:11.0606 1912  WerSvc - ok

14:41:11.0640 1912  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys

14:41:11.0643 1912  WfpLwf - ok

14:41:11.0672 1912  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys

14:41:11.0675 1912  WIMMount - ok

14:41:11.0762 1912  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll

14:41:11.0774 1912  WinDefend - ok

14:41:11.0800 1912  WinHttpAutoProxySvc - ok

14:41:11.0873 1912  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll

14:41:11.0881 1912  Winmgmt - ok

14:41:11.0961 1912  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll

14:41:12.0006 1912  WinRM - ok

14:41:12.0088 1912  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys

14:41:12.0092 1912  WinUsb - ok

14:41:12.0150 1912  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll

14:41:12.0197 1912  Wlansvc - ok

14:41:12.0323 1912  [ D9250B31B353EE3322C1CAD411997E38 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

14:41:12.0369 1912  wlidsvc - ok

14:41:12.0420 1912  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys

14:41:12.0423 1912  WmiAcpi - ok

14:41:12.0482 1912  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe

14:41:12.0486 1912  wmiApSrv - ok

14:41:12.0586 1912  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe

14:41:12.0620 1912  WMPNetworkSvc - ok

14:41:12.0679 1912  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll

14:41:12.0689 1912  WPCSvc - ok

14:41:12.0741 1912  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll

14:41:12.0751 1912  WPDBusEnum - ok

14:41:12.0782 1912  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys

14:41:12.0785 1912  ws2ifsl - ok

14:41:12.0803 1912  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll

14:41:12.0814 1912  wscsvc - ok

14:41:12.0828 1912  WSearch - ok

14:41:12.0939 1912  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll

14:41:13.0007 1912  wuauserv - ok

14:41:13.0058 1912  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys

14:41:13.0062 1912  WudfPf - ok

14:41:13.0098 1912  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys

14:41:13.0103 1912  WUDFRd - ok

14:41:13.0161 1912  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll

14:41:13.0174 1912  wudfsvc - ok

14:41:13.0234 1912  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll

14:41:13.0247 1912  WwanSvc - ok

14:41:13.0311 1912  ================ Scan global ===============================

14:41:13.0360 1912  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll

14:41:13.0405 1912  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll

14:41:13.0438 1912  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll

14:41:13.0490 1912  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll

14:41:13.0530 1912  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe

14:41:13.0541 1912  [Global] - ok

14:41:13.0542 1912  ================ Scan MBR ==================================

14:41:13.0557 1912  [ D4235019B9CC6FCAC77D4C80F1FA6E89 ] \Device\Harddisk0\DR0

14:41:22.0543 1912  \Device\Harddisk0\DR0 - ok

14:41:22.0544 1912  ================ Scan VBR ==================================

14:41:22.0551 1912  [ DA5516775A07F69A332033049865B2DF ] \Device\Harddisk0\DR0\Partition1

14:41:22.0555 1912  \Device\Harddisk0\DR0\Partition1 - ok

14:41:22.0604 1912  [ F63467ABCEFF98E960D5CC660B2146DF ] \Device\Harddisk0\DR0\Partition2

14:41:22.0607 1912  \Device\Harddisk0\DR0\Partition2 - ok

14:41:22.0648 1912  [ FA6707864A6ABB94C0458B46B84C3B9E ] \Device\Harddisk0\DR0\Partition3

14:41:22.0651 1912  \Device\Harddisk0\DR0\Partition3 - ok

14:41:22.0652 1912  ============================================================

14:41:22.0652 1912  Scan finished

14:41:22.0652 1912  ============================================================

14:41:22.0678 1452  Detected object count: 0

14:41:22.0678 1452  Actual detected object count: 0

14:43:44.0832 2476  Deinitialize success

Zitat:

14:40:43.0524 1912 Scan started
14:40:43.0524 1912 Mode: Manual;

Nun haste den tdsskiller falsch eingestellt...

Code:

15:33:00.0106 1104  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

15:33:00.0511 1104  ============================================================

15:33:00.0511 1104  Current date / time: 2013/04/11 15:33:00.0511

15:33:00.0511 1104  SystemInfo:

15:33:00.0511 1104  

15:33:00.0511 1104  OS Version: 6.1.7601 ServicePack: 1.0

15:33:00.0511 1104  Product type: Workstation

15:33:00.0511 1104  ComputerName: JONAS-PC

15:33:00.0512 1104  UserName: Jonas

15:33:00.0512 1104  Windows directory: C:\Windows

15:33:00.0512 1104  System windows directory: C:\Windows

15:33:00.0512 1104  Processor architecture: Intel x86

15:33:00.0512 1104  Number of processors: 2

15:33:00.0512 1104  Page size: 0x1000

15:33:00.0512 1104  Boot type: Normal boot

15:33:00.0512 1104  ============================================================

15:33:03.0446 1104  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

15:33:03.0493 1104  ============================================================

15:33:03.0493 1104  \Device\Harddisk0\DR0:

15:33:03.0493 1104  MBR partitions:

15:33:03.0493 1104  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

15:33:03.0493 1104  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x19391800

15:33:03.0493 1104  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x193C4000, BlocksNum 0x3C00000

15:33:03.0493 1104  ============================================================

15:33:03.0541 1104  C: <-> \Device\Harddisk0\DR0\Partition2

15:33:03.0648 1104  D: <-> \Device\Harddisk0\DR0\Partition3

15:33:03.0695 1104  ============================================================

15:33:03.0695 1104  Initialize success

15:33:03.0695 1104  ============================================================

15:46:39.0980 5232  ============================================================

15:46:39.0980 5232  Scan started

15:46:39.0981 5232  Mode: Manual; SigCheck; TDLFS; 

15:46:39.0981 5232  ============================================================

15:46:43.0079 5232  ================ Scan system memory ========================

15:46:43.0079 5232  System memory - ok

15:46:43.0080 5232  ================ Scan services =============================

15:46:43.0361 5232  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys

15:46:43.0866 5232  1394ohci - ok

15:46:44.0045 5232  [ E6F53D6C0DEA3D375362265E175CA638 ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys

15:46:44.0137 5232  acedrv11 - ok

15:46:44.0217 5232  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys

15:46:44.0322 5232  ACPI - ok

15:46:44.0386 5232  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys

15:46:44.0568 5232  AcpiPmi - ok

15:46:44.0617 5232  [ C1C7EEF1A53A6B47323187A22559E553 ] ACPIService     C:\Windows\system32\DRIVERS\ATKACPI.SYS

15:46:44.0645 5232  ACPIService - ok

15:46:44.0918 5232  [ 0F6D872FD048D437DCBF5C1A80194886 ] AdobeActiveFileMonitor C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

15:46:44.0945 5232  AdobeActiveFileMonitor ( UnsignedFile.Multi.Generic ) - warning

15:46:44.0945 5232  AdobeActiveFileMonitor - detected UnsignedFile.Multi.Generic (1)

15:46:45.0007 5232  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys

15:46:45.0176 5232  adp94xx - ok

15:46:45.0236 5232  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys

15:46:45.0281 5232  adpahci - ok

15:46:45.0332 5232  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys

15:46:45.0383 5232  adpu320 - ok

15:46:45.0427 5232  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll

15:46:45.0662 5232  AeLookupSvc - ok

15:46:45.0742 5232  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys

15:46:45.0987 5232  AFD - ok

15:46:46.0054 5232  [ 5C4125D2AF6DDBB6422CE5F6E9BE7098 ] AFW             C:\Windows\system32\DRIVERS\afw.sys

15:46:46.0150 5232  AFW - ok

15:46:46.0207 5232  [ C223C5327FF06330B0251F1830FEE1AF ] afwcore         C:\Windows\system32\DRIVERS\afwcore.sys

