| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google öffnet andere seiten als gewähltWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.06.2012, 16:12
| #1 |
| |  Google öffnet andere seiten als gewählt Hallo zusammen, bin ganz neu und frisch hier. hab über die google suche zu euch gefunden, da mein rechner mir seit mehr als einer woche probleme macht. als aller erstes bekam ich den virus oder was auch immer, der sich wohl data recovery nennt. ich hatte keinen zugriff mehr auf dateien und ordner. das hatte ich dann meines erachtens mal im griff. als zweites bekam ich dann auf einmal meldungen von live security platinum, dass weitere viren etc. platzierte. wärend des ganzen szenarios hatte ich probleme mit allen browsern und google. insbesondere wenn ich nach trojaner, viren etc. suchte und auf ein ergebnis klickte, öffneten sich andere seiten bzw. wurde im hintergrund andere seiten nachgeladen. teils werden auch auf einmal werbetexte gesprochen, obwohl man kein fenster eines browsers sieht. was hab ich bereits gemacht: virenprüfung mit avira free - ohne erfolg - malewarebyte prüfung mit einigen funden und löschungen unhide programm eingesetzt um ordner und startmenü wieder zu sehen. nur teilerfolge. startmenü - programme hat noch immer sehr viele leere ordner. roguekiller.exe eingesetzt - scan und entfernungen otl.exe ausgeführt und logs erstellt offene probleme: - startmenü - programme einträge fehlen - google öffnet falsche seiten - sicher noch weitere viren, trojaner und rootkits (sofern mein laienverstand) otl.txt Code:
ATTFilter OTL logfile created on: 28.06.2012 22:49:41 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\thompson\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,49% Memory free 4,00 Gb Paging File | 2,85 Gb Available in Paging File | 71,23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 234,08 Gb Total Space | 63,79 Gb Free Space | 27,25% Space Free | Partition Type: NTFS Drive D: | 6,09 Gb Total Space | 0,88 Gb Free Space | 14,39% Space Free | Partition Type: NTFS Drive K: | 225,58 Gb Total Space | 205,66 Gb Free Space | 91,17% Space Free | Partition Type: NTFS Computer Name: THOMPSON-PC | User Name: thompson | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.28 20:24:27 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\thompson\Desktop\OTL.exe PRC - [2012.05.08 18:43:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 18:43:50 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 18:43:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 18:43:50 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.08.10 16:39:48 | 001,313,640 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliType Pro\itype.exe PRC - [2011.08.01 15:56:42 | 001,821,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.12.21 02:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.10.07 11:12:22 | 001,086,760 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe PRC - [2009.09.23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2008.07.22 19:33:36 | 000,150,528 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe PRC - [2007.01.18 16:46:00 | 004,349,952 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006.09.28 15:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe ========== Modules (No Company Name) ========== MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ========== Win32 Services (SafeList) ========== SRV - [2012.06.20 17:34:12 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.11 17:24:14 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.08 18:43:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 18:43:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.09.27 17:59:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.09.23 23:42:26 | 000,249,344 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08) SRV - [2009.09.23 23:37:54 | 000,694,784 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC) SRV - [2009.09.23 23:28:30 | 000,133,120 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc) SRV - [2009.09.23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE) DRV - File not found [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.05.08 18:43:54 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 18:43:54 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.05.18 08:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.08.12 12:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.10.09 03:37:44 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.07.14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2007.10.26 18:51:26 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32) DRV - [2007.10.26 18:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2005.12.12 18:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2) DRV - [2005.05.03 17:34:02 | 000,027,392 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=desktop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{BBCAA50B-B1AD-4DBB-97F1-15A17A771FFA}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&client=&rlz=1I7HPEA_deDE226 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.31 12:12:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.13 18:27:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.13 18:27:57 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.31 12:12:07 | 000,000,000 | ---D | M] [2009.12.20 16:57:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thompson\AppData\Roaming\mozilla\Extensions [2009.03.27 18:56:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thompson\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2012.06.12 20:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thompson\AppData\Roaming\mozilla\Firefox\Profiles\91s4v81v.default\extensions [2012.06.12 20:22:01 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\thompson\AppData\Roaming\mozilla\Firefox\Profiles\91s4v81v.