Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Attention Required; Google, Youtube und viele andere Websiten sind gesperrt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.03.2013, 11:47   #1
gigamanzone
 
Attention Required; Google, Youtube und viele andere Websiten sind gesperrt - Standard

Attention Required; Google, Youtube und viele andere Websiten sind gesperrt



Wenn ich Google, Youtube oder was anderes besuchen will, kommt diese Meldung:

Wenn ich dann auf den Knopf (siehe Bild) drücke, kommen diese Surveys. Das einzige, was iich schnell sehen konnte, war dass auf dieser Leiste, wo steht warten auf www.google.de steht auch warten auf www.fileice.net stand. Könntet ihr mir bitte helfen?

Alt 30.03.2013, 16:54   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Attention Required; Google, Youtube und viele andere Websiten sind gesperrt - Standard

Attention Required; Google, Youtube und viele andere Websiten sind gesperrt



Hallo und

Hast du noch weitere Logs (mit Funden)? Hat dein Virenscanner jemals angeschlagen? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 07.04.2013, 08:07   #3
gigamanzone
 
Attention Required; Google, Youtube und viele andere Websiten sind gesperrt - Standard

Attention Required; Google, Youtube und viele andere Websiten sind gesperrt



Ich habe schon mal viel früher den Virenscanner angemacht und habe das hier gelöscht:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.03.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Jonas :: JONAS-PC [Administrator]

03.06.2012 18:45:14
mbam-log-2012-06-03 (18-45-14).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 191807
Laufzeit: 1 Stunde(n), 28 Minute(n), 38 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Jonas\AppData\Local\Temp\cs8v0k.exe (Trojan.Winlock.AI) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Ich weiß nicht, ob das weiterhilft, aber würde dringend Hilfe gebrauchen.
__________________

Alt 07.04.2013, 21:24   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Attention Required; Google, Youtube und viele andere Websiten sind gesperrt - Standard

Attention Required; Google, Youtube und viele andere Websiten sind gesperrt



Dass hier jeder dringend Hilfe haben will ist mir klar.
Ist das alles an Funden oder gibt es noch weitere?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.04.2013, 12:58   #5
gigamanzone
 
Attention Required; Google, Youtube und viele andere Websiten sind gesperrt - Standard

Attention Required; Google, Youtube und viele andere Websiten sind gesperrt



Nein, sonst nichts.


Alt 08.04.2013, 13:08   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Attention Required; Google, Youtube und viele andere Websiten sind gesperrt - Standard

Attention Required; Google, Youtube und viele andere Websiten sind gesperrt



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
--> Attention Required; Google, Youtube und viele andere Websiten sind gesperrt

Alt 09.04.2013, 16:40   #7
gigamanzone
 
Attention Required; Google, Youtube und viele andere Websiten sind gesperrt - Standard

Attention Required; Google, Youtube und viele andere Websiten sind gesperrt



OTL.txt:
Code:
ATTFilter
OTL logfile created on: 08.04.2013 19:12:46 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jonas\Downloads
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16438)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,21 Mb Total Physical Memory | 449,75 Mb Available Physical Memory | 44,34% Memory free
1,99 Gb Paging File | 1,16 Gb Available in Paging File | 58,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 201,78 Gb Total Space | 129,47 Gb Free Space | 64,16% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 20,69 Gb Free Space | 68,95% Space Free | Partition Type: NTFS
 
Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jonas\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\FileOpen\Services\FileOpenManagerService32.exe (FileOpen Systems Inc.)
PRC - C:\Programme\FileOpen\Services\FileOpenBroker32.exe (FileOpen Systems Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Pegatron\Hotkey\PHControl.exe (Pegatron)
PRC - C:\Programme\FSP\FspUip.exe (Sentelic Corporation)
PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Programme\Pegatron\Hotkey\FastUserSwitching.exe ()
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Notepad++\NppShell_04.dll ()
MOD - C:\Programme\Pegatron\Hotkey\WLANV.dll ()
MOD - C:\Programme\Pegatron\Hotkey\TPS.dll ()
MOD - C:\Programme\FSP\KbdHook.dll ()
MOD - C:\Programme\FSP\FspLib.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Pegatron\Hotkey\TPF.dll ()
MOD - C:\Programme\Pegatron\Hotkey\HKBD.dll ()
MOD - C:\Programme\Pegatron\Hotkey\PEGAACPIDLL32.dll ()
MOD - C:\Programme\Pegatron\Hotkey\LCSwit.dll ()
MOD - C:\Programme\Pegatron\Hotkey\FastUserSwitching.exe ()
MOD - C:\Programme\Pegatron\Hotkey\FspLib.dll ()
MOD - C:\Programme\PSPad editor\PSPadShell.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (WebOptimizer) -- C:\Windows\system32\dmwu.exe File not found
SRV - (BrowserProtect) -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (FileOpenManagerService) -- C:\Programme\FileOpen\Services\FileOpenManagerService32.exe (FileOpen Systems Inc.)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
SRV - (pc essentials) -- C:\Programme\pc essentials\updater.exe ()
SRV - (BsUpdate) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (BullGuard Ltd.)
SRV - (BsMain) -- C:\Programme\BullGuard Ltd\BullGuard\BsMain.dll (BullGuard Ltd.)
SRV - (BsBrowser) -- C:\Programme\BullGuard Ltd\BullGuard\BsBrowser.dll (BullGuard Ltd.)
SRV - (BgRaSvc) -- C:\Programme\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe (BullGuard Ltd.)
SRV - (BsFire) -- C:\Programme\BullGuard Ltd\BullGuard\BsFire.dll (BullGuard Ltd.)
SRV - (BsScanner) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardScanner.exe (BullGuard Ltd.)
SRV - (BsBhvScan) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe (BullGuard Ltd.)
SRV - (BsMailProxy) -- C:\Programme\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll (BullGuard Ltd.)
SRV - (BsFileScan) -- C:\Programme\BullGuard Ltd\BullGuard\BsFileScan.dll (BullGuard Ltd.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (MSSQLServerADHelper100) -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (MSSQL$SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor) -- C:\Programme\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe ()
SRV - (PhotoshopElementsDeviceConnect) -- C:\Programme\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (afwcore) -- C:\Windows\System32\drivers\AfwCore.sys (Agnitum Ltd.)
DRV - (AFW) -- C:\Windows\System32\drivers\Afw.sys (Agnitum Ltd.)
DRV - (NovaShieldFilterDriver) -- C:\Windows\System32\drivers\NSKernel.sys (NovaShield, Inc.)
DRV - (NovaShieldTDIDriver) -- C:\Windows\System32\drivers\NSNetmon.sys (NovaShield, Inc.)
DRV - (BdSpy) -- C:\Windows\System32\drivers\BdSpy.sys (BullGuard Ltd.)
DRV - (Trufos) -- C:\Windows\System32\drivers\Trufos.sys (BitDefender S.R.L.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV - (fspad_wlh32) -- C:\Windows\System32\drivers\fspad_wlh32.sys (Sentelic Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (ACPIService) -- C:\Windows\System32\drivers\ATKACPI.SYS ()
DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=120133&babsrc=HP_ss&mntrId=883b5e6d0000000000001c4bd6e4a32e
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=120133&babsrc=HP_ss&mntrId=883b5e6d0000000000001c4bd6e4a32e
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=120133&babsrc=SP_ss&mntrId=883b5e6d0000000000001c4bd6e4a32e
IE - HKCU\..\SearchScopes\{5F3A1B1D-B5C5-4577-9736-AD27A377C04E}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFB_deDE475
IE - HKCU\..\SearchScopes\{7A98FD23-0238-482A-8127-644B44A7B465}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{ACBB78F7-FB64-4836-9A68-C5EED485C4FA}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{CF405816-FE96-4902-B4B3-0FAE591E3034}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6R8vftSog1&i=26
IE - HKCU\..\SearchScopes\{E285E30D-1BA8-44F3-8BBC-FF78B6B07AA3}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "Claro Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.claro-search.com/?affID=120133&babsrc=HP_ss&mntrId=883b5e6d0000000000001c4bd6e4a32e"
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.2.1
FF - prefs.js..extensions.enabledAddons: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.7.5
FF - prefs.js..extensions.enabledAddons: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.6.7
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..extensions.enabledAddons: crossriderapp21058@crossrider.com:0.87.11
FF - prefs.js..extensions.enabledAddons: pricepeep@getpricepeep.com:2.1.0.22
FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6R8vftSog1&&i=26&search="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Users\Jonas\AppData\Local\mpDRM\Binaries\NPMPDRM.dll ( )
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Jonas\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jonas\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jonas\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard\ [2012.03.17 14:05:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.09.03 13:34:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\pagealicious@pagealicious.com: C:\Program Files\Pagealicious\Pagealicious.xpi [2013.02.18 17:36:14 | 000,036,694 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.30 14:43:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.02.18 17:33:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin [2012.03.01 18:20:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\Spamfilter\TbSpamfilter [2012.03.17 14:05:22 | 000,000,000 | ---D | M]
 
[2011.07.22 19:17:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Extensions
[2013.02.18 17:35:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2ayl000g.default\extensions
[2012.10.18 10:19:43 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2ayl000g.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2012.11.04 11:34:46 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2ayl000g.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.01 11:54:10 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2ayl000g.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2013.02.18 17:34:34 | 000,000,000 | ---D | M] ("Savings Explorer") -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2ayl000g.default\extensions\crossriderapp21058@crossrider.com
[2012.02.03 18:26:13 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2ayl000g.default\extensions\ffxtlbr@babylon.com
[2013.02.18 17:33:31 | 000,000,000 | ---D | M] (Claro Toolbar) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2ayl000g.default\extensions\ffxtlbr@claro.com
[2013.02.18 17:35:30 | 000,000,000 | ---D | M] (Pagealicious) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2ayl000g.default\extensions\Pagealicious
[2013.02.18 17:34:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\2ayl000g.default\extensions\crossriderapp21058@crossrider.com\chrome\content\extensionCode
[2013.02.04 22:35:36 | 000,053,941 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2ayl000g.default\extensions\pricepeep@getpricepeep.com.xpi
[2012.08.30 14:43:39 | 000,526,409 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2ayl000g.default\extensions\toolbar@web.de.xpi
[2012.08.28 14:36:14 | 000,318,530 | ---- | M] () (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2ayl000g.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi
[2012.08.30 14:45:36 | 000,000,853 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2ayl000g.default\searchplugins\11-suche.xml
[2013.02.18 17:33:36 | 000,001,300 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2ayl000g.default\searchplugins\claro.xml
[2012.08.30 14:45:36 | 000,002,209 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2ayl000g.default\searchplugins\englische-ergebnisse.xml
[2012.08.30 14:45:36 | 000,010,506 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2ayl000g.default\searchplugins\gmx-suche.xml
[2012.08.30 14:45:36 | 000,002,368 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2ayl000g.default\searchplugins\lastminute.xml
[2012.06.07 08:09:26 | 000,002,203 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2ayl000g.default\searchplugins\MyStart Search.xml
[2012.08.30 14:45:35 | 000,005,489 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\mozilla\firefox\profiles\2ayl000g.default\searchplugins\webde-suche.xml
[2012.10.25 15:51:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.25 15:51:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.25 15:51:27 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.08.25 04:00:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.18 17:33:16 | 000,006,484 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Claro Search (Enabled)
CHR - default_search_provider: search_url = hxxp://www.claro-search.com/?q={searchTerms}&affID=120133&babsrc=SP_ss&mntrId=883b5e6d0000000000001c4bd6e4a32e
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.claro-search.com/?affID=120133&babsrc=HP_ss&mntrId=883b5e6d0000000000001c4bd6e4a32e
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jonas\AppData\Local\Google\Chrome\Application\26.0.1410.43\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jonas\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jonas\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Jonas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: GeoGebra = C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee\4.2.0.0_0\
CHR - Extension: CT Sobrio = C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cogcpnmcioajbgpnmaeibpnjbepkbhec\1_0\
CHR - Extension: Angry Birds Space Unlocked = C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdcmhjnadmfnaiaaeloheclgidakomnn\2.3.1_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\
 