15:46:46.0266 5232  afwcore - ok

15:46:46.0489 5232  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys

15:46:46.0743 5232  agp440 - ok

15:46:46.0815 5232  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys

15:46:46.0886 5232  aic78xx - ok

15:46:46.0943 5232  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe

15:46:47.0072 5232  ALG - ok

15:46:47.0115 5232  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys

15:46:47.0157 5232  aliide - ok

15:46:47.0216 5232  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys

15:46:47.0264 5232  amdagp - ok

15:46:47.0350 5232  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys

15:46:47.0392 5232  amdide - ok

15:46:47.0540 5232  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys

15:46:48.0101 5232  AmdK8 - ok

15:46:48.0147 5232  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys

15:46:48.0357 5232  AmdPPM - ok

15:46:48.0422 5232  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys

15:46:48.0493 5232  amdsata - ok

15:46:48.0564 5232  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys

15:46:48.0649 5232  amdsbs - ok

15:46:48.0678 5232  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys

15:46:48.0785 5232  amdxata - ok

15:46:48.0871 5232  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys

15:46:49.0025 5232  AppID - ok

15:46:49.0094 5232  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll

15:46:49.0256 5232  AppIDSvc - ok

15:46:49.0296 5232  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll

15:46:49.0448 5232  Appinfo - ok

15:46:49.0559 5232  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

15:46:49.0608 5232  Apple Mobile Device - ok

15:46:49.0664 5232  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys

15:46:49.0710 5232  arc - ok

15:46:49.0747 5232  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys

15:46:49.0794 5232  arcsas - ok

15:46:50.0075 5232  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

15:46:50.0182 5232  aspnet_state - ok

15:46:50.0231 5232  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys

15:46:50.0986 5232  AsyncMac - ok

15:46:51.0041 5232  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys

15:46:51.0083 5232  atapi - ok

15:46:51.0201 5232  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

15:46:51.0536 5232  AudioEndpointBuilder - ok

15:46:51.0574 5232  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll

15:46:51.0774 5232  Audiosrv - ok

15:46:51.0820 5232  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll

15:46:52.0050 5232  AxInstSV - ok

15:46:52.0110 5232  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys

15:46:52.0325 5232  b06bdrv - ok

15:46:52.0406 5232  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys

15:46:52.0508 5232  b57nd60x - ok

15:46:52.0577 5232  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll

15:46:52.0738 5232  BDESVC - ok

15:46:52.0779 5232  [ FE7D7035833981F5B4EE746805E9C30E ] BdSpy           C:\Windows\system32\DRIVERS\BdSpy.sys

15:46:52.0981 5232  BdSpy - ok

15:46:53.0079 5232  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys

15:46:53.0492 5232  Beep - ok

15:46:53.0814 5232  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll

15:46:54.0418 5232  BFE - ok

15:46:54.0576 5232  [ C4F6B64F61934523E2DAD838D4B23B12 ] BgRaSvc         C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe

15:46:54.0717 5232  BgRaSvc - ok

15:46:54.0797 5232  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll

15:46:55.0624 5232  BITS - ok

15:46:55.0679 5232  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys

15:46:55.0897 5232  blbdrive - ok

15:46:56.0013 5232  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

15:46:56.0149 5232  Bonjour Service - ok

15:46:56.0280 5232  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys

15:46:56.0413 5232  bowser - ok

15:46:56.0474 5232  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys

15:46:56.0569 5232  BrFiltLo - ok

15:46:56.0613 5232  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys

15:46:56.0718 5232  BrFiltUp - ok

15:46:56.0826 5232  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll

15:46:57.0023 5232  Browser - ok

15:46:57.0304 5232  [ 639838B4BD0ED95F308650B910E3EC82 ] BrowserProtect  C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe

15:46:57.0625 5232  BrowserProtect - ok

15:46:57.0669 5232  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys

15:46:57.0823 5232  Brserid - ok

15:46:57.0935 5232  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys

15:46:58.0017 5232  BrSerWdm - ok

15:46:58.0095 5232  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys

15:46:58.0229 5232  BrUsbMdm - ok

15:46:58.0312 5232  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys

15:46:58.0496 5232  BrUsbSer - ok

15:46:58.0577 5232  [ CD40B39A3DAC59BD00BA0C76941133D2 ] BsBhvScan       C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe

15:46:58.0722 5232  BsBhvScan - ok

15:46:58.0764 5232  [ 5F15F8A2FE5D087F6EBDC3961A8B198E ] BsBrowser       C:\Program Files\BullGuard Ltd\BullGuard\BsBrowser.dll

15:46:58.0888 5232  BsBrowser - ok

15:46:59.0001 5232  [ 514E96F4037B98067863A65E89349D80 ] BsFileScan      C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll

15:46:59.0072 5232  BsFileScan - ok

15:46:59.0198 5232  [ 9C6066552E2BF2360667E15730DC0995 ] BsFire          C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll

15:46:59.0408 5232  BsFire - ok

15:46:59.0580 5232  [ 162266BFCEADACEBBB628DFD0C1AB152 ] BsMailProxy     C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll

15:46:59.0656 5232  BsMailProxy - ok

15:46:59.0790 5232  [ 60D6ECED581EFC2D237721F72BC6FBAC ] BsMain          C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll

15:46:59.0865 5232  BsMain - ok

15:46:59.0919 5232  [ 173EE0192B8A172D1E7AEA6F36E1058E ] BsScanner       C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe

15:47:00.0018 5232  BsScanner - ok

15:47:00.0068 5232  [ 7951E867B9C89A2F4156F3AB8FD28E82 ] BsUpdate        C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe

15:47:00.0137 5232  BsUpdate - ok

15:47:00.0255 5232  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys

15:47:00.0488 5232  BthEnum - ok

15:47:00.0512 5232  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys

15:47:00.0713 5232  BTHMODEM - ok

15:47:00.0865 5232  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys

15:47:00.0938 5232  BthPan - ok

15:47:01.0861 5232  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys

15:47:01.0976 5232  BTHPORT - ok

15:47:02.0029 5232  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll

15:47:02.0142 5232  bthserv - ok

15:47:02.0212 5232  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys

15:47:02.0262 5232  BTHUSB - ok

15:47:02.0294 5232  [ 92C5B845803F3662637EB691AC0B250F ] btusbflt        C:\Windows\system32\drivers\btusbflt.sys

15:47:02.0323 5232  btusbflt - ok

15:47:02.0374 5232  [ 7E826BE3B3558208D5C9B00034E51BE5 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys

15:47:02.0408 5232  btwaudio - ok

15:47:02.0450 5232  [ AF9148C3E844131AC954CB53FF43D971 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys

15:47:02.0501 5232  btwavdt - ok

15:47:02.0587 5232  [ 0E3EE2BC0EC56BFE869FCDE3E5806684 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

15:47:02.0644 5232  btwdins - ok

15:47:02.0691 5232  [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys

15:47:02.0722 5232  btwl2cap - ok

15:47:02.0768 5232  [ 480B3D195854B2E55299CDDDDC50BCF9 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys

15:47:02.0792 5232  btwrchid - ok

15:47:02.0853 5232  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys

15:47:02.0947 5232  cdfs - ok

15:47:03.0009 5232  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys

15:47:03.0087 5232  cdrom - ok

15:47:03.0153 5232  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll

15:47:03.0289 5232  CertPropSvc - ok

15:47:03.0350 5232  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys

15:47:03.0413 5232  circlass - ok

15:47:03.0472 5232  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys

15:47:03.0515 5232  CLFS - ok

15:47:03.0790 5232  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:47:03.0842 5232  clr_optimization_v2.0.50727_32 - ok

15:47:03.0917 5232  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:47:04.0043 5232  clr_optimization_v4.0.30319_32 - ok