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2010.05.13 11:25:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\thompson\AppData\Roaming\mozilla\Firefox\Profiles\91s4v81v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.06.09 20:00:10 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\thompson\AppData\Roaming\mozilla\Firefox\Profiles\91s4v81v.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2012.01.22 20:16:14 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\thompson\AppData\Roaming\mozilla\Firefox\Profiles\91s4v81v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.01.13 19:39:05 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\thompson\AppData\Roaming\mozilla\Firefox\Profiles\91s4v81v.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2009.12.20 16:57:25 | 000,000,000 | ---D | M] (SeoQuake Plugin - Seolinx) -- C:\Users\thompson\AppData\Roaming\mozilla\Firefox\Profiles\91s4v81v.default\extensions\seoquake-plugin-seolinx@seoquake.com [2012.01.06 12:48:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.12.20 16:35:08 | 000,000,000 | ---D | M] (Long Titles) -- C:\PROGRAM FILES\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF} [2012.05.11 17:24:14 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.02.13 19:46:40 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.13 19:46:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.13 19:46:40 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.13 19:46:40 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.13 19:46:40 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.13 19:46:40 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.06.26 20:34:50 | 000,000,726 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\thompson\AppData\Roaming\Mozilla\Firefox\Profiles\91s4v81v.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.77.dll File not found O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [hpqSRMon] C:\Programme\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found O4 - HKCU..\Run: [IBP] File not found O4 - Startup: C:\Users\thompson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\thompson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\thompson\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\thompson\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab (IPSUploader Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://seva.f-i.de/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A61794B-8259-46CA-9461-B02AE529ACF8}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.28 20:24:15 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\thompson\Desktop\OTL.exe [2012.06.28 17:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.28 17:51:30 | 000,000,000 | ---D | C] -- C:\Users\thompson\Desktop\Tweaking.com - Unhide Non System Files [2012.06.27 18:49:28 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\Windows Desktop Search [2012.06.27 18:49:28 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\Sun [2012.06.27 18:49:28 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\Skype [2012.06.27 18:49:28 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\Opera [2012.06.27 18:49:28 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\ICQ [2012.06.27 18:49:28 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\Google Inc [2012.06.27 18:49:28 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\Dropbox [2012.06.27 18:44:44 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\Help [2012.06.27 18:42:21 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum [2012.06.27 18:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D562590032C9340147612CB4EB23C1 [2012.06.27 18:40:00 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\TeamViewer [2012.06.27 18:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software [2012.06.26 21:00:52 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\Malwarebytes [2012.06.26 21:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.26 21:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.26 20:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus [2012.06.25 18:12:59 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools [2012.06.25 18:09:53 | 000,203,088 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys [2012.06.25 18:09:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2012.06.25 18:09:17 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2012.06.25 18:09:16 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\TestApp [2012.06.21 20:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\Market Samurai [2012.06.20 18:23:21 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Local\Macromedia [2012.06.19 19:55:21 | 000,000,000 | ---D | C] -- C:\Users\thompson\Desktop\thesis_185 [2012.06.13 18:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.06.13 18:34:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.06.13 18:34:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.06.13 18:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime ========== Files - Modified Within 30 Days ========== [2012.06.28 22:50:57 | 000,009,504 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.28 22:50:57 | 000,009,504 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.28 22:44:37 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.28 22:44:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.28 22:43:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.28 22:43:13 | 1609,474,048 | -HS- | M] () -- C:\hiberfil.sys [2012.06.28 22:15:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.28 20:24:27 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\thompson\Desktop\OTL.exe [2012.06.28 18:50:23 | 000,127,458 | ---- | M] () -- C:\Users\thompson\.ranktracker.properties [2012.06.28 18:50:23 | 000,019,703 | ---- | M] () -- C:\Users\thompson\Documents\www.muskelbody.info.stk [2012.06.28 18:50:23 | 000,018,878 | ---- | M] () -- C:\Users\thompson\Documents\www.muskelbody.de.stk [2012.06.28 18:50:23 | 000,018,760 | ---- | M] () -- C:\Users\thompson\Documents\www.kickboxxen.de.stk [2012.06.28 18:50:23 | 000,017,686 | ---- | M] () -- C:\Users\thompson\Documents\www.sportsuche.info.stk [2012.06.28 18:50:23 | 000,017,473 | ---- | M] () -- C:\Users\thompson\Documents\www.thaiboxxen.de.stk [2012.06.28 18:50:23 | 000,014,780 | ---- | M] () -- C:\Users\thompson\Documents\www.amerika-fans.de.stk [2012.06.28 18:20:00 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\20090511_181600_thompson2.job [2012.06.28 18:03:53 | 000,000,036 | ---- | M] () -- C:\Users\thompson\AppData\Local\housecall.guid.cache [2012.06.28 17:55:49 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.28 17:51:02 | 000,555,748 | ---- | M] () -- C:\Users\thompson\Desktop\Tweaking.com-UnhideNonSystemFiles.exe [2012.06.28 17:40:39 | 001,545,216 | ---- | M] () -- C:\Users\thompson\Desktop\RogueKiller.exe [2012.06.27 17:58:38 | 000,657,428 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.27 17:58:38 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.27 17:58:38 | 000,130,818 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.27 17:58:38 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.26 23:24:56 | 000,001,190 | ---- | M] () -- C:\Windows\System32\ServiceConfig.xml [2012.06.26 23:24:55 | 000,000,334 | ---- | M] () -- C:\Windows\System32\CountScans.XML [2012.06.26 23:24:53 | 000,001,738 | ---- | M] () -- C:\Windows\System32\EmailAVConfig.xml [2012.06.26 16:20:17 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_0_00_re.pad [2012.06.25 18:11:18 | 001,530,075 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB [2012.06.22 19:58:03 | 000,608,181 | ---- | M] () -- C:\Users\thompson\.spyglass.properties [2012.06.22 19:58:03 | 000,418,952 | ---- | M] () -- C:\Users\thompson\Documents\www.kickboxxen.de.spy [2012.06.22 19:58:03 | 000,048,121 | ---- | M] () -- C:\Users\thompson\Documents\www.amerika-fans.de.spy [2012.06.21 20:16:42 | 000,704,512 | ---- | M] () -- C:\Users\thompson\Documents\Kickboxen.msam [2012.06.21 17:59:17 | 000,333,504 | ---- | M] () -- C:\Users\thompson\.ranktracker.properties.bak [2012.06.20 17:52:06 | 000,128,201 | ---- | M] () -- C:\Users\thompson\Documents\www.fitness4beginner.com.stk [2012.06.20 17:52:06 | 000,111,770 | ---- | M] () -- C:\Users\thompson\Documents\www.bodybuilding4beginner.com.stk [2012.06.20 17:52:06 | 000,109,667 | ---- | M] () -- C:\Users\thompson\Documents\www.power-bodybuilding.de.stk [2012.06.20 17:52:06 | 000,104,993 | ---- | M] () -- C:\Users\thompson\Documents\www.fit54.de.stk [2012.06.20 17:52:06 | 000,098,484 | ---- | M] () -- C:\Users\thompson\Documents\www.classic-bodybuilding.de.stk [2012.06.16 20:57:00 | 000,140,250 | ---- | M] () -- C:\Users\thompson\Documents\www.kickboxen24.de.spy [2012.06.14 17:31:41 | 000,490,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.06 11:33:37 | 001,157,820 | ---- | M] () -- C:\Users\thompson\Desktop\SEO-mit-Koepfchen.pdf [2012.06.03 12:58:14 | 000,194,363 | ---- | M] () -- C:\Users\thompson\Documents\www.urlaub-erlebnisse.de.spy [2012.06.03 12:58:12 | 000,251,693 | ---- | M] () -- C:\Users\thompson\Documents\www.thaiboxxen.de.spy [2012.06.01 19:33:01 | 000,208,102 | ---- | M] () -- C:\Users\thompson\Documents\www.onlinemarks.de.spy ========== Files Created - No Company Name ========== [2012.06.28 18:03:53 | 000,000,036 | ---- | C] () -- C:\Users\thompson\AppData\Local\housecall.guid.cache [2012.06.28 17:55:49 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.28 17:51:02 | 000,555,748 | ---- | C] () -- C:\Users\thompson\Desktop\Tweaking.com-UnhideNonSystemFiles.exe [2012.06.28 17:40:29 | 001,545,216 | ---- | C] () -- C:\Users\thompson\Desktop\RogueKiller.exe [2012.06.26 23:24:56 | 000,001,190 | ---- | C] () -- C:\Windows\System32\ServiceConfig.xml [2012.06.26 23:24:55 | 000,000,334 | ---- | C] () -- C:\Windows\System32\CountScans.XML [2012.06.26 23:24:53 | 000,001,738 | ---- | C] () -- C:\Windows\System32\EmailAVConfig.xml [2012.06.26 09:25:19 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_0_00_re.pad [2012.06.25 18:10:00 | 001,530,075 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB [2012.06.21 18:06:22 | 000,127,458 | ---- | C] () -- C:\Users\thompson\.ranktracker.properties [2012.06.16 20:57:00 | 000,140,250 | ---- | C] () -- C:\Users\thompson\Documents\www.kickboxen24.de.spy [2012.06.06 11:33:37 | 001,157,820 | ---- | C] () -- C:\Users\thompson\Desktop\SEO-mit-Koepfchen.pdf [2012.06.03 12:58:15 | 000,048,121 | ---- | C] () -- C:\Users\thompson\Documents\www.amerika-fans.de.spy [2012.06.03 12:58:14 | 000,194,363 | ---- | C] () -- C:\Users\thompson\Documents\www.urlaub-erlebnisse.de.spy [2011.12.31 13:44:50 | 000,000,288 | ---- | C] () -- C:\Users\thompson\AppData\Roaming\.backup.dm [2011.11.13 16:05:55 | 000,001,464 | ---- | C] () -- C:\Users\thompson\.recently-used.xbel [2011.11.03 19:56:07 | 000,000,167 | ---- | C] () -- C:\Users\thompson\udownload.dat [2011.05.27 16:42:00 | 000,333,504 | ---- | C] () -- C:\Users\thompson\.ranktracker.properties.bak [2011.05.24 17:51:37 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2010.04.01 18:04:09 | 000,455,542 | ---- | C] () -- C:\Users\thompson\.linkassistant.properties [2010.04.01 18:01:42 | 002,728,079 | ---- | C] () -- C:\Users\thompson\.websiteauditor.properties [2010.02.11 18:48:04 | 000,003,584 | ---- | C] () -- C:\Users\thompson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.20 17:25:04 | 000,000,306 | R-S- | C] () -- C:\ProgramData\ntuser.pol [2009.12.13 15:49:24 | 000,000,134 | ---- | C] () -- C:\Users\thompson\AppData\Roaming\default.rss [2009.03.27 19:04:20 | 000,608,181 | ---- | C] () -- C:\Users\thompson\.spyglass.properties [2009.03.27 19:00:25 | 000,469,445 | ---- | C] () -- C:\Users\thompson\.ranktracker.properties.alt [2009.02.17 21:41:10 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL899.DBF [2009.02.17 21:41:10 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL504.DBF [2009.02.17 21:41:01 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL987.DBF [2009.02.17 21:41:01 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL140.DBF [2009.02.17 21:37:33 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL791.DBF [2009.02.17 21:37:33 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL161.DBF [2009.02.17 21:37:06 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL584.DBF [2009.02.17 21:37:06 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL441.DBF [2009.02.17 21:36:39 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL991.DBF [2009.02.17 21:36:39 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL107.DBF [2009.02.17 21:36:21 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL525.DBF [2009.02.17 21:36:21 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL389.DBF [2008.03.11 11:18:06 | 000,000,000 | ---- | C] () -- C:\Users\thompson\tracert [2008.02.14 17:49:41 | 000,000,400 | ---- | C] () -- C:\Users\thompson\AppData\Roaming\wklnhst.dat ========== LOP Check ========== [2012.03.27 18:46:02 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Article Marketing Robot [2009.12.20 16:56:55 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Artisteer [2012.06.27 18:49:28 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Dropbox [2012.01.22 20:16:56 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\DVDVideoSoft [2012.01.22 20:16:13 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\DVDVideoSoftIEHelpers [2009.12.20 16:56:55 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Elaborate Bytes [2011.11.27 18:17:57 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\EurekaLog [2012.06.22 19:12:04 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\FileZilla [2009.12.20 16:56:56 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\FireShot [2011.11.13 16:05:55 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\gtk-2.0 [2009.12.20 16:56:56 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Haufe [2009.12.22 21:34:07 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\IBP [2012.06.27 18:49:28 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\ICQ [2010.01.25 20:28:53 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Image Zone Express [2012.02.28 19:36:56 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Juniper Networks [2009.12.20 16:56:58 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Lexware [2012.02.25 14:45:44 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1 [2009.12.20 16:57:26 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Notepad++ [2012.06.27 18:49:28 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Opera [2009.12.20 16:57:26 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Printer Info Cache [2012.02.06 19:36:54 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\redsn0w [2011.12.08 19:09:10 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\ScrapeBoard [2009.12.20 16:57:29 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Screenshot Studio Files [2009.12.20 16:57:29 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\SharePod [2010.07.30 10:44:10 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Software4u [2012.06.28 18:11:50 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\TeamViewer [2008.02.14 17:49:40 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Template [2012.06.25 18:09:16 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\TestApp [2012.06.27 18:49:28 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Windows Desktop Search [2012.06.28 18:20:00 | 000,000,496 | ---- | M] () -- C:\Windows\Tasks\20090511_181600_thompson2.job [2012.04.27 17:31:05 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C895616B @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.06.2012 22:49:41 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\thompson\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,49% Memory free