O1 HOSTS File: ([2013.02.20 17:08:58 | 000,010,201 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 198.167.139.182 google.com
O1 - Hosts: 198.167.139.182 www.google.ae
O1 - Hosts: 198.167.139.182 www.google.com.af
O1 - Hosts: 198.167.139.182 www.google.com.ag
O1 - Hosts: 198.167.139.182 www.google.off.ai
O1 - Hosts: 198.167.139.182 www.google.am
O1 - Hosts: 198.167.139.182 www.google.com.ar
O1 - Hosts: 198.167.139.182 www.google.as
O1 - Hosts: 198.167.139.182 www.google.at
O1 - Hosts: 198.167.139.182 www.google.com.au
O1 - Hosts: 198.167.139.182 www.google.az
O1 - Hosts: 198.167.139.182 www.google.ba
O1 - Hosts: 198.167.139.182 www.google.com.bd
O1 - Hosts: 198.167.139.182 www.google.be
O1 - Hosts: 198.167.139.182 www.google.bg
O1 - Hosts: 198.167.139.182 www.google.com.bh
O1 - Hosts: 198.167.139.182 www.google.bi
O1 - Hosts: 198.167.139.182 www.google.com.bo
O1 - Hosts: 198.167.139.182 www.google.com.br
O1 - Hosts: 198.167.139.182 www.google.bs
O1 - Hosts: 198.167.139.182 www.google.co.bw
O1 - Hosts: 198.167.139.182 www.google.com.bz
O1 - Hosts: 198.167.139.182 www.google.ca
O1 - Hosts: 198.167.139.182 www.google.cd
O1 - Hosts: 198.167.139.182 www.google.cg
O1 - Hosts: 313 more lines...
O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Programme\Claro LTD\claro\1.8.8.5\bh\claro.dll (Montera Technologeis LTD)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Pagealicious) - {60C07B56-542E-4054-A503-4E9E08DF2F84} - C:\Programme\Pagealicious\Pagealicious.dll (TODO: <Company name>)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (BGAntiphishingBHO Class) - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Programme\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.)
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Programme\PricePeep\pricepeep.dll (PricePeep)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Programme\Claro LTD\claro\1.8.8.5\claroTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [FileOpenBroker] C:\Programme\FileOpen\Services\FileOpenBroker32.exe (FileOpen Systems Inc.)
O4 - HKLM..\Run: [fspuip] c:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
O4 - HKLM..\Run: [Hotkey] C:\Programme\Pegatron\Hotkey\FastUserSwitching.exe ()
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pkg_0ll.exe.lnk =  File not found
O4 - Startup: C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WKCALREM.LNK =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jonas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Programme\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24BC267C-80AB-44F3-96CC-B5B660E05A41}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D372648-D01A-4949-8ABB-5FF287D19DB7}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - AppInit_DLLs: (BgGamingMonitor.dll) - C:\Windows\System32\BgGamingMonitor.dll (BullGuard Ltd.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.23 08:09:29 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\Programs
[2013.03.20 18:52:00 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\magical8bitPlug_for_win
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.08 19:44:09 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3102065283-3266553345-849421369-1000UA.job
[2013.04.08 19:39:49 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2013.04.08 19:24:04 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3102065283-3266553345-849421369-1000Core.job
[2013.04.07 09:04:22 | 000,002,330 | ---- | M] () -- C:\Users\Jonas\Desktop\Google Chrome.lnk
[2013.03.31 21:06:06 | 000,010,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.31 21:06:06 | 000,010,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.30 14:14:05 | 000,001,015 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.03.30 14:13:25 | 000,000,983 | ---- | M] () -- C:\Users\Jonas\Desktop\Dropbox.lnk
[2013.03.30 14:10:05 | 000,000,004 | ---- | M] () -- C:\ProgramData\WBLD.INI
[2013.03.30 14:09:17 | 797,605,888 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.30 13:39:55 | 000,274,431 | ---- | M] () -- C:\Users\Jonas\Desktop\Virus.jpg
[2013.03.23 08:09:52 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.30 13:39:55 | 000,274,431 | ---- | C] () -- C:\Users\Jonas\Desktop\Virus.jpg
[2013.03.23 08:09:52 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.05 19:19:52 | 000,001,451 | ---- | C] () -- C:\Users\Jonas\AppData\Local\recently-used.xbel
[2012.11.19 09:33:32 | 000,065,656 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2012.11.19 09:33:30 | 000,022,640 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
[2012.06.07 08:14:54 | 000,001,206 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\CamStudio.Producer.ini
[2012.06.07 08:14:54 | 000,000,000 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\CamStudio.Producer.Data.ini
[2012.06.07 08:14:00 | 000,004,416 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\CamStudio.cfg
[2012.06.07 08:14:00 | 000,000,408 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\CamShapes.ini
[2012.06.07 08:14:00 | 000,000,408 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\CamLayout.ini
[2012.06.07 08:14:00 | 000,000,096 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\Camdata.ini
[2011.09.11 18:40:05 | 000,000,180 | ---- | C] () -- C:\Windows\_delis43.ini
[2011.09.11 18:01:53 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe
[2011.07.25 14:19:31 | 000,000,680 | RHS- | C] () -- C:\Users\Jonas\ntuser.pol
[2011.07.11 19:12:31 | 000,018,944 | ---- | C] () -- C:\Windows\eraser.exe
[2011.07.09 14:12:58 | 000,000,075 | ---- | C] () -- C:\Windows\TassWin.INI
[2011.07.09 13:55:21 | 000,149,504 | R--- | C] () -- C:\Windows\System32\CETNUASM.DLL
[2011.01.18 17:54:52 | 000,005,120 | ---- | C] () -- C:\Users\Jonas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.26 18:53:26 | 000,001,092 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\wklnhst.dat
[2009.12.18 13:08:32 | 000,000,004 | ---- | C] () -- C:\ProgramData\WBLD.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:7D6EC5BE
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:B1FBBD09

< End of report >
         
Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 08.04.2013 19:12:46 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jonas\Downloads
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16438)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,21 Mb Total Physical Memory | 449,75 Mb Available Physical Memory | 44,34% Memory free
1,99 Gb Paging File | 1,16 Gb Available in Paging File | 58,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 201,78 Gb Total Space | 129,47 Gb Free Space | 64,16% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 20,69 Gb Free Space | 68,95% Space Free | Partition Type: NTFS
 
Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F4FF172-B855-4E96-9CD9-1F0D3AD19E4B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{C465D422-A97A-441B-A4FB-75CD505ADA5E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{D29967A3-00B0-492A-B942-4419287820B9}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000E0A1A-B8B5-44B3-8370-6DA8563226B4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2AF8EA48-7105-4B5E-BAF7-00546BBBE436}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{325909D8-5C33-4F7D-8D01-569DB4A6F565}" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"{34247A01-3C06-4CEF-B8F4-DBC0539CB96F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{35F2F544-C2ED-436A-BA20-56C6C566DB30}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{3C98DE40-5D53-4DC7-940D-421DDA0A99CA}" = protocol=6 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3DE11477-FD36-4F37-A419-7FD353EE6CDC}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe | 
"{51394D7C-1251-46E6-A195-F492F54BAD6E}" = protocol=17 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe | 
"{647EE00C-681D-43AD-BA48-BC63DFCBCD23}" = protocol=17 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe | 
"{68560169-E59F-4608-9901-837017DD3C34}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{790A5BE2-9B43-4AE7-988B-0AD0A7B7FB6E}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{7B255AA4-32E5-4B3C-B55F-7C2256994904}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{7D472E7F-807B-4629-AEA2-99FF174F72AD}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{82ED29F6-1415-4A41-8278-6CA2ED3B63CB}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"{836B6F3B-7D2B-45BF-9855-4A9169A6A39F}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{90DCCFFF-1D8A-4C43-B7D7-84FEDEEBFB61}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{A6CC47F8-90B9-4E00-8898-AC87850956FD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B9562208-6BE0-435D-A775-7A0D65295D80}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"{C20150C8-2923-4D8E-9F39-0783E23416BC}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{C2E587F4-1302-402C-83E0-A7AD6B48B54E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{D9EBD722-95DD-4A9C-A9AB-3FD5C2A6B9CF}" = protocol=6 | dir=in | app=c:\users\jonas\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F7BA547E-191A-44BF-A11B-46481F0631BB}" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"{FD2A3CCE-7718-45F3-8E68-1CD978D33D62}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{043CAA8A-9943-4E6A-BB1B-86FD229FB4CC}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{3B935FFA-E24C-41AB-8966-0837186FD051}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 
"TCP Query User{434A8A98-C86A-4763-9B3B-E4116DF0E1F8}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{4A094AA9-F125-4EF8-A1B7-9BEFE46FA554}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{8715BB9D-133E-4476-A255-57FCCBC087F1}C:\xampp\filezillaftp\filezilla server.exe" = protocol=6 | dir=in | app=c:\xampp\filezillaftp\filezilla server.exe | 
"TCP Query User{9701844B-8AA0-44B7-AC5F-5E02113B1642}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{A8E13F43-1D69-4FA8-9169-7786D2F511D8}C:\udk\udk-2009-11-2\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\udk-2009-11-2\binaries\win32\udk.exe | 
"TCP Query User{AE671140-BD8B-4998-8E6A-6B38A4472BB7}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"TCP Query User{D82F4D2B-34E4-4EF8-967B-AD5CDB635C1E}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{DDB883BC-FB40-436F-91DE-29F20A7A0047}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{1B35C50C-DDDD-47C4-B81D-FA79DA08BCFB}C:\udk\udk-2009-11-2\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\udk-2009-11-2\binaries\win32\udk.exe | 
"UDP Query User{55CAFEEF-B74C-491C-8AF9-863B8B469CE1}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 
"UDP Query User{874DDC5E-7656-4789-A4C6-42374E05F4B0}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{8C55A407-0EFA-4313-96E8-15666C2FF9B0}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{A63772CD-CB37-4D86-BF77-B446D2942DE7}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{CFEC05A1-0826-4750-BC9B-BBB1101499F3}C:\xampp\filezillaftp\filezilla server.exe" = protocol=17 | dir=in | app=c:\xampp\filezillaftp\filezilla server.exe | 
"UDP Query User{DBF7A7E0-025F-48D9-9BF2-0C710A90C78B}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{E5A8469D-46C9-44C1-8847-F79AEFC02815}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"UDP Query User{EC38BEA6-A6B0-41A1-B582-5429F5588A3A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{EFD9EDC8-3321-409A-B80B-607058340908}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{069B290F-5398-4629-A009-85B4BCB4B1B9}" = Claro Chrome Toolbar
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{0E5FDD1D-DCE8-4F9D-9BFD-4E4CF89811E2}" = iCloud
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1C2B3CEA-482E-4453-B3E2-C9731337828A}" = Microsoft SQL Server 2008 Native Client
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21B64483-4848-11DB-AB11-000374890932}" = Homepage Maker 5
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}" = TubeBox!
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11
"{2864C41B-EF2D-4640-95A2-526276524519}" = Borland C++Builder 6
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{31D47283-7B4C-46C1-BC62-99CFD66CDD66}" = MAGIX Speed burnR (MSI)
"{32A3A4F4-B792-11D6-A78A-00B0D0160350}" = Java(TM) SE Development Kit 6 Update 35
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.478
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3791BEF3-C86F-448F-B48A-A83F1B2B1886}" = MAGIX Screenshare
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5A627DFB-EA4C-4FFA-B711-69E849FB40D8}" = Hotkey
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69B77D45-F5AD-4AB9-933D-352703324469}_is1" = RAR Password Unlocker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7223945A-F037-4AE1-92F9-BA8304F0E21A}" = TubeBox!
"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.8.0
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA2D735-3375-42D4-9A61-3FFEF82599D6}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC184566-C420-4995-934B-97BE1A7DEC06}" = FileOpen Client
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C53F001E-5912-4E76-AC49-9AC20B36B1A2}" = MSM2MSI_gstudio
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Evaluation
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E30FF7-5EAE-4E0E-B394-78214222D60C}" = Windows Internet Explorer Platform Preview
"{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = Finger Sensing Pad Driver
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F369DA4F-7993-4E8D-ADBD-60D82FCF93EC}" = MAGIX Music Maker 17
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"{FFBE334E-06EF-44B5-8CF7-129F7F9526A2}" = Mindjet MindManager Lite 7
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"755087041320E005CB1E8A67C5C55A260EB81B90" = Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407)
"97CEB8209F0BC014131F0864966F5B9C9345570E" = Windows Driver Package - Broadcom Bluetooth  (05/27/2009 6.1.7100.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALDI Foto Service D" = ALDI Foto Service
"ALDI Nord Foto Manager Free D" = ALDI Nord Foto Manager Free
"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice
"ALDI Nord Online Druck Service D" = ALDI Nord Online Druck Service
"Alfons Lernwelt" = Alfons Lernwelt
"BabylonToolbar" = Babylon toolbar on IE
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"Blender" = Blender
"Borland JBuilder 2.0" = Borland JBuilder 2.0
"BullGuard" = BullGuard
"capella_1200 5.2" = capella 1200 Version 5.2
"capella2002-v4.0" = capella 1200, Version 4.0
"CCleaner" = CCleaner
"claro" = Claro toolbar  
"FileZilla Client" = FileZilla Client 3.2.7.1
"Fraps" = Fraps (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"Gamestudio A8" = Gamestudio A8
"Genesis3D11Key" = Genesis3D11
"GIMP-2_is1" = GIMP 2.8.0
"Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"incredibar" = Incredibar Toolbar  on IE and Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"InterActual Player" = InterActual Player
"LeechFTP" = LeechFTP AL PLAYE
"LogMeIn Hamachi" = LogMeIn Hamachi
"logoscreensaver" = logoscreensaver Screen Saver
"MAGIX_MSI_mm17" = MAGIX Music Maker 17
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MEDION Fotos auf CD & DVD SE Nord D" = MEDION Fotos auf CD & DVD SE Nord
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Minecraft Texturepack Editor" = Minecraft Texturepack Editor
"MinecraftAlpha" = MinecraftAlpha
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NetObjects Fusion 3.0.1" = NetObjects Fusion 3.0.1
"New LEGO Digital Designer" = LEGO Digital Designer
"NoIPDUC" = No-IP DUC
"Notepad++" = Notepad++
"Pagealicious" = Pagealicious
"PDF-XChange 3_is1" = PDF-XChange 3
"PhotoScape" = PhotoScape
"PriceGong" = PriceGong 2.6.7
"PricePeep" = PricePeep
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PSPad editor_is1" = PSPad editor
"Savings Explorer" = Savings Explorer
"UDK-f9f58a61-e443-4469-a6b7-8cf436caa0e6" = Unreal Development Kit: 2009-11-2
"VLC media player" = VLC media player 2.0.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
"Wissen macht Ah! - Bildschirmschoner" = Wissen macht Ah! - Bildschirmschoner Bildschirmschoner
"Your Product1.0" = Your Product
"ZetaProducer10" = Zeta Producer 10 10.7.0 (nur entfernen)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.09.2012 09:41:59 | Computer Name = Jonas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 22.09.2012 09:41:59 | Computer Name = Jonas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4227
 
Error - 22.09.2012 09:41:59 | Computer Name = Jonas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4227
 
Error - 22.09.2012 09:42:00 | Computer Name = Jonas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 22.09.2012 09:42:00 | Computer Name = Jonas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5241
 
Error - 22.09.2012 09:42:00 | Computer Name = Jonas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5241
 
Error - 22.09.2012 09:42:01 | Computer Name = Jonas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 22.09.2012 09:42:01 | Computer Name = Jonas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6240
 
Error - 22.09.2012 09:42:01 | Computer Name = Jonas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6240
 
Error - 22.09.2012 09:42:02 | Computer Name = Jonas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
[ System Events ]
Error - 30.03.2013 07:13:51 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 30.03.2013 08:09:38 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WebOptimizer" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 30.03.2013 08:09:47 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 30.03.2013 13:05:29 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst wlidsvc erreicht.
 
Error - 31.03.2013 04:16:03 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 31.03.2013 09:02:49 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst PlugPlay erreicht.
 
Error - 07.04.2013 10:06:45 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst PlugPlay erreicht.
 
Error - 08.04.2013 08:15:42 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst WinDefend erreicht.
 
Error - 08.04.2013 08:56:32 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 08.04.2013 13:11:33 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
 
< End of report >
         

Alt 09.04.2013, 16:44   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Attention Required; Google, Youtube und viele andere Websiten sind gesperrt - Standard

Attention Required; Google, Youtube und viele andere Websiten sind gesperrt



Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.04.2013, 18:59   #9
gigamanzone
 
Attention Required; Google, Youtube und viele andere Websiten sind gesperrt - Standard

Attention Required; Google, Youtube und viele andere Websiten sind gesperrt



mbar:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org

Database version: v2013.04.09.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16438
Jonas :: JONAS-PC [administrator]

09.04.2013 19:34:42
mbar-log-2013-04-09 (19-34-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31177
Time elapsed: 22 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110211101158} (PUP.215Apps) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
GMER:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-09 19:02:17
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVT-00A23T0 rev.01.01A01 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Jonas\AppData\Local\Temp\fwdoypow.sys


---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                       81C7CA49 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                         81CB64D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?      System32\drivers\oukmlnes.sys                                                                                                  Das System kann den angegebenen Pfad nicht finden. !
.vmp2  C:\Windows\system32\drivers\acedrv11.sys                                                                                       entry point in ".vmp2" section [0xA88D069D]

---- User code sections - GMER 2.1 ----

.text  c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[332] USER32.dll!DialogBoxParamW               773B3B9B 5 Bytes  JMP 756346C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text  C:\Windows\system32\wininit.exe[500] USER32.dll!DialogBoxParamW                                                                773B3B9B 5 Bytes  JMP 756346C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text  C:\Windows\system32\taskhost.exe[548] USER32.dll!DialogBoxParamW                                                               773B3B9B 5 Bytes  JMP 756346C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text  C:\Windows\system32\services.exe[556] USER32.dll!DialogBoxParamW                                                               773B3B9B 5 Bytes  JMP 756346C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text  C:\Windows\system32\winlogon.exe[592] USER32.dll!DialogBoxParamW                                                               773B3B9B 5 Bytes  JMP 756346C0 c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
.text  ...                                                                                                                            

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a147f0                                                    
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a147fa                                                    
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6006445                                                    
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd612c05d                                                    
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd612c05d@001060d10359                                       0x38 0x50 0x3E 0xB9 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{6A754A24-241A-4705-9362-E5ADA199D175}@LeaseObtainedTime    1365523262
Reg    HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{6A754A24-241A-4705-9362-E5ADA199D175}@T1                   1365523389
Reg    HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{6A754A24-241A-4705-9362-E5ADA199D175}@T2                   1365523485
Reg    HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{6A754A24-241A-4705-9362-E5ADA199D175}@LeaseTerminatesTime  1365523517
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a147f0 (not active ControlSet)                                
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a147fa (not active ControlSet)                                
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd6006445 (not active ControlSet)                                
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd612c05d (not active ControlSet)                                
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd612c05d@001060d10359                                           0x38 0x50 0x3E 0xB9 ...