15:47:04.0081 5232  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys

15:47:04.0135 5232  CmBatt - ok

15:47:04.0179 5232  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys

15:47:04.0211 5232  cmdide - ok

15:47:04.0260 5232  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys

15:47:04.0369 5232  CNG - ok

15:47:04.0406 5232  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys

15:47:04.0443 5232  Compbatt - ok

15:47:04.0500 5232  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys

15:47:04.0707 5232  CompositeBus - ok

15:47:04.0761 5232  COMSysApp - ok

15:47:04.0812 5232  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys

15:47:04.0848 5232  crcdisk - ok

15:47:04.0921 5232  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll

15:47:05.0170 5232  CryptSvc - ok

15:47:05.0265 5232  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll

15:47:05.0417 5232  DcomLaunch - ok

15:47:05.0475 5232  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll

15:47:05.0633 5232  defragsvc - ok

15:47:05.0729 5232  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys

15:47:05.0849 5232  DfsC - ok

15:47:05.0889 5232  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll

15:47:06.0052 5232  Dhcp - ok

15:47:06.0141 5232  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys

15:47:06.0289 5232  discache - ok

15:47:06.0384 5232  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys

15:47:06.0427 5232  Disk - ok

15:47:06.0480 5232  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll

15:47:06.0576 5232  Dnscache - ok

15:47:06.0640 5232  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll

15:47:06.0738 5232  dot3svc - ok

15:47:06.0800 5232  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll

15:47:06.0928 5232  DPS - ok

15:47:06.0990 5232  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys

15:47:07.0139 5232  drmkaud - ok

15:47:07.0263 5232  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys

15:47:07.0328 5232  DXGKrnl - ok

15:47:07.0411 5232  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll

15:47:07.0581 5232  EapHost - ok

15:47:07.0744 5232  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys

15:47:07.0991 5232  ebdrv - ok

15:47:08.0045 5232  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe

15:47:08.0143 5232  EFS - ok

15:47:08.0213 5232  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys

15:47:08.0271 5232  elxstor - ok

15:47:08.0332 5232  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys

15:47:08.0371 5232  ErrDev - ok

15:47:08.0471 5232  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll

15:47:08.0611 5232  EventSystem - ok

15:47:08.0670 5232  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys

15:47:08.0765 5232  exfat - ok

15:47:08.0852 5232  Fabs - ok

15:47:08.0899 5232  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys

15:47:09.0000 5232  fastfat - ok

15:47:09.0078 5232  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe

15:47:09.0237 5232  Fax - ok

15:47:09.0288 5232  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys

15:47:09.0341 5232  fdc - ok

15:47:09.0380 5232  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll

15:47:09.0470 5232  fdPHost - ok

15:47:09.0492 5232  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll

15:47:09.0609 5232  FDResPub - ok

15:47:09.0654 5232  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys

15:47:09.0689 5232  FileInfo - ok

15:47:09.0810 5232  [ 2B0BCCF997721163E97889DC56EFDBDE ] FileOpenManagerService C:\Program Files\FileOpen\Services\FileOpenManagerService32.exe

15:47:09.0842 5232  FileOpenManagerService - ok

15:47:09.0875 5232  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys

15:47:09.0979 5232  Filetrace - ok

15:47:10.0127 5232  [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe

15:47:10.0330 5232  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning

15:47:10.0333 5232  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)

15:47:10.0382 5232  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys

15:47:10.0436 5232  flpydisk - ok

15:47:10.0491 5232  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys

15:47:10.0530 5232  FltMgr - ok

15:47:10.0616 5232  [ AA85D09261FBF080CD9415853BD7B559 ] FontCache       C:\Windows\system32\FntCache.dll

15:47:10.0761 5232  FontCache - ok

15:47:10.0871 5232  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

15:47:10.0941 5232  FontCache3.0.0.0 - ok

15:47:10.0999 5232  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys

15:47:11.0058 5232  FsDepends - ok

15:47:11.0147 5232  [ 01BB4A70EA1F47422C1646B06164A8FB ] fspad_wlh32     C:\Windows\system32\DRIVERS\fspad_wlh32.sys

15:47:11.0326 5232  fspad_wlh32 - ok

15:47:11.0397 5232  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys

15:47:11.0450 5232  Fs_Rec - ok

15:47:11.0541 5232  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys

15:47:11.0602 5232  fvevol - ok

15:47:11.0656 5232  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys

15:47:11.0693 5232  gagp30kx - ok

15:47:11.0765 5232  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

15:47:11.0800 5232  GEARAspiWDM - ok

15:47:11.0884 5232  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll

15:47:12.0014 5232  gpsvc - ok

15:47:12.0093 5232  [ 833051C6C6C42117191935F734CFBD97 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys

15:47:12.0143 5232  hamachi - ok

15:47:12.0307 5232  [ 616399E27A55C97AE859230EB13984D8 ] Hamachi2Svc     C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

15:47:12.0442 5232  Hamachi2Svc - ok

15:47:12.0523 5232  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys

15:47:12.0648 5232  hcw85cir - ok

15:47:12.0722 5232  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

15:47:12.0818 5232  HdAudAddService - ok

15:47:12.0871 5232  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys

15:47:12.0988 5232  HDAudBus - ok

15:47:13.0039 5232  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys

15:47:13.0120 5232  HidBatt - ok

15:47:13.0173 5232  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys

15:47:13.0233 5232  HidBth - ok

15:47:13.0277 5232  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys

15:47:13.0329 5232  HidIr - ok

15:47:13.0379 5232  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll

15:47:13.0492 5232  hidserv - ok

15:47:13.0552 5232  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys

15:47:13.0587 5232  HidUsb - ok

15:47:13.0640 5232  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll

15:47:13.0749 5232  hkmsvc - ok

15:47:13.0805 5232  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

15:47:13.0901 5232  HomeGroupListener - ok

15:47:13.0933 5232  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

15:47:14.0019 5232  HomeGroupProvider - ok

15:47:14.0073 5232  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys

15:47:14.0121 5232  HpSAMD - ok

15:47:14.0175 5232  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys

15:47:14.0272 5232  HTTP - ok

15:47:14.0329 5232  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys

15:47:14.0372 5232  hwpolicy - ok

15:47:14.0433 5232  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys

15:47:14.0481 5232  i8042prt - ok

15:47:14.0568 5232  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys

15:47:14.0615 5232  iaStorV - ok

15:47:14.0750 5232  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

15:47:14.0790 5232  IDriverT ( UnsignedFile.Multi.Generic ) - warning

15:47:14.0790 5232  IDriverT - detected UnsignedFile.Multi.Generic (1)

15:47:14.0867 5232  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

15:47:14.0975 5232  idsvc - ok

15:47:15.0151 5232  [ E21A74A91F7AA3BB2E985C4CDDCA63F2 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys

15:47:15.0445 5232  igfx - ok

15:47:15.0494 5232  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys

15:47:15.0528 5232  iirsp - ok

15:47:15.0614 5232  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll

15:47:15.0729 5232  IKEEXT - ok

15:47:15.0889 5232  [ 09BF2EFC833A4848665E439EB4DB3331 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

15:47:16.0077 5232  IntcAzAudAddService - ok

15:47:16.0114 5232  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys

15:47:16.0147 5232  intelide - ok

15:47:16.0192 5232  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys

15:47:16.0251 5232  intelppm - ok

15:47:16.0294 5232  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll

15:47:16.0392 5232  IPBusEnum - ok

15:47:16.0427 5232  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:47:16.0528 5232  IpFilterDriver - ok

15:47:16.0595 5232  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll

15:47:16.0693 5232  iphlpsvc - ok

15:47:16.0757 5232  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys

15:47:16.0806 5232  IPMIDRV - ok

15:47:16.0857 5232  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys

15:47:16.0953 5232  IPNAT - ok

15:47:17.0048 5232  [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe

15:47:17.0289 5232  iPod Service - ok

15:47:17.0510 5232  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys

15:47:17.0563 5232  IRENUM - ok

15:47:17.0591 5232  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys

15:47:17.0623 5232  isapnp - ok

15:47:17.0699 5232  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys

15:47:17.0739 5232  iScsiPrt - ok

15:47:17.0788 5232  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys

15:47:17.0821 5232  kbdclass - ok

15:47:17.0901 5232  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys

15:47:18.0261 5232  kbdhid - ok

15:47:18.0289 5232  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe

15:47:18.0324 5232  KeyIso - ok

15:47:18.0368 5232  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys

15:47:18.0401 5232  KSecDD - ok

15:47:18.0445 5232  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys

15:47:18.0482 5232  KSecPkg - ok

15:47:18.0535 5232  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll

15:47:18.0644 5232  KtmRm - ok

15:47:18.0707 5232  [ 3705B2273E8EFC9A707864AB7324B614 ] L1C             C:\Windows\system32\DRIVERS\L1C62x86.sys