4,00 Gb Paging File | 2,85 Gb Available in Paging File | 71,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 234,08 Gb Total Space | 63,79 Gb Free Space | 27,25% Space Free | Partition Type: NTFS
Drive D: | 6,09 Gb Total Space | 0,88 Gb Free Space | 14,39% Space Free | Partition Type: NTFS
Drive K: | 225,58 Gb Total Space | 205,66 Gb Free Space | 91,17% Space Free | Partition Type: NTFS
Computer Name: THOMPSON-PC | User Name: thompson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.txt [@ = txt_auto_file] -- C:\Program Files\IDM Computer Solutions\UltraEdit-32\uedit32.exe (IDM Computer Solutions, Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B04C7F6-9818-4DDA-AD4F-1A963297C77F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0D1D5917-217B-416C-8BD9-7FB711966ABE}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0DEBDE75-9EC9-4D95-A853-332A20FCDD11}" = lport=445 | protocol=6 | dir=in | app=system |
"{1E5F2988-7F4E-4DF4-8D47-CF6807A6C6A6}" = rport=137 | protocol=17 | dir=out | app=system |
"{270ED854-D8AF-4626-8F1E-4BB8EA5729A0}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{2C6935A3-E83E-492C-A9E3-405A66063A41}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{2F46730A-9BDC-4151-BAA6-66C5B9B9814A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{41954B97-7703-42C0-87FB-3637BBD95C57}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4468E6C1-5500-4B24-85ED-EFD40107583E}" = lport=139 | protocol=6 | dir=in | app=system |
"{4AFFB243-D8DF-4210-A4DA-34C85AAE03EA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5550C1F9-78F2-48C8-8FB1-71BD6214584E}" = lport=138 | protocol=17 | dir=in | app=system |
"{606EF82E-2B29-450C-BDEF-0EBD05589812}" = rport=139 | protocol=6 | dir=out | app=system |
"{61B1A9A2-DFAD-46F8-9244-4E54A0B1E6D7}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{662A297D-D202-49EC-9F5B-E0737C6687E1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{66332F66-AADB-4639-A03C-DD94905F86E7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6D131D32-9C30-4C15-BAF8-DE72927347F3}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{737D4CFD-D3B9-49E2-ABF2-6F22EAED9F21}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{817387BE-243C-4183-AAFA-4E6D85084F0D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{81C856A7-51E8-484B-A1DB-C94AD65A83A1}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{909A1E57-5A5B-4E5A-919A-F9FA0FA151EE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{955CB305-F123-4D6E-AC75-791A97AF8B74}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{9633B770-88F8-482F-8B80-DA421ED223E0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A1070D7F-92D0-4820-90C2-59AFF5E4D0BF}" = rport=138 | protocol=17 | dir=out | app=system |
"{A33F6D69-36ED-44C6-A4D3-D8557008F319}" = lport=19890 | protocol=6 | dir=in | name=emuleplus |
"{A4001F35-E0C1-4892-A7C5-BA50B0252C37}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A5C64F44-85B3-4359-AAC7-DD1662325B8C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BE63C12B-0234-4ADB-B924-D7E2BA7763B9}" = rport=445 | protocol=6 | dir=out | app=system |
"{BFDAD47C-A6B5-43E3-BA34-C11D690A4ED0}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{C3DC3444-B13F-46E8-A384-569D987AAE71}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C5DEE29F-70FC-4201-B0CB-1BD3039F388C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DA6DDBC1-8D8F-4535-BEC9-5E12C5A0187C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E2E53249-8EF8-4712-AC31-98F7C3073B33}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E7F91CF5-7583-4CFE-9060-4505C947421A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E9D89E1B-4C02-4AC2-86C2-69231EC846F9}" = lport=19909 | protocol=17 | dir=in | name=emuleplus |
"{EA3F2ED8-09C4-40C0-99C8-3780A0474661}" = lport=137 | protocol=17 | dir=in | app=system |
"{F25E9886-5514-4645-A712-9A192A47001A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F75BE7C7-E2D8-4316-8573-CAF4CD08D11B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FFA7A982-E1AE-4E94-A330-AC861133D8F5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002D64EF-B9FE-40E6-BD2D-3C43697357B9}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpofxs08.exe |
"{0095222B-49FB-47CD-B942-E796E3D4E1B8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{0EE0F716-5243-481E-9DBE-DE301C77FD92}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0EFCC318-BAF9-4200-B112-CD72C6F997B7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{108B7FC3-AC84-4901-A1D4-3129948B95B2}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqste08.exe |