---- Disk sectors - GMER 2.1 ----

Disk   \Device\Harddisk0\DR0                                                                                                          unknown MBR code

---- EOF - GMER 2.1 ----
         

Alt 09.04.2013, 22:43   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Attention Required; Google, Youtube und viele andere Websiten sind gesperrt - Standard

Attention Required; Google, Youtube und viele andere Websiten sind gesperrt



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.04.2013, 13:45   #11
gigamanzone
 
Attention Required; Google, Youtube und viele andere Websiten sind gesperrt - Standard

Attention Required; Google, Youtube und viele andere Websiten sind gesperrt



aswmbr:
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-10 13:45:42
-----------------------------
13:45:42.551    OS Version: Windows 6.1.7601 Service Pack 1
13:45:42.552    Number of processors: 2 586 0x1C0A
13:45:42.554    ComputerName: JONAS-PC  UserName: Jonas
13:45:43.812    Initialize success
13:48:43.885    AVAST engine defs: 13040901
13:49:07.320    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:49:07.326    Disk 0 Vendor: WDC_WD2500BEVT-00A23T0 01.01A01 Size: 238475MB BusType: 3
13:49:07.654    Disk 0 MBR read successfully
13:49:07.661    Disk 0 MBR scan
13:49:07.772    Disk 0 unknown MBR code
13:49:07.801    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
13:49:07.835    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       206627 MB offset 206848
13:49:07.879    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        30720 MB offset 423378944
13:49:07.968    Disk 0 Partition 4 00     12  Compaq diag NTFS         1026 MB offset 486293504
13:49:07.989    Disk 0 scanning sectors +488394752
13:49:08.330    Disk 0 scanning C:\Windows\system32\drivers
13:49:47.734    Service scanning
13:50:50.368    Modules scanning
13:51:35.498    Disk 0 trace - called modules:
13:51:35.514    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 
13:51:35.515    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84529030]
13:51:35.515    3 CLASSPNP.SYS[867cc59e] -> nt!IofCallDriver -> [0x84063898]
13:51:35.515    5 ACPI.sys[864d73d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84455030]
13:51:36.440    AVAST engine scan C:\Windows
13:51:45.152    AVAST engine scan C:\Windows\system32
13:59:13.098    AVAST engine scan C:\Windows\system32\drivers
13:59:35.776    AVAST engine scan C:\Users\Jonas
14:17:09.305    File: C:\Users\Jonas\Downloads\MC\MPAC.exe  **INFECTED** Win32:Dropper-gen [Drp]
14:17:09.648    File: C:\Users\Jonas\Downloads\MCP\MPAC.exe  **INFECTED** Win32:Dropper-gen [Drp]
14:19:24.759    AVAST engine scan C:\ProgramData
14:21:36.335    Scan finished successfully
14:31:42.234    Disk 0 MBR has been saved successfully to "C:\Users\Jonas\Desktop\MBR.dat"
14:31:42.276    The log file has been saved successfully to "C:\Users\Jonas\Desktop\aswMBR.txt"
         
TDSSKiller:
Code:
ATTFilter
14:37:42.0670 4192  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:37:43.0745 4192  ============================================================
14:37:43.0746 4192  Current date / time: 2013/04/10 14:37:43.0745
14:37:43.0746 4192  SystemInfo:
14:37:43.0746 4192  
14:37:43.0746 4192  OS Version: 6.1.7601 ServicePack: 1.0
14:37:43.0746 4192  Product type: Workstation
14:37:43.0747 4192  ComputerName: JONAS-PC
14:37:43.0747 4192  UserName: Jonas
14:37:43.0747 4192  Windows directory: C:\Windows
14:37:43.0747 4192  System windows directory: C:\Windows
14:37:43.0747 4192  Processor architecture: Intel x86
14:37:43.0747 4192  Number of processors: 2
14:37:43.0747 4192  Page size: 0x1000
14:37:43.0747 4192  Boot type: Normal boot
14:37:43.0747 4192  ============================================================
14:37:46.0101 4192  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:37:46.0114 4192  ============================================================
14:37:46.0114 4192  \Device\Harddisk0\DR0:
14:37:46.0114 4192  MBR partitions:
14:37:46.0114 4192  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:37:46.0114 4192  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x19391800
14:37:46.0114 4192  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x193C4000, BlocksNum 0x3C00000
14:37:46.0114 4192  ============================================================
14:37:46.0151 4192  C: <-> \Device\Harddisk0\DR0\Partition2
14:37:46.0214 4192  D: <-> \Device\Harddisk0\DR0\Partition3
14:37:46.0275 4192  ============================================================
14:37:46.0276 4192  Initialize success
14:37:46.0276 4192  ============================================================
14:38:56.0482 4052  Deinitialize success
         

Geändert von gigamanzone (10.04.2013 um 14:31 Uhr)

Alt 10.04.2013, 14:50   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Attention Required; Google, Youtube und viele andere Websiten sind gesperrt - Standard

Attention Required; Google, Youtube und viele andere Websiten sind gesperrt



Zitat:
C:\Users\Jonas\Downloads\MC\MPAC.exe
Was soll das sein, wo hast du das her?

Und das Log vom tdsskiller ist unvollständig
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.04.2013, 14:57   #13
gigamanzone
 
Attention Required; Google, Youtube und viele andere Websiten sind gesperrt - Standard

Attention Required; Google, Youtube und viele andere Websiten sind gesperrt



Mein Freund hat mir das per Email geschickt und sagte, dass das ein Texturpack-Editor für Minecraft wäre. Er hat mir aber eine Infizierte Datei geschickt und so hab ich es bekommen. Und die Logdatei:
Code:
ATTFilter
14:37:42.0670 4192  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:37:43.0745 4192  ============================================================
14:37:43.0746 4192  Current date / time: 2013/04/10 14:37:43.0745
14:37:43.0746 4192  SystemInfo:
14:37:43.0746 4192  
14:37:43.0746 4192  OS Version: 6.1.7601 ServicePack: 1.0
14:37:43.0746 4192  Product type: Workstation
14:37:43.0747 4192  ComputerName: JONAS-PC
14:37:43.0747 4192  UserName: Jonas
14:37:43.0747 4192  Windows directory: C:\Windows
14:37:43.0747 4192  System windows directory: C:\Windows
14:37:43.0747 4192  Processor architecture: Intel x86
14:37:43.0747 4192  Number of processors: 2
14:37:43.0747 4192  Page size: 0x1000
14:37:43.0747 4192  Boot type: Normal boot
14:37:43.0747 4192  ============================================================
14:37:46.0101 4192  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:37:46.0114 4192  ============================================================
14:37:46.0114 4192  \Device\Harddisk0\DR0:
14:37:46.0114 4192  MBR partitions:
14:37:46.0114 4192  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:37:46.0114 4192  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x19391800
14:37:46.0114 4192  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x193C4000, BlocksNum 0x3C00000
14:37:46.0114 4192  ============================================================
14:37:46.0151 4192  C: <-> \Device\Harddisk0\DR0\Partition2
14:37:46.0214 4192  D: <-> \Device\Harddisk0\DR0\Partition3
14:37:46.0275 4192  ============================================================
14:37:46.0276 4192  Initialize success
14:37:46.0276 4192  ============================================================
14:38:56.0482 4052  Deinitialize success
         

Alt 10.04.2013, 15:40   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Attention Required; Google, Youtube und viele andere Websiten sind gesperrt - Standard

Attention Required; Google, Youtube und viele andere Websiten sind gesperrt



tdsskiller Log ist immer noch unvollständig. Da fehlt eine ganze Ecke an Infos, hast wohl falsch ausgeführt
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.04.2013, 15:48   #15
gigamanzone
 
Attention Required; Google, Youtube und viele andere Websiten sind gesperrt - Standard