15:47:18.0770 5232  L1C - ok

15:47:18.0821 5232  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll

15:47:18.0922 5232  LanmanServer - ok

15:47:18.0950 5232  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

15:47:19.0057 5232  LanmanWorkstation - ok

15:47:19.0116 5232  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys

15:47:19.0202 5232  lltdio - ok

15:47:19.0244 5232  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll

15:47:19.0347 5232  lltdsvc - ok

15:47:19.0383 5232  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll

15:47:19.0478 5232  lmhosts - ok

15:47:19.0542 5232  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys

15:47:19.0578 5232  LSI_FC - ok

15:47:19.0618 5232  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys

15:47:19.0654 5232  LSI_SAS - ok

15:47:19.0695 5232  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys

15:47:19.0727 5232  LSI_SAS2 - ok

15:47:19.0782 5232  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys

15:47:19.0816 5232  LSI_SCSI - ok

15:47:19.0850 5232  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys

15:47:19.0925 5232  luafv - ok

15:47:19.0955 5232  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys

15:47:19.0990 5232  megasas - ok

15:47:20.0033 5232  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys

15:47:20.0077 5232  MegaSR - ok

15:47:20.0118 5232  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll

15:47:20.0209 5232  MMCSS - ok

15:47:20.0249 5232  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys

15:47:20.0339 5232  Modem - ok

15:47:20.0372 5232  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys

15:47:20.0431 5232  monitor - ok

15:47:20.0476 5232  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys

15:47:20.0513 5232  mouclass - ok

15:47:20.0562 5232  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys

15:47:20.0615 5232  mouhid - ok

15:47:20.0676 5232  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys

15:47:20.0724 5232  mountmgr - ok

15:47:20.0870 5232  [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

15:47:21.0006 5232  MozillaMaintenance - ok

15:47:21.0082 5232  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys

15:47:21.0167 5232  mpio - ok

15:47:21.0373 5232  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys

15:47:21.0635 5232  mpsdrv - ok

15:47:21.0713 5232  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll

15:47:21.0933 5232  MpsSvc - ok

15:47:21.0998 5232  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys

15:47:22.0114 5232  MRxDAV - ok

15:47:22.0167 5232  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys

15:47:22.0297 5232  mrxsmb - ok

15:47:22.0359 5232  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:47:22.0438 5232  mrxsmb10 - ok

15:47:22.0466 5232  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:47:22.0524 5232  mrxsmb20 - ok

15:47:22.0584 5232  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys

15:47:22.0627 5232  msahci - ok

15:47:22.0673 5232  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys

15:47:22.0715 5232  msdsm - ok

15:47:22.0761 5232  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe

15:47:22.0845 5232  MSDTC - ok

15:47:22.0908 5232  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys

15:47:23.0008 5232  Msfs - ok

15:47:23.0053 5232  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys

15:47:23.0184 5232  mshidkmdf - ok

15:47:23.0225 5232  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys

15:47:23.0277 5232  msisadrv - ok

15:47:23.0334 5232  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll

15:47:23.0453 5232  MSiSCSI - ok

15:47:23.0471 5232  msiserver - ok

15:47:23.0524 5232  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys

15:47:23.0610 5232  MSKSSRV - ok

15:47:23.0645 5232  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys

15:47:23.0786 5232  MSPCLOCK - ok

15:47:23.0834 5232  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys

15:47:23.0941 5232  MSPQM - ok

15:47:23.0988 5232  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys

15:47:24.0040 5232  MsRPC - ok

15:47:24.0097 5232  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys

15:47:24.0127 5232  mssmbios - ok

15:47:24.0235 5232  MSSQL$SQLEXPRESS - ok

15:47:24.0376 5232  [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE

15:47:24.0438 5232  MSSQLServerADHelper100 - ok

15:47:24.0488 5232  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys

15:47:24.0568 5232  MSTEE - ok

15:47:24.0612 5232  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys

15:47:24.0657 5232  MTConfig - ok

15:47:24.0688 5232  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys

15:47:24.0724 5232  Mup - ok

15:47:24.0773 5232  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll

15:47:24.0898 5232  napagent - ok

15:47:24.0947 5232  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys

15:47:25.0001 5232  NativeWifiP - ok

15:47:25.0077 5232  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys

15:47:25.0188 5232  NDIS - ok

15:47:25.0258 5232  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys

15:47:25.0378 5232  NdisCap - ok

15:47:25.0410 5232  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys

15:47:25.0498 5232  NdisTapi - ok

15:47:25.0551 5232  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys

15:47:25.0647 5232  Ndisuio - ok

15:47:25.0694 5232  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys

15:47:25.0830 5232  NdisWan - ok

15:47:25.0891 5232  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys

15:47:25.0957 5232  NDProxy - ok

15:47:26.0011 5232  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys

15:47:26.0101 5232  NetBIOS - ok

15:47:26.0139 5232  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys

15:47:26.0232 5232  NetBT - ok

15:47:26.0256 5232  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe

15:47:26.0292 5232  Netlogon - ok

15:47:26.0344 5232  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll

15:47:26.0497 5232  Netman - ok

15:47:26.0587 5232  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

15:47:26.0662 5232  NetMsmqActivator - ok

15:47:26.0677 5232  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

15:47:26.0706 5232  NetPipeActivator - ok

15:47:26.0805 5232  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll

15:47:26.0967 5232  netprofm - ok

15:47:26.0997 5232  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

15:47:27.0026 5232  NetTcpActivator - ok

15:47:27.0035 5232  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

15:47:27.0066 5232  NetTcpPortSharing - ok

15:47:27.0134 5232  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys

15:47:27.0187 5232  nfrd960 - ok

15:47:27.0265 5232  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll

15:47:27.0336 5232  NlaSvc - ok

15:47:27.0455 5232  [ DD8B7B1EEFE8D36CD9F070619CBB66C2 ] NovaShieldFilterDriver C:\Windows\system32\DRIVERS\NSKernel.sys

15:47:27.0497 5232  NovaShieldFilterDriver - ok

15:47:27.0531 5232  [ F137D033742CE16FA8AAF974A899AAF2 ] NovaShieldTDIDriver C:\Windows\system32\DRIVERS\NSNetmon.sys

15:47:27.0557 5232  NovaShieldTDIDriver - ok

15:47:27.0611 5232  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys

15:47:27.0708 5232  Npfs - ok

15:47:27.0762 5232  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll

15:47:27.0900 5232  nsi - ok

15:47:27.0929 5232  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys

15:47:28.0085 5232  nsiproxy - ok

15:47:28.0193 5232  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys

15:47:28.0302 5232  Ntfs - ok

15:47:28.0327 5232  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys

15:47:28.0421 5232  Null - ok

15:47:28.0477 5232  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys

15:47:28.0511 5232  nvraid - ok

15:47:28.0546 5232  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys

15:47:28.0583 5232  nvstor - ok

15:47:28.0633 5232  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys

15:47:28.0704 5232  nv_agp - ok

15:47:28.0745 5232  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys

15:47:28.0795 5232  ohci1394 - ok

15:47:28.0843 5232  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll

15:47:28.0907 5232  p2pimsvc - ok

15:47:28.0937 5232  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll

15:47:29.0008 5232  p2psvc - ok

15:47:29.0056 5232  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys

15:47:29.0102 5232  Parport - ok

15:47:29.0142 5232  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys

15:47:29.0178 5232  partmgr - ok

15:47:29.0200 5232  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys

15:47:29.0244 5232  Parvdm - ok

15:47:29.0490 5232  [ 0C7B85E8655E2774466E941B42AD9121 ] pc essentials   C:\Program Files\pc essentials\updater.exe