"{15009CDB-E154-44FD-83CD-F95DE06FFB1E}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe |
"{1C2BD388-0A6A-4F51-BCCD-CBF0AB5CCCF8}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqkygrp.exe |
"{1E8C2CB0-9ABF-4A11-9278-CC44BC429C29}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{22A4B4CD-E099-479F-85D6-F1263528F0F7}" = dir=in | app=c:\users\thompson\appdata\local\temp\7zs686e\ojprol7x00_basic_13\setup\hpznui01.exe |
"{25619689-992A-4872-BFAD-494F8BB1A885}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2701DA01-860D-49A0-94BC-5B9ED31D4E3A}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqgpc01.exe |
"{2A593A3B-FEAB-4C8A-9C9C-AEA90EB0002E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2CA810FE-5A62-4156-9D3D-C2C68EC7A7C2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2DF01227-4090-4D22-BF27-A3DC8B93660A}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{3603DAE6-5AAF-4115-9404-1F618C77C58E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{40CD558F-14F6-45F5-A45F-8FA06C179192}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{56EEF153-0627-42C9-8EFC-772F69DF7BCC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5E0CDA8D-CCE8-4FC5-AD76-AEDFCDB38B5D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{60B75AB6-FE72-4FB4-9D12-93B53DD22377}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{6217CE90-C322-414D-B5CE-A7487D8F92C3}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpzwiz01.exe |
"{6473E382-1984-46B5-A4E0-919D339FC38E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6844C55F-EA68-4E7C-A828-11A96F1A858A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{6DDBAD2C-2049-474E-A942-B804812FE72C}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{70076366-D992-4154-94B2-A82872F78D6F}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpofxm08.exe |
"{7EBBB9ED-12A5-4069-88E1-FA41A07E7B9E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{81B21FCB-FA23-4CBC-8BE5-A5278BEA2410}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{84557E41-C43D-4F31-9DFD-C7AD860A0E2D}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hposid01.exe |
"{849691AC-EA0C-424A-A0EC-8C8060E86992}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{862660AF-B033-4028-9FCD-6ACB00E9243A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{906831B2-9034-4826-AC22-7C7EB65A30FE}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{92FDCAC6-A73F-423E-8DF5-8BA7EEA1E407}" = protocol=6 | dir=out | app=system |
"{93BD79E4-2D16-4570-B84D-9B5590D44FFC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9503D348-7ECA-4C8B-82D4-E5BD16F17D8D}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqpse.exe |
"{97679506-53CB-471E-BC4D-7816EC89638D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{9BC3337F-5A11-4F45-A30C-9C599E4D1C02}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpfccopy.exe |
"{A2B102CF-C454-4B8B-A5D6-605B6DF0928F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A4930D2B-B5F5-432A-A8AD-D2C616EE3699}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqfxt08.exe |
"{B047E94A-B6CC-4452-B9EE-0BD88CC887E1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B5D10224-1CA7-427F-8A9B-66920B4B0971}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B6BFDC5F-7797-4E0D-B5FE-B3B7A14385F2}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqusgm.exe |
"{B71061C8-EA07-4388-8CFF-5FCD072A918F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BCD97137-0631-4CE7-B809-5F6E1701AAAC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CD066AB8-DBD1-451B-AA5D-C1E4F80A062A}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpoews01.exe |
"{CDC4F102-02FF-460E-9816-2B2193C902B4}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqsudi.exe |
"{D1C83DA8-0B44-46EE-AB8D-D83E9220171C}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hposfx08.exe |
"{D55C4518-B4AB-4030-9EE7-51837A12A871}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D63D127B-4C7F-45BC-85A9-6A3E5823F7D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DABB11A6-1E6B-4E30-8DF1-B6B4BFD5366D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E571B65F-F257-4610-B385-FF9293E60D4B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EA01F09F-9E56-412C-9DE4-161FB0200EAA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EC93B788-F539-4A49-A362-DB19C451BDD4}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqpsapp.exe |
"{ECC37AA2-1B72-492F-A412-AB0BAD0B62CA}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpiscnapp.exe |
"{F05E2EE1-CA72-4F65-B4DB-DB5D9A5FF6BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F07FAF86-BB2F-48EB-8E41-23C1CE2B61A6}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqgplgtupl.exe |
"{F2C2B075-79C9-4CE4-BC30-7FA3C8EDD3D1}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\smart web printing\smartwebprintexe.exe |
"{F6C35E85-DC03-49BA-A9A0-FC98755BB73C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FAA0DC7E-3051-4690-BF55-30448CF99A2D}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqusgh.exe |
"{FE9A03E3-9D89-453C-A0DD-68ED1D3B892D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{0927750C-24F5-4F4C-8B34-34D2BDADF44E}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{13C7E3AE-7517-4F3E-BE39-D2A4908A0CDE}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{20C572A7-601F-4A4C-AF04-B8E7EF4D334F}C:\program files\filezilla\filezilla.exe" = protocol=6 | dir=in | app=c:\program files\filezilla\filezilla.exe |