Attention Required; Google, Youtube und viele andere Websiten sind gesperrt



Code:
ATTFilter
14:40:39.0725 3728  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:40:40.0051 3728  ============================================================
14:40:40.0051 3728  Current date / time: 2013/04/10 14:40:40.0051
14:40:40.0051 3728  SystemInfo:
14:40:40.0051 3728  
14:40:40.0051 3728  OS Version: 6.1.7601 ServicePack: 1.0
14:40:40.0051 3728  Product type: Workstation
14:40:40.0052 3728  ComputerName: JONAS-PC
14:40:40.0052 3728  UserName: Jonas
14:40:40.0052 3728  Windows directory: C:\Windows
14:40:40.0052 3728  System windows directory: C:\Windows
14:40:40.0052 3728  Processor architecture: Intel x86
14:40:40.0052 3728  Number of processors: 2
14:40:40.0052 3728  Page size: 0x1000
14:40:40.0052 3728  Boot type: Normal boot
14:40:40.0052 3728  ============================================================
14:40:41.0490 3728  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:40:41.0496 3728  ============================================================
14:40:41.0496 3728  \Device\Harddisk0\DR0:
14:40:41.0496 3728  MBR partitions:
14:40:41.0496 3728  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:40:41.0496 3728  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x19391800
14:40:41.0497 3728  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x193C4000, BlocksNum 0x3C00000
14:40:41.0497 3728  ============================================================
14:40:41.0518 3728  C: <-> \Device\Harddisk0\DR0\Partition2
14:40:41.0570 3728  D: <-> \Device\Harddisk0\DR0\Partition3
14:40:41.0570 3728  ============================================================
14:40:41.0570 3728  Initialize success
14:40:41.0570 3728  ============================================================
14:40:43.0523 1912  ============================================================
14:40:43.0524 1912  Scan started
14:40:43.0524 1912  Mode: Manual; 
14:40:43.0524 1912  ============================================================
14:40:46.0233 1912  ================ Scan system memory ========================
14:40:46.0233 1912  System memory - ok
14:40:46.0235 1912  ================ Scan services =============================
14:40:46.0470 1912  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:40:46.0475 1912  1394ohci - ok
14:40:46.0553 1912  [ E6F53D6C0DEA3D375362265E175CA638 ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
14:40:46.0559 1912  acedrv11 - ok
14:40:46.0637 1912  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:40:46.0645 1912  ACPI - ok
14:40:46.0706 1912  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:40:46.0709 1912  AcpiPmi - ok
14:40:46.0770 1912  [ C1C7EEF1A53A6B47323187A22559E553 ] ACPIService     C:\Windows\system32\DRIVERS\ATKACPI.SYS
14:40:46.0773 1912  ACPIService - ok
14:40:46.0927 1912  [ 0F6D872FD048D437DCBF5C1A80194886 ] AdobeActiveFileMonitor C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
14:40:46.0931 1912  AdobeActiveFileMonitor - ok
14:40:46.0994 1912  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
14:40:47.0003 1912  adp94xx - ok
14:40:47.0090 1912  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
14:40:47.0099 1912  adpahci - ok
14:40:47.0152 1912  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
14:40:47.0158 1912  adpu320 - ok
14:40:47.0214 1912  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:40:47.0217 1912  AeLookupSvc - ok
14:40:47.0284 1912  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
14:40:47.0292 1912  AFD - ok
14:40:47.0341 1912  [ 5C4125D2AF6DDBB6422CE5F6E9BE7098 ] AFW             C:\Windows\system32\DRIVERS\afw.sys
14:40:47.0344 1912  AFW - ok
14:40:47.0383 1912  [ C223C5327FF06330B0251F1830FEE1AF ] afwcore         C:\Windows\system32\DRIVERS\afwcore.sys
14:40:47.0391 1912  afwcore - ok
14:40:47.0436 1912  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
14:40:47.0440 1912  agp440 - ok
14:40:47.0487 1912  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
14:40:47.0491 1912  aic78xx - ok
14:40:47.0540 1912  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
14:40:47.0544 1912  ALG - ok
14:40:47.0579 1912  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:40:47.0582 1912  aliide - ok
14:40:47.0624 1912  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
14:40:47.0628 1912  amdagp - ok
14:40:47.0658 1912  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
14:40:47.0661 1912  amdide - ok
14:40:47.0718 1912  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
14:40:47.0722 1912  AmdK8 - ok
14:40:47.0744 1912  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
14:40:47.0747 1912  AmdPPM - ok
14:40:47.0808 1912  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:40:47.0812 1912  amdsata - ok
14:40:47.0861 1912  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
14:40:47.0867 1912  amdsbs - ok
14:40:47.0897 1912  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:40:47.0901 1912  amdxata - ok
14:40:47.0956 1912  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
14:40:47.0960 1912  AppID - ok
14:40:48.0024 1912  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:40:48.0027 1912  AppIDSvc - ok
14:40:48.0071 1912  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
14:40:48.0074 1912  Appinfo - ok
14:40:48.0190 1912  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:40:48.0198 1912  Apple Mobile Device - ok
14:40:48.0250 1912  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
14:40:48.0254 1912  arc - ok
14:40:48.0277 1912  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
14:40:48.0281 1912  arcsas - ok
14:40:48.0461 1912  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:40:48.0501 1912  aspnet_state - ok
14:40:48.0561 1912  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:40:48.0564 1912  AsyncMac - ok
14:40:48.0605 1912  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
14:40:48.0606 1912  atapi - ok
14:40:48.0672 1912  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:40:48.0683 1912  AudioEndpointBuilder - ok
14:40:48.0717 1912  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
14:40:48.0724 1912  Audiosrv - ok
14:40:48.0762 1912  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:40:48.0766 1912  AxInstSV - ok
14:40:48.0818 1912  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
14:40:48.0828 1912  b06bdrv - ok
14:40:48.0892 1912  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
14:40:48.0899 1912  b57nd60x - ok
14:40:48.0963 1912  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:40:48.0977 1912  BDESVC - ok
14:40:49.0021 1912  [ FE7D7035833981F5B4EE746805E9C30E ] BdSpy           C:\Windows\system32\DRIVERS\BdSpy.sys
14:40:49.0024 1912  BdSpy - ok
14:40:49.0043 1912  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:40:49.0045 1912  Beep - ok
14:40:49.0111 1912  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
14:40:49.0123 1912  BFE - ok
14:40:49.0239 1912  [ C4F6B64F61934523E2DAD838D4B23B12 ] BgRaSvc         C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe
14:40:49.0253 1912  BgRaSvc - ok
14:40:49.0333 1912  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
14:40:49.0400 1912  BITS - ok
14:40:49.0466 1912  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:40:49.0468 1912  blbdrive - ok
14:40:49.0566 1912  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:40:49.0575 1912  Bonjour Service - ok
14:40:49.0673 1912  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:40:49.0677 1912  bowser - ok
14:40:49.0716 1912  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:40:49.0720 1912  BrFiltLo - ok
14:40:49.0755 1912  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:40:49.0757 1912  BrFiltUp - ok
14:40:49.0824 1912  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
14:40:49.0828 1912  Browser - ok
14:40:50.0035 1912  [ 639838B4BD0ED95F308650B910E3EC82 ] BrowserProtect  C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
14:40:50.0105 1912  BrowserProtect - ok
14:40:50.0152 1912  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:40:50.0160 1912  Brserid - ok
14:40:50.0220 1912  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:40:50.0223 1912  BrSerWdm - ok
14:40:50.0278 1912  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:40:50.0281 1912  BrUsbMdm - ok
14:40:50.0348 1912  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:40:50.0351 1912  BrUsbSer - ok
14:40:50.0430 1912  [ CD40B39A3DAC59BD00BA0C76941133D2 ] BsBhvScan       C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
14:40:50.0439 1912  BsBhvScan - ok
14:40:50.0494 1912  [ 5F15F8A2FE5D087F6EBDC3961A8B198E ] BsBrowser       C:\Program Files\BullGuard Ltd\BullGuard\BsBrowser.dll
14:40:50.0497 1912  BsBrowser - ok
14:40:50.0578 1912  [ 514E96F4037B98067863A65E89349D80 ] BsFileScan      C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll
14:40:50.0586 1912  BsFileScan - ok
14:40:50.0664 1912  [ 9C6066552E2BF2360667E15730DC0995 ] BsFire          C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll
14:40:50.0675 1912  BsFire - ok
14:40:50.0733 1912  [ 162266BFCEADACEBBB628DFD0C1AB152 ] BsMailProxy     C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll
14:40:50.0738 1912  BsMailProxy - ok
14:40:50.0799 1912  [ 60D6ECED581EFC2D237721F72BC6FBAC ] BsMain          C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll
14:40:50.0804 1912  BsMain - ok
14:40:50.0840 1912  [ 173EE0192B8A172D1E7AEA6F36E1058E ] BsScanner       C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
14:40:50.0848 1912  BsScanner - ok
14:40:50.0899 1912  [ 7951E867B9C89A2F4156F3AB8FD28E82 ] BsUpdate        C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
14:40:50.0908 1912  BsUpdate - ok
14:40:50.0974 1912  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
14:40:50.0977 1912  BthEnum - ok
14:40:50.0999 1912  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
14:40:51.0002 1912  BTHMODEM - ok
14:40:51.0041 1912  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
14:40:51.0045 1912  BthPan - ok
14:40:51.0100 1912  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
14:40:51.0110 1912  BTHPORT - ok
14:40:51.0160 1912  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
14:40:51.0163 1912  bthserv - ok
14:40:51.0232 1912  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
14:40:51.0235 1912  BTHUSB - ok
14:40:51.0271 1912  [ 92C5B845803F3662637EB691AC0B250F ] btusbflt        C:\Windows\system32\drivers\btusbflt.sys
14:40:51.0274 1912  btusbflt - ok
14:40:51.0305 1912  [ 7E826BE3B3558208D5C9B00034E51BE5 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
14:40:51.0309 1912  btwaudio - ok
14:40:51.0347 1912  [ AF9148C3E844131AC954CB53FF43D971 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
14:40:51.0352 1912  btwavdt - ok
14:40:51.0419 1912  [ 0E3EE2BC0EC56BFE869FCDE3E5806684 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
14:40:51.0438 1912  btwdins - ok
14:40:51.0478 1912  [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
14:40:51.0481 1912  btwl2cap - ok
14:40:51.0522 1912  [ 480B3D195854B2E55299CDDDDC50BCF9 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
14:40:51.0524 1912  btwrchid - ok
14:40:51.0573 1912  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:40:51.0577 1912  cdfs - ok
14:40:51.0640 1912  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
14:40:51.0644 1912  cdrom - ok
14:40:51.0695 1912  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
14:40:51.0699 1912  CertPropSvc - ok
14:40:51.0748 1912  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
14:40:51.0750 1912  circlass - ok
14:40:51.0804 1912  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
14:40:51.0812 1912  CLFS - ok
14:40:51.0866 1912  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:40:51.0877 1912  clr_optimization_v2.0.50727_32 - ok
14:40:51.0948 1912  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:40:52.0004 1912  clr_optimization_v4.0.30319_32 - ok
14:40:52.0056 1912  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:40:52.0058 1912  CmBatt - ok
14:40:52.0087 1912  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:40:52.0090 1912  cmdide - ok
14:40:52.0145 1912  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
14:40:52.0155 1912  CNG - ok
14:40:52.0202 1912  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:40:52.0205 1912  Compbatt - ok
14:40:52.0263 1912  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:40:52.0266 1912  CompositeBus - ok
14:40:52.0288 1912  COMSysApp - ok
14:40:52.0342 1912  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
14:40:52.0345 1912  crcdisk - ok
14:40:52.0407 1912  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:40:52.0413 1912  CryptSvc - ok
14:40:52.0473 1912  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:40:52.0497 1912  DcomLaunch - ok
14:40:52.0539 1912  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
14:40:52.0547 1912  defragsvc - ok
14:40:52.0603 1912  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:40:52.0607 1912  DfsC - ok
14:40:52.0633 1912  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:40:52.0642 1912  Dhcp - ok
14:40:52.0683 1912  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
14:40:52.0685 1912  discache - ok
14:40:52.0737 1912  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
14:40:52.0740 1912  Disk - ok
14:40:52.0802 1912  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:40:52.0808 1912  Dnscache - ok
14:40:52.0870 1912  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:40:52.0880 1912  dot3svc - ok
14:40:52.0943 1912  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
14:40:52.0950 1912  DPS - ok
14:40:53.0006 1912  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:40:53.0008 1912  drmkaud - ok
14:40:53.0075 1912  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:40:53.0097 1912  DXGKrnl - ok
14:40:53.0154 1912  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
14:40:53.0160 1912  EapHost - ok
14:40:53.0310 1912  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
14:40:53.0415 1912  ebdrv - ok
14:40:53.0476 1912  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
14:40:53.0483 1912  EFS - ok
14:40:53.0545 1912  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
14:40:53.0556 1912  elxstor - ok
14:40:53.0608 1912  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:40:53.0611 1912  ErrDev - ok
14:40:53.0711 1912  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
14:40:53.0722 1912  EventSystem - ok
14:40:53.0768 1912  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
14:40:53.0773 1912  exfat - ok
14:40:53.0829 1912  Fabs - ok
14:40:53.0847 1912  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:40:53.0855 1912  fastfat - ok
14:40:53.0921 1912  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
14:40:53.0945 1912  Fax - ok
14:40:53.0986 1912  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:40:53.0989 1912  fdc - ok
14:40:54.0034 1912  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
14:40:54.0039 1912  fdPHost - ok
14:40:54.0052 1912  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
14:40:54.0058 1912  FDResPub - ok
14:40:54.0086 1912  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:40:54.0089 1912  FileInfo - ok
14:40:54.0220 1912  [ 2B0BCCF997721163E97889DC56EFDBDE ] FileOpenManagerService C:\Program Files\FileOpen\Services\FileOpenManagerService32.exe
14:40:54.0225 1912  FileOpenManagerService - ok
14:40:54.0251 1912  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:40:54.0255 1912  Filetrace - ok
14:40:54.0377 1912  [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
14:40:54.0511 1912  FirebirdServerMAGIXInstance - ok
14:40:54.0558 1912  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:40:54.0560 1912  flpydisk - ok
14:40:54.0624 1912  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:40:54.0629 1912  FltMgr - ok
14:40:54.0704 1912  [ AA85D09261FBF080CD9415853BD7B559 ] FontCache       C:\Windows\system32\FntCache.dll
14:40:54.0746 1912  FontCache - ok
14:40:54.0841 1912  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:40:54.0845 1912  FontCache3.0.0.0 - ok
14:40:54.0885 1912  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:40:54.0887 1912  FsDepends - ok
14:40:54.0940 1912  [ 01BB4A70EA1F47422C1646B06164A8FB ] fspad_wlh32     C:\Windows\system32\DRIVERS\fspad_wlh32.sys
14:40:54.0943 1912  fspad_wlh32 - ok
14:40:54.0984 1912  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:40:54.0986 1912  Fs_Rec - ok
14:40:55.0042 1912  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:40:55.0047 1912  fvevol - ok
14:40:55.0098 1912  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
14:40:55.0101 1912  gagp30kx - ok
14:40:55.0163 1912  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:40:55.0165 1912  GEARAspiWDM - ok
14:40:55.0225 1912  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:40:55.0245 1912  gpsvc - ok
14:40:55.0313 1912  [ 833051C6C6C42117191935F734CFBD97 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
14:40:55.0316 1912  hamachi - ok