15:47:29.0781 5232  pc essentials ( UnsignedFile.Multi.Generic ) - warning

15:47:29.0781 5232  pc essentials - detected UnsignedFile.Multi.Generic (1)

15:47:29.0828 5232  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll

15:47:29.0880 5232  PcaSvc - ok

15:47:29.0908 5232  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys

15:47:29.0951 5232  pci - ok

15:47:29.0992 5232  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys

15:47:30.0022 5232  pciide - ok

15:47:30.0064 5232  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys

15:47:30.0104 5232  pcmcia - ok

15:47:30.0140 5232  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys

15:47:30.0174 5232  pcw - ok

15:47:30.0220 5232  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys

15:47:30.0339 5232  PEAUTH - ok

15:47:30.0504 5232  [ E0297D369962F00E52BBACE14A554DF5 ] PhotoshopElementsDeviceConnect C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

15:47:30.0533 5232  PhotoshopElementsDeviceConnect ( UnsignedFile.Multi.Generic ) - warning

15:47:30.0533 5232  PhotoshopElementsDeviceConnect - detected UnsignedFile.Multi.Generic (1)

15:47:30.0614 5232  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll

15:47:30.0779 5232  pla - ok

15:47:30.0874 5232  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll

15:47:30.0962 5232  PlugPlay - ok

15:47:31.0003 5232  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll

15:47:31.0058 5232  PNRPAutoReg - ok

15:47:31.0088 5232  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll

15:47:31.0132 5232  PNRPsvc - ok

15:47:31.0178 5232  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll

15:47:31.0302 5232  PolicyAgent - ok

15:47:31.0375 5232  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll

15:47:31.0504 5232  Power - ok

15:47:31.0552 5232  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys

15:47:31.0894 5232  PptpMiniport - ok

15:47:31.0961 5232  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys

15:47:32.0083 5232  Processor - ok

15:47:32.0141 5232  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll

15:47:32.0220 5232  ProfSvc - ok

15:47:32.0244 5232  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe

15:47:32.0297 5232  ProtectedStorage - ok

15:47:32.0373 5232  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys

15:47:32.0459 5232  Psched - ok

15:47:32.0530 5232  [ B5DFB86A6CAEAE9B2BF3DEDB43BE6393 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys

15:47:32.0646 5232  PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

15:47:32.0646 5232  PxHelp20 - detected UnsignedFile.Multi.Generic (1)

15:47:32.0749 5232  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys

15:47:33.0076 5232  ql2300 - ok

15:47:33.0145 5232  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys

15:47:33.0235 5232  ql40xx - ok

15:47:33.0354 5232  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll

15:47:33.0508 5232  QWAVE - ok

15:47:33.0574 5232  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys

15:47:33.0774 5232  QWAVEdrv - ok

15:47:33.0852 5232  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys

15:47:34.0026 5232  RasAcd - ok

15:47:34.0094 5232  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys

15:47:34.0290 5232  RasAgileVpn - ok

15:47:34.0486 5232  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll

15:47:35.0012 5232  RasAuto - ok

15:47:35.0104 5232  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys

15:47:35.0229 5232  Rasl2tp - ok

15:47:35.0326 5232  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll

15:47:35.0499 5232  RasMan - ok

15:47:35.0570 5232  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys

15:47:35.0740 5232  RasPppoe - ok

15:47:35.0775 5232  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys

15:47:35.0998 5232  RasSstp - ok

15:47:36.0062 5232  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys

15:47:36.0245 5232  rdbss - ok

15:47:36.0304 5232  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys

15:47:36.0419 5232  rdpbus - ok

15:47:36.0488 5232  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys

15:47:36.0635 5232  RDPCDD - ok

15:47:36.0709 5232  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys

15:47:36.0818 5232  RDPENCDD - ok

15:47:36.0848 5232  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys

15:47:36.0969 5232  RDPREFMP - ok

15:47:37.0045 5232  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys

15:47:37.0151 5232  RDPWD - ok

15:47:37.0214 5232  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys

15:47:37.0254 5232  rdyboost - ok

15:47:37.0302 5232  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll

15:47:37.0415 5232  RemoteAccess - ok

15:47:37.0448 5232  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll

15:47:37.0548 5232  RemoteRegistry - ok

15:47:37.0589 5232  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys

15:47:37.0634 5232  RFCOMM - ok

15:47:37.0787 5232  [ 999AA77152F16A40A5727FC657EF66C3 ] RichVideo       C:\Program Files\CyberLink\Shared files\RichVideo.exe

15:47:37.0858 5232  RichVideo - ok

15:47:37.0912 5232  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll

15:47:38.0024 5232  RpcEptMapper - ok

15:47:38.0076 5232  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe

15:47:38.0132 5232  RpcLocator - ok

15:47:38.0165 5232  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll

15:47:38.0257 5232  RpcSs - ok

15:47:38.0322 5232  [ FD692C6FFADE58F7C4C3C3C9A0EC35BD ] RsFx0103        C:\Windows\system32\DRIVERS\RsFx0103.sys

15:47:38.0365 5232  RsFx0103 - ok

15:47:38.0456 5232  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys

15:47:38.0559 5232  rspndr - ok

15:47:38.0631 5232  [ 44B7739F2D623AD6FB46755BB60351A4 ] rtl8192se       C:\Windows\system32\DRIVERS\rtl8192se.sys

15:47:38.0754 5232  rtl8192se - ok

15:47:38.0795 5232  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe

15:47:38.0845 5232  SamSs - ok

15:47:38.0914 5232  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys

15:47:38.0958 5232  sbp2port - ok

15:47:39.0016 5232  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll

15:47:39.0138 5232  SCardSvr - ok

15:47:39.0196 5232  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys

15:47:39.0325 5232  scfilter - ok

15:47:39.0389 5232  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll

15:47:39.0539 5232  Schedule - ok

15:47:39.0576 5232  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll

15:47:39.0645 5232  SCPolicySvc - ok

15:47:39.0685 5232  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll

15:47:39.0795 5232  SDRSVC - ok

15:47:39.0846 5232  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys

15:47:39.0942 5232  secdrv - ok

15:47:39.0988 5232  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll

15:47:40.0097 5232  seclogon - ok

15:47:40.0149 5232  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll

15:47:40.0274 5232  SENS - ok

15:47:40.0335 5232  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys

15:47:40.0408 5232  Serenum - ok

15:47:40.0467 5232  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys

15:47:40.0539 5232  Serial - ok

15:47:40.0589 5232  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys

15:47:40.0653 5232  sermouse - ok

15:47:40.0724 5232  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll

15:47:40.0837 5232  SessionEnv - ok

15:47:40.0878 5232  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys

15:47:40.0929 5232  sffdisk - ok

15:47:40.0964 5232  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys

15:47:41.0031 5232  sffp_mmc - ok

15:47:41.0065 5232  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys

15:47:41.0107 5232  sffp_sd - ok

15:47:41.0152 5232  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys

15:47:41.0188 5232  sfloppy - ok

15:47:41.0236 5232  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll

15:47:41.0337 5232  SharedAccess - ok

15:47:41.0398 5232  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

15:47:41.0507 5232  ShellHWDetection - ok

15:47:41.0577 5232  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys

15:47:41.0614 5232  sisagp - ok

15:47:41.0712 5232  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys

15:47:41.0841 5232  SiSRaid2 - ok

15:47:41.0935 5232  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys

15:47:42.0011 5232  SiSRaid4 - ok

15:47:42.0203 5232  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe

15:47:42.0280 5232  SkypeUpdate - ok

15:47:42.0359 5232  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys

15:47:42.0478 5232  Smb - ok

15:47:42.0565 5232  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe

15:47:42.0609 5232  SNMPTRAP - ok

15:47:42.0624 5232  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys

15:47:42.0656 5232  spldr - ok

15:47:42.0728 5232  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe

15:47:42.0870 5232  Spooler - ok

15:47:43.0038 5232  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe

15:47:43.0262 5232  sppsvc - ok

15:47:43.0324 5232  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll

15:47:43.0401 5232  sppuinotify - ok

15:47:43.0478 5232  [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE

15:47:43.0574 5232  SQLAgent$SQLEXPRESS - ok

15:47:43.0675 5232  [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser      c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