"TCP Query User{54018C2F-132C-4886-93DF-E33E83A28496}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{6BC7363E-35DF-4626-974A-3212BD46AE24}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{7C06C916-BD3C-434B-A3DC-2DBBCD390705}C:\program files\filezilla\filezilla.exe" = protocol=6 | dir=in | app=c:\program files\filezilla\filezilla.exe |
"TCP Query User{7D9FB5A0-4D98-4E82-B6C2-5D3A458863D0}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{07640177-23D2-47A5-9310-98AC2C1FB017}C:\program files\filezilla\filezilla.exe" = protocol=17 | dir=in | app=c:\program files\filezilla\filezilla.exe |
"UDP Query User{54BB9F6F-C267-4573-93B6-604F93E729D9}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{954DB2AE-6A29-4F18-A30A-EB46F8E350F8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B7B2F9DC-C09A-4F86-9ECA-892C0ACD8FAE}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{C130A960-455C-4E73-BC0B-32B7D02EB576}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{C98F21B8-05DC-467E-9D80-722188C04EE5}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{D6C1EBBE-5A66-4BE8-AA3F-F0B94F6F9FF7}C:\program files\filezilla\filezilla.exe" = protocol=17 | dir=in | app=c:\program files\filezilla\filezilla.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0BC91FE3-6BF9-F7B4-0FD2-FCAE4F9000D1}" = CCC Help Russian
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{118D05F0-7FF0-3E24-CD5F-DB5D57FE177F}" = Catalyst Control Center Localization Arabic
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1712D153-997A-606E-B6AF-4F681B74080D}" = Catalyst Control Center Localization Arabic
"{1716D952-F601-4A07-8988-7FCFAEDE6FDC}" = TAXMAN Bibliothek 2008
"{1736D2AA-3AFE-FDFD-CA71-70F1097065B4}" = Catalyst Control Center Localization Japanese
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17CB4D2C-109D-4141-8ABE-81734B6EE2A6}" = Lexware reisekosten 2007
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A19B4A3-6CE7-4388-B21F-679803C6C76B}" = TAXMAN 2009
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 29
"{2868D89F-0E09-F510-786A-ED9CF373D250}" = CCC Help Finnish
"{298B9EAE-7A8B-5744-CAD4-67D9E711165A}" = CCC Help Czech
"{2A21D839-D33C-4538-9F2C-F34E23944C4F}" = Counting Calories
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D39B1D3-8D64-2375-F269-78525187D7B3}" = Catalyst Control Center Graphics Light
"{2E18F469-FA74-0A56-BC8C-367FA0CF4258}" = CCC Help Dutch
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3526C5B8-60EE-4199-BEFD-6BCC86F051B9}" = TAXMAN 2011
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A7E8601-F0C9-49A0-855A-EEDEEFE11F7E}" = Lexware buchhalter 2007
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EAE4683-E5EE-4835-AAAF-9F2A3014E04B}" = Lexware reisekosten 2007
"{3EC92206-C4A6-49CF-A272-92F75CB1D5F3}" = bpd_scan
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F6D3D01-AAD3-482A-BFB7-81E0D3D09BC8}" = Steuer Update 14.01
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4125BA98-9BEE-4FF7-7082-115BFEB27226}" = CCC Help Norwegian
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{43B6667D-7520-4186-B05B-F5C0494C495D}" = UltraEdit-32
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{459EE562-CABA-46F6-1CA4-938936A91936}" = CCC Help Danish
"{460255AF-48D3-1E9C-D8D7-298A99A0A678}" = Catalyst Control Center Localization Arabic
"{463B9920-5000-BE51-A871-35E2D45ED867}" = Catalyst Control Center Localization Chinese Standard
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4F91BB7B-34E9-4B52-B997-DD79C18EBB9C}" = Steuer Update 14.01
"{50349CC6-93AF-4E38-BA37-AE5E34FC4AAC}" = Forum Submitter Pro Full
"{515D3E4C-ADC5-4DB4-A497-ADCF3007522E}" = Bookmark Submitter Pro 1.2
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{546D2C57-5303-BA1D-6331-5A3394DDD71B}" = Catalyst Control Center Localization German
"{565CD8A6-176B-1207-1240-722CEBA84724}" = Catalyst Control Center Core Implementation
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{583CE6F6-ED34-F20F-3DC8-EFB0743B6DDA}" = CCC Help Hungarian
"{58730FDB-32C4-037A-5C90-48C6FB5DCFFE}" = Catalyst Control Center Graphics Full Existing
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A8B8118-1C13-48F1-81FB-A5101C2111A8}" = L7500
"{5C5B0836-9648-4057-8044-2DF181E073E2}" = TAXMAN 2010
"{5D71E42B-EA8B-4B05-94F1-D5965495EAF1}_is1" = Easy Directory Preview 4.0
"{5EDB9281-1F84-4195-9CDD-85985D17DDC7}" = WISO Sparbuch 2007
"{602BF11C-6893-5491-1DEB-7A6255201325}" = Catalyst Control Center Localization Korean
"{6112AB38-4403-07EE-AD4B-8F48118EBD6B}" = CCC Help Portuguese
"{617F8655-94E0-4634-9B32-2066B895E044}" = CCC Help Italian
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61FEAA90-615B-4243-B7DA-075D0898C018}" = BPDSoftware
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{639A78A5-7657-91ED-2696-C370E144EC4F}" = Catalyst Control Center Localization Arabic
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64E7BCC8-38B0-0E50-8E36-5CC1D7475D26}" = CCC Help Thai
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{6DBC0F39-0463-9BC1-849C-0A0B2C204386}" = CCC Help Polish
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{700C61BE-9424-4B20-9153-7A0C59722AF4}" = TAXMAN Bibliothek 2009