14:40:55.0450 1912  [ 616399E27A55C97AE859230EB13984D8 ] Hamachi2Svc     C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
14:40:55.0498 1912  Hamachi2Svc - ok
14:40:55.0543 1912  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:40:55.0546 1912  hcw85cir - ok
14:40:55.0607 1912  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:40:55.0614 1912  HdAudAddService - ok
14:40:55.0647 1912  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
14:40:55.0651 1912  HDAudBus - ok
14:40:55.0664 1912  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
14:40:55.0670 1912  HidBatt - ok
14:40:55.0715 1912  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
14:40:55.0719 1912  HidBth - ok
14:40:55.0753 1912  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
14:40:55.0757 1912  HidIr - ok
14:40:55.0799 1912  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
14:40:55.0804 1912  hidserv - ok
14:40:55.0861 1912  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:40:55.0863 1912  HidUsb - ok
14:40:55.0916 1912  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:40:55.0924 1912  hkmsvc - ok
14:40:55.0981 1912  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:40:55.0989 1912  HomeGroupListener - ok
14:40:56.0020 1912  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:40:56.0032 1912  HomeGroupProvider - ok
14:40:56.0082 1912  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:40:56.0085 1912  HpSAMD - ok
14:40:56.0140 1912  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:40:56.0151 1912  HTTP - ok
14:40:56.0194 1912  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:40:56.0196 1912  hwpolicy - ok
14:40:56.0253 1912  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:40:56.0257 1912  i8042prt - ok
14:40:56.0322 1912  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:40:56.0330 1912  iaStorV - ok
14:40:56.0459 1912  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
14:40:56.0463 1912  IDriverT - ok
14:40:56.0542 1912  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:40:56.0577 1912  idsvc - ok
14:40:56.0745 1912  [ E21A74A91F7AA3BB2E985C4CDDCA63F2 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
14:40:56.0870 1912  igfx - ok
14:40:56.0903 1912  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
14:40:56.0906 1912  iirsp - ok
14:40:56.0978 1912  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
14:40:56.0999 1912  IKEEXT - ok
14:40:57.0133 1912  [ 09BF2EFC833A4848665E439EB4DB3331 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
14:40:57.0221 1912  IntcAzAudAddService - ok
14:40:57.0257 1912  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:40:57.0259 1912  intelide - ok
14:40:57.0312 1912  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:40:57.0315 1912  intelppm - ok
14:40:57.0358 1912  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:40:57.0365 1912  IPBusEnum - ok
14:40:57.0425 1912  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:40:57.0429 1912  IpFilterDriver - ok
14:40:57.0506 1912  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:40:57.0518 1912  iphlpsvc - ok
14:40:57.0565 1912  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:40:57.0568 1912  IPMIDRV - ok
14:40:57.0600 1912  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:40:57.0603 1912  IPNAT - ok
14:40:57.0689 1912  [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:40:57.0723 1912  iPod Service - ok
14:40:57.0775 1912  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:40:57.0778 1912  IRENUM - ok
14:40:57.0800 1912  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:40:57.0803 1912  isapnp - ok
14:40:57.0853 1912  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:40:57.0859 1912  iScsiPrt - ok
14:40:57.0909 1912  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
14:40:57.0912 1912  kbdclass - ok
14:40:57.0955 1912  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
14:40:57.0958 1912  kbdhid - ok
14:40:57.0987 1912  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
14:40:57.0992 1912  KeyIso - ok
14:40:58.0044 1912  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:40:58.0048 1912  KSecDD - ok
14:40:58.0099 1912  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:40:58.0103 1912  KSecPkg - ok
14:40:58.0156 1912  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:40:58.0167 1912  KtmRm - ok
14:40:58.0216 1912  [ 3705B2273E8EFC9A707864AB7324B614 ] L1C             C:\Windows\system32\DRIVERS\L1C62x86.sys
14:40:58.0219 1912  L1C - ok
14:40:58.0263 1912  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:40:58.0274 1912  LanmanServer - ok
14:40:58.0295 1912  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:40:58.0307 1912  LanmanWorkstation - ok
14:40:58.0358 1912  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:40:58.0361 1912  lltdio - ok
14:40:58.0397 1912  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:40:58.0405 1912  lltdsvc - ok
14:40:58.0437 1912  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:40:58.0443 1912  lmhosts - ok
14:40:58.0506 1912  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
14:40:58.0511 1912  LSI_FC - ok
14:40:58.0561 1912  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
14:40:58.0565 1912  LSI_SAS - ok
14:40:58.0604 1912  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:40:58.0607 1912  LSI_SAS2 - ok
14:40:58.0658 1912  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:40:58.0661 1912  LSI_SCSI - ok
14:40:58.0704 1912  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
14:40:58.0708 1912  luafv - ok
14:40:58.0731 1912  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
14:40:58.0734 1912  megasas - ok
14:40:58.0799 1912  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
14:40:58.0806 1912  MegaSR - ok
14:40:58.0839 1912  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
14:40:58.0845 1912  MMCSS - ok
14:40:58.0870 1912  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
14:40:58.0873 1912  Modem - ok
14:40:58.0904 1912  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:40:58.0907 1912  monitor - ok
14:40:58.0930 1912  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:40:58.0932 1912  mouclass - ok
14:40:58.0971 1912  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:40:58.0974 1912  mouhid - ok
14:40:59.0030 1912  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:40:59.0033 1912  mountmgr - ok
14:40:59.0124 1912  [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:40:59.0128 1912  MozillaMaintenance - ok
14:40:59.0158 1912  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:40:59.0162 1912  mpio - ok
14:40:59.0205 1912  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:40:59.0208 1912  mpsdrv - ok
14:40:59.0294 1912  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:40:59.0315 1912  MpsSvc - ok
14:40:59.0362 1912  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:40:59.0365 1912  MRxDAV - ok
14:40:59.0431 1912  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:40:59.0435 1912  mrxsmb - ok
14:40:59.0489 1912  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:40:59.0495 1912  mrxsmb10 - ok
14:40:59.0519 1912  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:40:59.0523 1912  mrxsmb20 - ok
14:40:59.0570 1912  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
14:40:59.0573 1912  msahci - ok
14:40:59.0612 1912  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:40:59.0616 1912  msdsm - ok
14:40:59.0658 1912  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
14:40:59.0666 1912  MSDTC - ok
14:40:59.0727 1912  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:40:59.0730 1912  Msfs - ok
14:40:59.0751 1912  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:40:59.0753 1912  mshidkmdf - ok
14:40:59.0789 1912  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:40:59.0791 1912  msisadrv - ok
14:40:59.0831 1912  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:40:59.0838 1912  MSiSCSI - ok
14:40:59.0851 1912  msiserver - ok
14:40:59.0888 1912  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:40:59.0891 1912  MSKSSRV - ok
14:40:59.0911 1912  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:40:59.0915 1912  MSPCLOCK - ok
14:40:59.0942 1912  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:40:59.0945 1912  MSPQM - ok
14:40:59.0975 1912  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:40:59.0980 1912  MsRPC - ok
14:41:00.0039 1912  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:41:00.0041 1912  mssmbios - ok
14:41:00.0154 1912  MSSQL$SQLEXPRESS - ok
14:41:00.0262 1912  [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
14:41:00.0281 1912  MSSQLServerADHelper100 - ok
14:41:00.0330 1912  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:41:00.0333 1912  MSTEE - ok
14:41:00.0376 1912  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
14:41:00.0379 1912  MTConfig - ok
14:41:00.0408 1912  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:41:00.0411 1912  Mup - ok
14:41:00.0459 1912  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
14:41:00.0472 1912  napagent - ok
14:41:00.0511 1912  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:41:00.0518 1912  NativeWifiP - ok
14:41:00.0598 1912  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:41:00.0618 1912  NDIS - ok
14:41:00.0661 1912  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:41:00.0664 1912  NdisCap - ok
14:41:00.0697 1912  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:41:00.0700 1912  NdisTapi - ok
14:41:00.0749 1912  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:41:00.0751 1912  Ndisuio - ok
14:41:00.0792 1912  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:41:00.0796 1912  NdisWan - ok
14:41:00.0844 1912  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:41:00.0847 1912  NDProxy - ok
14:41:00.0865 1912  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:41:00.0868 1912  NetBIOS - ok
14:41:00.0915 1912  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:41:00.0920 1912  NetBT - ok
14:41:00.0942 1912  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
14:41:00.0947 1912  Netlogon - ok
14:41:00.0997 1912  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
14:41:01.0010 1912  Netman - ok
14:41:01.0062 1912  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:41:01.0107 1912  NetMsmqActivator - ok
14:41:01.0117 1912  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:41:01.0121 1912  NetPipeActivator - ok
14:41:01.0142 1912  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
14:41:01.0154 1912  netprofm - ok
14:41:01.0166 1912  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:41:01.0170 1912  NetTcpActivator - ok
14:41:01.0184 1912  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:41:01.0188 1912  NetTcpPortSharing - ok
14:41:01.0228 1912  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
14:41:01.0231 1912  nfrd960 - ok
14:41:01.0284 1912  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:41:01.0294 1912  NlaSvc - ok
14:41:01.0386 1912  [ DD8B7B1EEFE8D36CD9F070619CBB66C2 ] NovaShieldFilterDriver C:\Windows\system32\DRIVERS\NSKernel.sys
14:41:01.0391 1912  NovaShieldFilterDriver - ok
14:41:01.0418 1912  [ F137D033742CE16FA8AAF974A899AAF2 ] NovaShieldTDIDriver C:\Windows\system32\DRIVERS\NSNetmon.sys
14:41:01.0420 1912  NovaShieldTDIDriver - ok
14:41:01.0464 1912  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:41:01.0467 1912  Npfs - ok
14:41:01.0515 1912  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
14:41:01.0522 1912  nsi - ok
14:41:01.0534 1912  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:41:01.0540 1912  nsiproxy - ok
14:41:01.0625 1912  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:41:01.0660 1912  Ntfs - ok
14:41:01.0680 1912  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
14:41:01.0683 1912  Null - ok
14:41:01.0730 1912  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:41:01.0734 1912  nvraid - ok
14:41:01.0788 1912  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:41:01.0792 1912  nvstor - ok
14:41:01.0841 1912  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:41:01.0845 1912  nv_agp - ok
14:41:01.0877 1912  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:41:01.0880 1912  ohci1394 - ok
14:41:01.0930 1912  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:41:01.0941 1912  p2pimsvc - ok
14:41:01.0969 1912  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:41:01.0981 1912  p2psvc - ok
14:41:02.0020 1912  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
14:41:02.0024 1912  Parport - ok
14:41:02.0073 1912  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:41:02.0078 1912  partmgr - ok
14:41:02.0109 1912  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
14:41:02.0111 1912  Parvdm - ok
14:41:02.0344 1912  [ 0C7B85E8655E2774466E941B42AD9121 ] pc essentials   C:\Program Files\pc essentials\updater.exe
14:41:02.0513 1912  pc essentials - ok
14:41:02.0591 1912  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:41:02.0600 1912  PcaSvc - ok
14:41:02.0628 1912  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
14:41:02.0633 1912  pci - ok
14:41:02.0679 1912  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
14:41:02.0682 1912  pciide - ok
14:41:02.0729 1912  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
14:41:02.0734 1912  pcmcia - ok
14:41:02.0771 1912  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
14:41:02.0774 1912  pcw - ok
14:41:02.0810 1912  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:41:02.0822 1912  PEAUTH - ok
14:41:02.0948 1912  [ E0297D369962F00E52BBACE14A554DF5 ] PhotoshopElementsDeviceConnect C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
14:41:02.0952 1912  PhotoshopElementsDeviceConnect - ok
14:41:03.0044 1912  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
14:41:03.0089 1912  pla - ok
14:41:03.0160 1912  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:41:03.0173 1912  PlugPlay - ok
14:41:03.0212 1912  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:41:03.0220 1912  PNRPAutoReg - ok
14:41:03.0252 1912  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:41:03.0261 1912  PNRPsvc - ok
14:41:03.0308 1912  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:41:03.0318 1912  PolicyAgent - ok
14:41:03.0369 1912  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
14:41:03.0379 1912  Power - ok
14:41:03.0417 1912  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:41:03.0420 1912  PptpMiniport - ok
14:41:03.0444 1912  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
14:41:03.0447 1912  Processor - ok
14:41:03.0494 1912  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
14:41:03.0504 1912  ProfSvc - ok
14:41:03.0520 1912  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:41:03.0525 1912  ProtectedStorage - ok
14:41:03.0571 1912  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:41:03.0575 1912  Psched - ok
14:41:03.0628 1912  [ B5DFB86A6CAEAE9B2BF3DEDB43BE6393 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
14:41:03.0630 1912  PxHelp20 - ok
14:41:03.0705 1912  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
14:41:03.0751 1912  ql2300 - ok
14:41:03.0796 1912  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
14:41:03.0800 1912  ql40xx - ok
14:41:03.0841 1912  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
14:41:03.0853 1912  QWAVE - ok
14:41:03.0883 1912  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:41:03.0886 1912  QWAVEdrv - ok
14:41:03.0913 1912  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:41:03.0915 1912  RasAcd - ok
14:41:03.0969 1912  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:41:03.0972 1912  RasAgileVpn - ok
14:41:04.0009 1912  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
14:41:04.0017 1912  RasAuto - ok
14:41:04.0048 1912  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:41:04.0051 1912  Rasl2tp - ok
14:41:04.0112 1912  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
14:41:04.0124 1912  RasMan - ok
14:41:04.0144 1912  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:41:04.0149 1912  RasPppoe - ok
14:41:04.0163 1912  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:41:04.0168 1912  RasSstp - ok
14:41:04.0226 1912  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:41:04.0231 1912  rdbss - ok
14:41:04.0265 1912  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
14:41:04.0268 1912  rdpbus - ok
14:41:04.0318 1912  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:41:04.0320 1912  RDPCDD - ok
14:41:04.0374 1912  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:41:04.0377 1912  RDPENCDD - ok
14:41:04.0402 1912  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:41:04.0405 1912  RDPREFMP - ok
14:41:04.0451 1912  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:41:04.0456 1912  RDPWD - ok
14:41:04.0513 1912  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:41:04.0518 1912  rdyboost - ok
14:41:04.0555 1912  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:41:04.0562 1912  RemoteAccess - ok