15:47:43.0769 5232  SQLBrowser - ok

15:47:43.0859 5232  [ 637A0F23F9012358E92E6F99835494D1 ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

15:47:43.0900 5232  SQLWriter - ok

15:47:43.0962 5232  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys

15:47:44.0051 5232  srv - ok

15:47:44.0102 5232  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys

15:47:44.0163 5232  srv2 - ok

15:47:44.0185 5232  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys

15:47:44.0225 5232  srvnet - ok

15:47:44.0274 5232  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll

15:47:44.0406 5232  SSDPSRV - ok

15:47:44.0443 5232  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll

15:47:44.0569 5232  SstpSvc - ok

15:47:44.0630 5232  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys

15:47:44.0683 5232  stexstor - ok

15:47:44.0757 5232  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll

15:47:44.0906 5232  StiSvc - ok

15:47:44.0957 5232  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys

15:47:45.0021 5232  swenum - ok

15:47:45.0062 5232  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll

15:47:45.0202 5232  swprv - ok

15:47:45.0305 5232  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll

15:47:45.0457 5232  SysMain - ok

15:47:45.0531 5232  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll

15:47:45.0662 5232  TabletInputService - ok

15:47:45.0718 5232  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll

15:47:45.0881 5232  TapiSrv - ok

15:47:45.0933 5232  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll

15:47:46.0119 5232  TBS - ok

15:47:46.0269 5232  [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys

15:47:46.0447 5232  Tcpip - ok

15:47:46.0530 5232  [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys

15:47:46.0721 5232  TCPIP6 - ok

15:47:46.0769 5232  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys

15:47:46.0827 5232  tcpipreg - ok

15:47:46.0887 5232  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys

15:47:46.0975 5232  TDPIPE - ok

15:47:47.0031 5232  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys

15:47:47.0100 5232  TDTCP - ok

15:47:47.0158 5232  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys

15:47:47.0303 5232  tdx - ok

15:47:47.0345 5232  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys

15:47:47.0501 5232  TermDD - ok

15:47:47.0598 5232  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll

15:47:47.0792 5232  TermService - ok

15:47:47.0936 5232  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll

15:47:48.0038 5232  Themes - ok

15:47:48.0075 5232  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll

15:47:48.0209 5232  THREADORDER - ok

15:47:48.0237 5232  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll

15:47:48.0378 5232  TrkWks - ok

15:47:48.0465 5232  [ D391F1171A2E3A7080DF6FAAE7A20C0B ] Trufos          C:\Windows\system32\DRIVERS\Trufos.sys

15:47:48.0612 5232  Trufos - ok

15:47:48.0722 5232  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

15:47:48.0941 5232  TrustedInstaller - ok

15:47:49.0014 5232  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys

15:47:49.0166 5232  tssecsrv - ok

15:47:49.0385 5232  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys

15:47:49.0613 5232  TsUsbFlt - ok

15:47:49.0709 5232  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys

15:47:49.0985 5232  tunnel - ok

15:47:50.0031 5232  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys

15:47:50.0082 5232  uagp35 - ok

15:47:50.0124 5232  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys

15:47:50.0288 5232  udfs - ok

15:47:50.0346 5232  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe

15:47:50.0501 5232  UI0Detect - ok

15:47:50.0569 5232  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys

15:47:50.0691 5232  uliagpkx - ok

15:47:50.0722 5232  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys

15:47:50.0863 5232  umbus - ok

15:47:50.0916 5232  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys

15:47:51.0003 5232  UmPass - ok

15:47:51.0119 5232  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll

15:47:51.0903 5232  upnphost - ok

15:47:51.0989 5232  [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys

15:47:52.0310 5232  USBAAPL - ok

15:47:52.0360 5232  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys

15:47:52.0602 5232  usbccgp - ok

15:47:52.0684 5232  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys

15:47:52.0930 5232  usbcir - ok

15:47:52.0976 5232  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\drivers\usbehci.sys

15:47:53.0129 5232  usbehci - ok

15:47:53.0207 5232  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys

15:47:53.0330 5232  usbhub - ok

15:47:53.0378 5232  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys

15:47:53.0507 5232  usbohci - ok

15:47:53.0576 5232  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys

15:47:53.0658 5232  usbprint - ok

15:47:53.0716 5232  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:47:53.0959 5232  USBSTOR - ok

15:47:54.0008 5232  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys

15:47:54.0113 5232  usbuhci - ok

15:47:54.0192 5232  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys

15:47:54.0273 5232  usbvideo - ok

15:47:54.0336 5232  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll

15:47:54.0443 5232  UxSms - ok

15:47:54.0466 5232  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe

15:47:54.0515 5232  VaultSvc - ok

15:47:54.0553 5232  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys

15:47:54.0585 5232  vdrvroot - ok

15:47:54.0644 5232  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe

15:47:54.0805 5232  vds - ok

15:47:54.0887 5232  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys

15:47:54.0993 5232  vga - ok

15:47:55.0025 5232  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys

15:47:55.0213 5232  VgaSave - ok

15:47:55.0280 5232  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys

15:47:55.0321 5232  vhdmp - ok

15:47:55.0373 5232  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys

15:47:55.0407 5232  viaagp - ok

15:47:55.0453 5232  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys

15:47:55.0507 5232  ViaC7 - ok

15:47:55.0538 5232  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys

15:47:55.0570 5232  viaide - ok

15:47:55.0597 5232  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys

15:47:55.0641 5232  volmgr - ok

15:47:55.0701 5232  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys

15:47:55.0787 5232  volmgrx - ok

15:47:55.0860 5232  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys

15:47:55.0938 5232  volsnap - ok

15:47:56.0010 5232  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys

15:47:56.0063 5232  vsmraid - ok

15:47:56.0148 5232  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe

15:47:56.0324 5232  VSS - ok

15:47:56.0410 5232  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys

15:47:56.0486 5232  vwifibus - ok

15:47:56.0515 5232  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys

15:47:56.0579 5232  vwififlt - ok

15:47:56.0621 5232  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys

15:47:56.0701 5232  vwifimp - ok

15:47:56.0761 5232  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll

15:47:56.0910 5232  W32Time - ok

15:47:56.0969 5232  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys

15:47:57.0071 5232  WacomPen - ok

15:47:57.0114 5232  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys

15:47:57.0258 5232  WANARP - ok

15:47:57.0310 5232  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys

15:47:57.0478 5232  Wanarpv6 - ok

15:47:57.0579 5232  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe

15:47:57.0789 5232  wbengine - ok

15:47:57.0852 5232  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll

15:47:57.0930 5232  WbioSrvc - ok

15:47:57.0976 5232  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll

15:47:58.0060 5232  wcncsvc - ok

15:47:58.0085 5232  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

15:47:58.0202 5232  WcsPlugInService - ok

15:47:58.0222 5232  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys

15:47:58.0259 5232  Wd - ok

15:47:58.0323 5232  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys

15:47:58.0412 5232  Wdf01000 - ok

15:47:58.0435 5232  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll

15:47:58.0564 5232  WdiServiceHost - ok

15:47:58.0590 5232  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll

15:47:58.0652 5232  WdiSystemHost - ok

15:47:58.0755 5232  [ F4A9476AA49B69D28BE439C64F96C714 ] Web Assistant Updater C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

15:47:58.0808 5232  Web Assistant Updater ( UnsignedFile.Multi.Generic ) - warning

15:47:58.0808 5232  Web Assistant Updater - detected UnsignedFile.Multi.Generic (1)

15:47:58.0856 5232  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll

15:47:58.0931 5232  WebClient - ok

15:47:58.0971 5232  WebOptimizer - ok

15:47:59.0017 5232  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll

15:47:59.0120 5232  Wecsvc - ok

15:47:59.0145 5232  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll

15:47:59.0320 5232  wercplsupport - ok

15:47:59.0432 5232  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll

15:47:59.0686 5232  WerSvc - ok

15:47:59.0742 5232  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys

15:47:59.0838 5232  WfpLwf - ok

15:47:59.0863 5232  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys

15:47:59.0901 5232  WIMMount - ok

15:48:00.0042 5232  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll

15:48:00.0139 5232  WinDefend - ok

15:48:00.0187 5232  WinHttpAutoProxySvc - ok

15:48:00.0298 5232  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll

15:48:00.0415 5232  Winmgmt - ok

15:48:00.0488 5232  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll

15:48:00.0665 5232  WinRM - ok

15:48:00.0746 5232  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys

15:48:00.0805 5232  WinUsb - ok

15:48:00.0864 5232  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll

15:48:00.0969 5232  Wlansvc - ok

15:48:01.0170 5232  [ D9250B31B353EE3322C1CAD411997E38 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

15:48:01.0332 5232  wlidsvc - ok

15:48:01.0389 5232  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys

15:48:01.0452 5232  WmiAcpi - ok

15:48:01.0517 5232  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe

15:48:01.0584 5232  wmiApSrv - ok

15:48:01.0692 5232  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe

15:48:01.0829 5232  WMPNetworkSvc - ok

15:48:01.0870 5232  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll

15:48:01.0989 5232  WPCSvc - ok

15:48:02.0121 5232  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll

15:48:02.0187 5232  WPDBusEnum - ok

15:48:02.0229 5232  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys

15:48:02.0324 5232  ws2ifsl - ok

15:48:02.0350 5232  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll

15:48:02.0432 5232  wscsvc - ok

15:48:02.0451 5232  WSearch - ok

15:48:02.0566 5232  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll

15:48:02.0730 5232  wuauserv - ok

15:48:02.0783 5232  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys

15:48:02.0861 5232  WudfPf - ok

15:48:02.0922 5232  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys

15:48:02.0981 5232  WUDFRd - ok

15:48:03.0041 5232  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll

15:48:03.0110 5232  wudfsvc - ok

15:48:03.0204 5232  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll

15:48:03.0304 5232  WwanSvc - ok

15:48:03.0430 5232  ================ Scan global ===============================

15:48:03.0495 5232  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll

15:48:03.0540 5232  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll

15:48:03.0574 5232  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll

15:48:03.0647 5232  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll

15:48:03.0688 5232  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe

15:48:03.0700 5232  [Global] - ok

15:48:03.0703 5232  ================ Scan MBR ==================================

15:48:03.0748 5232  [ D4235019B9CC6FCAC77D4C80F1FA6E89 ] \Device\Harddisk0\DR0

15:48:16.0914 5232  \Device\Harddisk0\DR0 - ok

15:48:16.0915 5232  ================ Scan VBR ==================================

15:48:16.0951 5232  [ DA5516775A07F69A332033049865B2DF ] \Device\Harddisk0\DR0\Partition1

15:48:16.0955 5232  \Device\Harddisk0\DR0\Partition1 - ok

15:48:16.0973 5232  [ F63467ABCEFF98E960D5CC660B2146DF ] \Device\Harddisk0\DR0\Partition2

15:48:16.0978 5232  \Device\Harddisk0\DR0\Partition2 - ok

15:48:17.0039 5232  [ FA6707864A6ABB94C0458B46B84C3B9E ] \Device\Harddisk0\DR0\Partition3

15:48:17.0043 5232  \Device\Harddisk0\DR0\Partition3 - ok

15:48:17.0044 5232  ============================================================

15:48:17.0044 5232  Scan finished

15:48:17.0044 5232  ============================================================

15:48:17.0089 5084  Detected object count: 7

15:48:17.0089 5084  Actual detected object count: 7

15:49:59.0912 5084  C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe - copied to quarantine

15:49:59.0913 5084  AdobeActiveFileMonitor ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 

15:50:00.0159 5084  C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe - copied to quarantine

15:50:00.0162 5084  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 

15:50:00.0290 5084  C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe - copied to quarantine

15:50:00.0291 5084  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 

15:50:00.0620 5084  C:\Program Files\pc essentials\updater.exe - copied to quarantine

15:50:00.0622 5084  pc essentials ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 

15:50:00.0658 5084  C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe - copied to quarantine

15:50:00.0659 5084  PhotoshopElementsDeviceConnect ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 

15:50:00.0700 5084  C:\Windows\system32\Drivers\PxHelp20.sys - copied to quarantine

15:50:00.0700 5084  PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 

15:50:00.0728 5084  C:\Program Files\Web Assistant\ExtensionUpdaterService.exe - copied to quarantine

15:50:00.0728 5084  Web Assistant Updater ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 

15:50:12.0463 3232  Deinitialize success

Zitat:

User select action: Quarantine

Och nööö :(
Hast du die Dinger jetzt entfernt oder nur in die Q kopieren lassen?!
Du solltest JEDEN Eintrag der von tdsskiller gefunden wird doch erstmal nur skippen! Anleitung nicht gelesen? :eek:

In die Q kopieren lassen.

Hauptsache du hast nichts entfernt

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Code:

ComboFix 13-04-10.02 - Jonas 11.04.2013  16:42:15.1.2 - x86

Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.1014.429 [GMT 2:00]

ausgeführt von:: c:\users\Jonas\Desktop\ComboFix.exe

AV: BullGuard Antivirus *Disabled/Outdated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}

FW: BullGuard Firewall *Disabled* {68747E43-7A47-EA26-053F-CB84640E3E67}

SP: BullGuard Antispyware *Disabled/Outdated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Claro LTD\claro\1.8.8.5\bh\clARo.dll

c:\program files\Claro LTD\claro\1.8.8.5\clARotlbr.dll

c:\program files\Incredibar.com\incredibar\1.5.11.14\bh\inCRedibar.dll

c:\program files\Incredibar.com\incredibar\1.5.11.14\inCRedibartlbr.dll

c:\program files\Pegatron\Hotkey\FastUserSwitching.exe

c:\program files\PricePeep\prICepeep.dll

c:\program files\Web Assistant\ExTEnsion32.dll

c:\program files\Your Product\lua5.1.dll

c:\users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkg_0ll.exe.lnk

c:\windows\IsUn0407.exe

c:\windows\NCLAUNCH.EXe

c:\windows\unin0407.exe

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_ACPIService

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-03-11 bis 2013-04-11  ))))))))))))))))))))))))))))))

.

.