14:41:04.0602 1912  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:41:04.0614 1912  RemoteRegistry - ok
14:41:04.0654 1912  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
14:41:04.0658 1912  RFCOMM - ok
14:41:04.0752 1912  [ 999AA77152F16A40A5727FC657EF66C3 ] RichVideo       C:\Program Files\CyberLink\Shared files\RichVideo.exe
14:41:04.0759 1912  RichVideo - ok
14:41:04.0810 1912  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:41:04.0818 1912  RpcEptMapper - ok
14:41:04.0863 1912  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
14:41:04.0871 1912  RpcLocator - ok
14:41:04.0906 1912  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
14:41:04.0917 1912  RpcSs - ok
14:41:04.0985 1912  [ FD692C6FFADE58F7C4C3C3C9A0EC35BD ] RsFx0103        C:\Windows\system32\DRIVERS\RsFx0103.sys
14:41:04.0992 1912  RsFx0103 - ok
14:41:05.0043 1912  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:41:05.0046 1912  rspndr - ok
14:41:05.0108 1912  [ 44B7739F2D623AD6FB46755BB60351A4 ] rtl8192se       C:\Windows\system32\DRIVERS\rtl8192se.sys
14:41:05.0139 1912  rtl8192se - ok
14:41:05.0164 1912  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
14:41:05.0169 1912  SamSs - ok
14:41:05.0221 1912  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:41:05.0224 1912  sbp2port - ok
14:41:05.0258 1912  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:41:05.0268 1912  SCardSvr - ok
14:41:05.0288 1912  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:41:05.0291 1912  scfilter - ok
14:41:05.0352 1912  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
14:41:05.0386 1912  Schedule - ok
14:41:05.0429 1912  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:41:05.0431 1912  SCPolicySvc - ok
14:41:05.0471 1912  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:41:05.0481 1912  SDRSVC - ok
14:41:05.0521 1912  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:41:05.0523 1912  secdrv - ok
14:41:05.0563 1912  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
14:41:05.0571 1912  seclogon - ok
14:41:05.0603 1912  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
14:41:05.0614 1912  SENS - ok
14:41:05.0643 1912  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:41:05.0646 1912  Serenum - ok
14:41:05.0698 1912  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:41:05.0701 1912  Serial - ok
14:41:05.0753 1912  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
14:41:05.0755 1912  sermouse - ok
14:41:05.0820 1912  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:41:05.0830 1912  SessionEnv - ok
14:41:05.0875 1912  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:41:05.0878 1912  sffdisk - ok
14:41:05.0905 1912  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:41:05.0908 1912  sffp_mmc - ok
14:41:05.0929 1912  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:41:05.0931 1912  sffp_sd - ok
14:41:05.0971 1912  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
14:41:05.0974 1912  sfloppy - ok
14:41:06.0010 1912  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:41:06.0020 1912  SharedAccess - ok
14:41:06.0073 1912  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:41:06.0086 1912  ShellHWDetection - ok
14:41:06.0141 1912  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
14:41:06.0145 1912  sisagp - ok
14:41:06.0198 1912  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:41:06.0201 1912  SiSRaid2 - ok
14:41:06.0244 1912  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
14:41:06.0247 1912  SiSRaid4 - ok
14:41:06.0333 1912  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
14:41:06.0337 1912  SkypeUpdate - ok
14:41:06.0394 1912  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:41:06.0398 1912  Smb - ok
14:41:06.0463 1912  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:41:06.0471 1912  SNMPTRAP - ok
14:41:06.0488 1912  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:41:06.0491 1912  spldr - ok
14:41:06.0547 1912  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
14:41:06.0560 1912  Spooler - ok
14:41:06.0693 1912  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
14:41:06.0784 1912  sppsvc - ok
14:41:06.0843 1912  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:41:06.0852 1912  sppuinotify - ok
14:41:06.0919 1912  [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
14:41:06.0942 1912  SQLAgent$SQLEXPRESS - ok
14:41:07.0038 1912  [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser      c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:41:07.0062 1912  SQLBrowser - ok
14:41:07.0141 1912  [ 637A0F23F9012358E92E6F99835494D1 ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:41:07.0144 1912  SQLWriter - ok
14:41:07.0203 1912  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:41:07.0210 1912  srv - ok
14:41:07.0255 1912  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:41:07.0262 1912  srv2 - ok
14:41:07.0276 1912  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:41:07.0282 1912  srvnet - ok
14:41:07.0337 1912  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:41:07.0348 1912  SSDPSRV - ok
14:41:07.0363 1912  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:41:07.0374 1912  SstpSvc - ok
14:41:07.0416 1912  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
14:41:07.0419 1912  stexstor - ok
14:41:07.0475 1912  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
14:41:07.0497 1912  StiSvc - ok
14:41:07.0543 1912  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:41:07.0546 1912  swenum - ok
14:41:07.0570 1912  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
14:41:07.0583 1912  swprv - ok
14:41:07.0654 1912  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
14:41:07.0702 1912  SysMain - ok
14:41:07.0751 1912  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:41:07.0760 1912  TabletInputService - ok
14:41:07.0803 1912  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:41:07.0815 1912  TapiSrv - ok
14:41:07.0864 1912  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
14:41:07.0874 1912  TBS - ok
14:41:07.0949 1912  [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:41:07.0984 1912  Tcpip - ok
14:41:08.0041 1912  [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:41:08.0056 1912  TCPIP6 - ok
14:41:08.0111 1912  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:41:08.0115 1912  tcpipreg - ok
14:41:08.0171 1912  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:41:08.0173 1912  TDPIPE - ok
14:41:08.0217 1912  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:41:08.0220 1912  TDTCP - ok
14:41:08.0267 1912  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:41:08.0270 1912  tdx - ok
14:41:08.0295 1912  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:41:08.0298 1912  TermDD - ok
14:41:08.0354 1912  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
14:41:08.0377 1912  TermService - ok
14:41:08.0422 1912  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
14:41:08.0431 1912  Themes - ok
14:41:08.0450 1912  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
14:41:08.0455 1912  THREADORDER - ok
14:41:08.0471 1912  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
14:41:08.0481 1912  TrkWks - ok
14:41:08.0562 1912  [ D391F1171A2E3A7080DF6FAAE7A20C0B ] Trufos          C:\Windows\system32\DRIVERS\Trufos.sys
14:41:08.0569 1912  Trufos - ok
14:41:08.0663 1912  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:41:08.0668 1912  TrustedInstaller - ok
14:41:08.0723 1912  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:41:08.0726 1912  tssecsrv - ok
14:41:08.0788 1912  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:41:08.0791 1912  TsUsbFlt - ok
14:41:08.0851 1912  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:41:08.0854 1912  tunnel - ok
14:41:08.0894 1912  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
14:41:08.0899 1912  uagp35 - ok
14:41:08.0941 1912  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:41:08.0947 1912  udfs - ok
14:41:09.0010 1912  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:41:09.0019 1912  UI0Detect - ok
14:41:09.0053 1912  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:41:09.0057 1912  uliagpkx - ok
14:41:09.0085 1912  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
14:41:09.0089 1912  umbus - ok
14:41:09.0136 1912  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:41:09.0152 1912  UmPass - ok
14:41:09.0202 1912  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
14:41:09.0215 1912  upnphost - ok
14:41:09.0275 1912  [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
14:41:09.0279 1912  USBAAPL - ok
14:41:09.0324 1912  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:41:09.0327 1912  usbccgp - ok
14:41:09.0377 1912  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:41:09.0381 1912  usbcir - ok
14:41:09.0407 1912  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
14:41:09.0410 1912  usbehci - ok
14:41:09.0448 1912  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:41:09.0454 1912  usbhub - ok
14:41:09.0509 1912  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:41:09.0512 1912  usbohci - ok
14:41:09.0552 1912  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:41:09.0555 1912  usbprint - ok
14:41:09.0580 1912  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:41:09.0584 1912  USBSTOR - ok
14:41:09.0617 1912  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:41:09.0620 1912  usbuhci - ok
14:41:09.0690 1912  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
14:41:09.0694 1912  usbvideo - ok
14:41:09.0745 1912  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
14:41:09.0755 1912  UxSms - ok
14:41:09.0797 1912  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
14:41:09.0802 1912  VaultSvc - ok
14:41:09.0839 1912  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:41:09.0842 1912  vdrvroot - ok
14:41:09.0897 1912  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
14:41:09.0920 1912  vds - ok
14:41:09.0963 1912  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:41:09.0966 1912  vga - ok
14:41:10.0012 1912  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:41:10.0014 1912  VgaSave - ok
14:41:10.0067 1912  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:41:10.0072 1912  vhdmp - ok
14:41:10.0115 1912  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
14:41:10.0119 1912  viaagp - ok
14:41:10.0173 1912  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
14:41:10.0177 1912  ViaC7 - ok
14:41:10.0213 1912  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
14:41:10.0216 1912  viaide - ok
14:41:10.0260 1912  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:41:10.0263 1912  volmgr - ok
14:41:10.0298 1912  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:41:10.0306 1912  volmgrx - ok
14:41:10.0350 1912  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:41:10.0357 1912  volsnap - ok
14:41:10.0409 1912  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
14:41:10.0414 1912  vsmraid - ok
14:41:10.0492 1912  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
14:41:10.0526 1912  VSS - ok
14:41:10.0564 1912  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:41:10.0567 1912  vwifibus - ok
14:41:10.0589 1912  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:41:10.0593 1912  vwififlt - ok
14:41:10.0630 1912  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
14:41:10.0633 1912  vwifimp - ok
14:41:10.0679 1912  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
14:41:10.0693 1912  W32Time - ok
14:41:10.0733 1912  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
14:41:10.0736 1912  WacomPen - ok
14:41:10.0778 1912  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:41:10.0781 1912  WANARP - ok
14:41:10.0791 1912  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:41:10.0794 1912  Wanarpv6 - ok
14:41:10.0870 1912  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
14:41:10.0917 1912  wbengine - ok
14:41:10.0969 1912  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:41:10.0980 1912  WbioSrvc - ok
14:41:11.0029 1912  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:41:11.0042 1912  wcncsvc - ok
14:41:11.0071 1912  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:41:11.0081 1912  WcsPlugInService - ok
14:41:11.0108 1912  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
14:41:11.0111 1912  Wd - ok
14:41:11.0177 1912  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:41:11.0188 1912  Wdf01000 - ok
14:41:11.0222 1912  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:41:11.0232 1912  WdiServiceHost - ok
14:41:11.0242 1912  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:41:11.0255 1912  WdiSystemHost - ok
14:41:11.0364 1912  [ F4A9476AA49B69D28BE439C64F96C714 ] Web Assistant Updater C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
14:41:11.0369 1912  Web Assistant Updater - ok
14:41:11.0420 1912  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
14:41:11.0443 1912  WebClient - ok
14:41:11.0470 1912  WebOptimizer - ok
14:41:11.0515 1912  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:41:11.0526 1912  Wecsvc - ok
14:41:11.0554 1912  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:41:11.0564 1912  wercplsupport - ok
14:41:11.0597 1912  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:41:11.0606 1912  WerSvc - ok
14:41:11.0640 1912  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:41:11.0643 1912  WfpLwf - ok
14:41:11.0672 1912  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:41:11.0675 1912  WIMMount - ok
14:41:11.0762 1912  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
14:41:11.0774 1912  WinDefend - ok
14:41:11.0800 1912  WinHttpAutoProxySvc - ok
14:41:11.0873 1912  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:41:11.0881 1912  Winmgmt - ok
14:41:11.0961 1912  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
14:41:12.0006 1912  WinRM - ok
14:41:12.0088 1912  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:41:12.0092 1912  WinUsb - ok
14:41:12.0150 1912  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:41:12.0197 1912  Wlansvc - ok
14:41:12.0323 1912  [ D9250B31B353EE3322C1CAD411997E38 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:41:12.0369 1912  wlidsvc - ok
14:41:12.0420 1912  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:41:12.0423 1912  WmiAcpi - ok
14:41:12.0482 1912  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:41:12.0486 1912  wmiApSrv - ok
14:41:12.0586 1912  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
14:41:12.0620 1912  WMPNetworkSvc - ok
14:41:12.0679 1912  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:41:12.0689 1912  WPCSvc - ok
14:41:12.0741 1912  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:41:12.0751 1912  WPDBusEnum - ok
14:41:12.0782 1912  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:41:12.0785 1912  ws2ifsl - ok
14:41:12.0803 1912  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
14:41:12.0814 1912  wscsvc - ok
14:41:12.0828 1912  WSearch - ok
14:41:12.0939 1912  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
14:41:13.0007 1912  wuauserv - ok
14:41:13.0058 1912  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:41:13.0062 1912  WudfPf - ok
14:41:13.0098 1912  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:41:13.0103 1912  WUDFRd - ok
14:41:13.0161 1912  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:41:13.0174 1912  wudfsvc - ok
14:41:13.0234 1912  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:41:13.0247 1912  WwanSvc - ok
14:41:13.0311 1912  ================ Scan global ===============================
14:41:13.0360 1912  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
14:41:13.0405 1912  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
14:41:13.0438 1912  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
14:41:13.0490 1912  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
14:41:13.0530 1912  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
14:41:13.0541 1912  [Global] - ok
14:41:13.0542 1912  ================ Scan MBR ==================================
14:41:13.0557 1912  [ D4235019B9CC6FCAC77D4C80F1FA6E89 ] \Device\Harddisk0\DR0
14:41:22.0543 1912  \Device\Harddisk0\DR0 - ok
14:41:22.0544 1912  ================ Scan VBR ==================================
14:41:22.0551 1912  [ DA5516775A07F69A332033049865B2DF ] \Device\Harddisk0\DR0\Partition1
14:41:22.0555 1912  \Device\Harddisk0\DR0\Partition1 - ok
14:41:22.0604 1912  [ F63467ABCEFF98E960D5CC660B2146DF ] \Device\Harddisk0\DR0\Partition2
14:41:22.0607 1912  \Device\Harddisk0\DR0\Partition2 - ok
14:41:22.0648 1912  [ FA6707864A6ABB94C0458B46B84C3B9E ] \Device\Harddisk0\DR0\Partition3
14:41:22.0651 1912  \Device\Harddisk0\DR0\Partition3 - ok
14:41:22.0652 1912  ============================================================
14:41:22.0652 1912  Scan finished
14:41:22.0652 1912  ============================================================
14:41:22.0678 1452  Detected object count: 0
14:41:22.0678 1452  Actual detected object count: 0
14:43:44.0832 2476  Deinitialize success
         