2013-04-11 15:03 . 2013-04-11 15:07        --------        d-----w-        c:\users\Jonas\AppData\Local\temp

2013-04-11 15:03 . 2013-04-11 15:03        --------        d-----w-        c:\users\Jonas2\AppData\Local\temp

2013-04-11 15:03 . 2013-04-11 15:03        --------        d-----w-        c:\users\Gast\AppData\Local\temp

2013-04-11 15:03 . 2013-04-11 15:03        --------        d-----w-        c:\users\Default\AppData\Local\temp

2013-04-11 14:45 . 2013-04-11 14:45        60872        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F938EF8C-4E73-40C9-BC83-F2DB5D50D88E}\offreg.dll

2013-04-11 13:49 . 2013-04-11 13:49        --------        d-----w-        C:\TDSSKiller_Quarantine

2013-03-30 11:14 . 2013-03-30 11:14        163088        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10143.bin

2013-03-23 06:09 . 2013-03-23 06:09        --------        d-----w-        c:\users\Jonas\AppData\Local\Programs

2013-03-14 17:05 . 2013-02-08 00:45        6954968        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F938EF8C-4E73-40C9-BC83-F2DB5D50D88E}\mpengine.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-17 00:28 . 2009-12-18 12:28        232336        ------w-        c:\windows\system32\MpSigStub.exe

2013-01-12 02:30 . 2013-01-15 17:07        94112        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll

2012-08-25 02:00 . 2012-08-30 12:43        266720        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{60C07B56-542E-4054-A503-4E9E08DF2F84}]

2012-07-17 10:03        1816336        ----a-w-        c:\program files\Pagealicious\Pagealicious.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        129272        ----a-w-        c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        129272        ----a-w-        c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32        129272        ----a-w-        c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-22 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-22 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-22 150552]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-25 8120864]

"fspuip"="c:\program files\FSP\fspuip.exe" [2009-09-23 3342336]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]

"FileOpenBroker"="c:\program files\FileOpen\Services\FileOpenBroker32.exe" [2012-10-17 840112]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]

WKCALREM.LNK - c:\program files\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

backup=c:\windows\pss\Bluetooth.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Jonas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^cs8v0k.exe.lnk]

path=c:\users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cs8v0k.exe.lnk

backup=c:\windows\pss\cs8v0k.exe.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Jonas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Hardcopy.LNK]

path=c:\users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK

backup=c:\windows\pss\Hardcopy.LNK.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-07-11 19:00        919008        ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-07-31 11:20        38872        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-08-27 20:32        59280        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullGuard]

2012-03-17 08:20        1620824        ----a-w-        c:\program files\BullGuard Ltd\BullGuard\BullGuard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-07-19 15:56        136176        ----atw-        c:\users\Jonas\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-09-09 22:30        421776        ----a-w-        c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]

2012-12-10 16:29        2254768        ----a-w-        c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMReminderService]

2007-11-21 05:18        37144        ----a-w-        c:\program files\Mindjet\MindManager 7\MmReminderService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 15:44        3883840        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]

2012-07-30 07:56        162408        ----a-w-        c:\program files\PDF24\pdf24.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]

2009-04-27 16:50        50472        ------w-        c:\program files\CyberLink\PowerDVD9\Language\Language.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-10-24 13:28        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2013-01-08 11:59        18705664        ----a-r-        c:\program files\Skype\Phone\Skype.exe

.

R2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R4 BgRaSvc;BgRaSvc;c:\program files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe [x]

R4 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [x]

R4 BsBhvScan;BullGuard behavioural detection service;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [x]

R4 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [x]

R4 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [x]

R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]

R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]

R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]

R4 pc essentials;pc essentials;c:\program files\pc essentials\updater.exe [x]

R4 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [x]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]

R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]

R4 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [x]

S1 AFW;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [x]

S1 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys [x]

S1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\DRIVERS\NSKernel.sys [x]

S1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\DRIVERS\NSNetmon.sys [x]

S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]

S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [x]

S2 BsBrowser;BullGuard antiphishing service;c:\windows\System32\SvcHost.exe [x]

S2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe [x]

S2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe [x]

S2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe [x]

S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe [x]

S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]

S2 FileOpenManagerService;FileOpen Manager Service;c:\program files\FileOpen\Services\FileOpenManagerService32.exe [x]

S3 afwcore;afwcore;c:\windows\system32\DRIVERS\afwcore.sys [x]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\DRIVERS\fspad_wlh32.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*Deregistered* - FileOpenWebPublisherScreenHookDriver

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc

BullGuard_Main        REG_MULTI_SZ           BsMain

BullGuard        REG_MULTI_SZ           BsFileScan BsMailProxy BsFire

BullGuard_LowPriv        REG_MULTI_SZ           BsBrowser

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService

FontCache

.

.

Inhalt des "geplante Tasks" Ordners

.

2013-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3102065283-3266553345-849421369-1000Core.job

- c:\users\Jonas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-19 15:56]

.

2013-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3102065283-3266553345-849421369-1000UA.job

- c:\users\Jonas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-19 15:56]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.claro-search.com/?affID=120133&babsrc=HP_ss&mntrId=883b5e6d0000000000001c4bd6e4a32e

uInternet Settings,ProxyOverride = *.local

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Free YouTube to MP3 Converter - c:\users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MIF5BA~1\Office10\EXCEL.EXE/3000

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4

LSP: c:\windows\system32\BGLsp.dll

TCP: DhcpNameServer = 192.168.2.1

Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files\WEB.DE Toolbar\IE\uitb.dll

FF - ProfilePath - c:\users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2ayl000g.default\

FF - prefs.js: browser.search.selectedEngine - Claro Search

FF - prefs.js: browser.startup.homepage - hxxp://www.claro-search.com/?affID=120133&babsrc=HP_ss&mntrId=883b5e6d0000000000001c4bd6e4a32e

FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6R8vftSog1&&i=26&search=

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2013-02-18 16:33; ffxtlbr@claro.com; c:\users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\2ayl000g.default\extensions\ffxtlbr@claro.com

FF - user.js: extensions.claro.tlbrSrchUrl - 

FF - user.js: extensions.claro.id - 883b5e6d0000000000001c4bd6e4a32e

FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}

FF - user.js: extensions.claro.instlDay - 15754

FF - user.js: extensions.claro.vrsn - 1.8.8.5

FF - user.js: extensions.claro.vrsni - 1.8.8.5

FF - user.js: extensions.claro_i.vrsnTs - 1.8.8.516:33

FF - user.js: extensions.claro.prtnrId - claro

FF - user.js: extensions.claro.prdct - claro

FF - user.js: extensions.claro.aflt - babsst

FF - user.js: extensions.claro_i.smplGrp - none

FF - user.js: extensions.claro.tlbrId - base

FF - user.js: extensions.claro.instlRef - sst

FF - user.js: extensions.claro.dfltLng - en

FF - user.js: extensions.claro_i.excTlbr - false

FF - user.js: extensions.claro.excTlbr - false

FF - user.js: extensions.claro.admin - false

FF - user.js: extensions.claro.autoRvrt - false

FF - user.js: extensions.claro.rvrt - false

FF - user.js: extensions.claro_i.newTab - false

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe

AddRemove-Borland JBuilder 2.0 - c:\windows\unin0407.exe

AddRemove-NetObjects Fusion 3.0.1 - c:\windows\IsUn0407.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,

   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b

"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,38,12,7f,9b,9b,

   9c,1f,0a,b3,0c,e6,c1,9f,c6,6e,b6,39,a8

"{C424171E-592A-415A-9EB1-DFD6D95D3530}"=hex:51,66,7a,6c,4c,1d,38,12,70,14,37,

   c0,18,17,34,04,e1,a7,9c,96,dc,03,71,24

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,

   2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{BF42D4A8-016E-4FCD-B1EB-837659FD77C6}"=hex:51,66,7a,6c,4c,1d,38,12,c6,d7,51,

   bb,5c,4f,a3,0a,ce,fd,c0,36,5c,a3,33,d2

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1,

   93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

"{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,08,d6,ed,

   77,82,e9,0c,3c,9d,e9,17,af,ad,b0,e5,ab

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(3784)

c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

c:\program files\Common Files\CyberLink\PowerDVD9\deskband32.dll

c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\taskhost.exe

c:\windows\system32\DllHost.exe

c:\program files\Hardcopy\hcdll2_ex_Win32.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\conhost.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\windows defender\MpCmdRun.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2013-04-11  17:30:36 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2013-04-11 15:30

.

Vor Suchlauf: 21 Verzeichnis(se), 137.982.566.400 Bytes frei

Nach Suchlauf: 24 Verzeichnis(se), 137.866.432.512 Bytes frei

.

- - End Of File - - 04D43042B84F120839CE7462533C4F36

P.S. Alles Funktioniert wieder.

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.