Antwort

Themen zu Attention Required; Google, Youtube und viele andere Websiten sind gesperrt
andere, anderes, attention, attention required, drücke, einzige, gesperrt, google, html, konnte, könntet, leiste, meldung, required, schnell, website, websiten, youtube



Ähnliche Themen: Attention Required; Google, Youtube und viele andere Websiten sind gesperrt


  1. Attention Required! Virus oder sonstiges?
    Plagegeister aller Art und deren Bekämpfung - 15.10.2015 (22)
  2. Windows 7: Öffnen von Websiten wie Google, Youtube, etc. stößt auf Fehlermeldung
    Log-Analyse und Auswertung - 08.12.2014 (10)
  3. ständig Popups und andere Websiten mit Windows 7
    Plagegeister aller Art und deren Bekämpfung - 19.10.2014 (20)
  4. attention required/Cloudflare Problem
    Plagegeister aller Art und deren Bekämpfung - 21.07.2014 (5)
  5. Manche Webseiten wie Google, Youtube, Facebook,... von Survey gesperrt
    Plagegeister aller Art und deren Bekämpfung - 19.12.2013 (14)
  6. Google youtube Facebook gesperrt
    Plagegeister aller Art und deren Bekämpfung - 17.11.2013 (8)
  7. Attention required - Cloudflare - One more Step Nummer 3
    Plagegeister aller Art und deren Bekämpfung - 13.09.2013 (13)
  8. Attention required - Cloudfare - One more Step
    Plagegeister aller Art und deren Bekämpfung - 04.09.2013 (13)
  9. "Attention required" - One more step - Problem
    Plagegeister aller Art und deren Bekämpfung - 29.08.2013 (11)
  10. Wenn ich auf Google gehe steht da : Attention Required !
    Log-Analyse und Auswertung - 04.05.2013 (10)
  11. Attention Required blockiert mein Internet!
    Plagegeister aller Art und deren Bekämpfung - 21.04.2013 (12)
  12. Attention Required blockiert mein Internet!
    Plagegeister aller Art und deren Bekämpfung - 20.04.2013 (1)
  13. Internetseiten wie Google und YouTube sind gesperrt
    Plagegeister aller Art und deren Bekämpfung - 03.04.2013 (23)
  14. Facebook, Youtube , Google, etc durch Surveys gesperrt!
    Plagegeister aller Art und deren Bekämpfung - 04.03.2013 (19)
  15. Windows Update Trojaner erfolgreich entfernt, viele Dateien sind gesperrt, was nun ?
    Log-Analyse und Auswertung - 16.06.2012 (3)
  16. windows aus sicherheitsgründen gesperrt, wie viele andere vor mir
    Log-Analyse und Auswertung - 07.02.2012 (1)
  17. Hatte eine smitfraud Variante auf einem Rechner und viele viele andere malware
    Log-Analyse und Auswertung - 06.01.2011 (0)

Zum Thema Attention Required; Google, Youtube und viele andere Websiten sind gesperrt - Wenn ich Google, Youtube oder was anderes besuchen will, kommt diese Meldung: Wenn ich dann auf den Knopf (siehe Bild) drücke, kommen diese Surveys. Das einzige, was iich schnell sehen - Attention Required; Google, Youtube und viele andere Websiten sind gesperrt...
Archiv
Du betrachtest: Attention Required; Google, Youtube und viele andere Websiten sind gesperrt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.