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70788C1F-9CFB-41A8-807F-E79AE0F9C6FD}" = Lexware reisekosten 2007
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E81E513-27E6-4EC2-BA25-ECF1023A070D}" = Lexware reisekosten 2007
"{80A698BD-2A09-DB65-ADFD-A66A050FAE65}" = CCC Help Chinese Traditional
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BFA0B2C-BA3B-0E8B-67BA-FA0410AA10D2}" = Catalyst Control Center Localization Chinese Traditional
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8F968232-15C6-4872-84C2-9FCDAA1AEAB6}" = MPM
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96950C03-3E2A-4A9F-8555-5D68AC86D6C9}" = PowerArchiver 2007
"{99B8D963-82E9-4062-8068-77FD918D34ED}" = ProductContext
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BD2DD45-8763-4F12-BDC6-958FCFEF0FCB}" = Microsoft IntelliType Pro 8.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A0EE0D2C-BEE9-B859-E463-458BE87B25AB}" = CCC Help Chinese Standard
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A219F6D7-D2AD-4DD5-AC31-C23AA2E18084}" = HP OfficeJet L7300/L7500/7600/7700
"{A4EB2CB5-192E-C901-49D7-27043E55F7B5}" = CCC Help Japanese
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A6BFA328-0A46-42EF-B414-8B67E87A2B1F}" = 7500_7600_7700_Help
"{A7032E84-E2A2-4CB9-B9A2-37DC13AB3944}" = Branding
"{A7104E5E-1226-FFCC-1003-6C99365F1919}" = Catalyst Control Center Localization Arabic
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA0C1E1-8F39-4AB0-9283-78140537BB40}" = BPDSoftware_Ini
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC46B67D-DB12-E7E2-61F0-4B6435653F4D}" = CCC Help German
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AE21E4BF-CF54-B6BD-4B1C-138758D20273}" = Catalyst Control Center Localization Czech
"{B086C0BC-BAF1-5854-BC82-EFF6C87338F1}" = Catalyst Control Center Localization Arabic
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B26CEFDF-DD0A-4145-ADE6-EE3440DB6711}" = Lexware reisekosten 2007
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B696F009-553D-D952-B17E-177D4A39FA9D}" = CCC Help Swedish
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B877EB7B-DE53-46F7-AF2A-AF5E3677B625}" = Lexware buchhalter 2007
"{BA21A3B6-657B-A2F6-4F4A-F66C2E1BC4DB}" = CCC Help English
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C1271FFE-3308-2DA1-BD86-9351A05F4ABF}" = Catalyst Control Center Localization Arabic
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C495CF53-757E-45B7-A7BB-6BBC78841482}" = Article Marketing Robot
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C75516AD-FF5B-E44A-D963-92D80550E489}" = Market Samurai
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C9265D86-7D94-D0E1-75CF-7CC93446198E}" = Catalyst Control Center Localization Spanish
"{CB7E133A-3D83-2D77-D9CC-74EB98315C6A}" = Catalyst Control Center Localization French
"{CBC544C4-EBFC-4471-8FE3-BF3DDCEE3840}" = Lexware buchhalter 2007
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CC8B683E-D86A-E319-97B1-CF28B058A96F}" = CCC Help Spanish
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D475C927-0688-DC5B-E084-02A06E2E4A92}" = CCC Help Korean
"{D5C8E140-6E6F-11DD-9AA9-0050560400B1}" = Haufe iDesk-Service
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DA66BD16-2521-BAB5-3B0C-6B815E6F2EA3}" = CCC Help Turkish
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DE8E01EF-B558-3F37-54FA-58E3E9AD9F99}" = Catalyst Control Center Localization Italian
"{E0381F29-0570-AD2D-2D20-163894482635}" = Catalyst Control Center Localization Greek
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E2500C71-5D43-4BA0-B044-9BA9A3A11CAD}" = Lexware buchhalter 2007
"{E3B394BD-D7DD-4AEB-C58B-F3DD661118C2}" = Catalyst Control Center Localization Finnish
"{e3da6c6a-3208-4572-9441-971c22032624}" = Nero 9
"{E434651B-B1E6-D18A-F9DE-C4F6DEB6DF50}" = ccc-utility
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}" = Roxio MyDVD Basic v9
"{E505DA68-3442-5D45-2BD4-1AF0B6312E53}" = ccc-core-static
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E90BD770-3186-D20F-D208-9DBC1D56BA59}" = Skins
"{E952ACFA-0CEB-AAFF-BDA1-1B1F52822CDB}" = CCC Help French
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{E98371BD-6C0D-463E-B004-E6303F9A34A7}" = Lexware buchhalter 2008
"{EAFD70B2-FF28-45CD-B4F2-F99E82FD39A3}" = Steuer Update 14.01
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB964A30-1DCE-A5D4-3548-818813F134C5}" = Catalyst Control Center Localization Arabic
"{EC4D5610-F99A-41C8-BA00-9801F81A46CD}" = Lexware buchhalter 2007
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE075733-8D73-953E-CFAE-608D78269724}" = CCC Help Greek
"{EF949584-D843-4F7F-A4B4-070CC9E48B45}" = UltraCompare Professional
"{EFE38CC6-2592-4F93-B59B-CE4B69600890}" = TAXMAN 2009
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0D18300-5161-E74C-2148-99B03453F394}" = Catalyst Control Center Graphics Full New
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F331FBDC-7DCF-4598-9E7C-E11865677AB4}" = TAXMAN 2008
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F48AAE0F-52F4-11DD-B1F7-0050560400B1}" = Haufe iDesk-Browser
"{F55CA27A-8C3C-4E7D-891B-D29FD3259A94}" = TAXMAN 2008
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{F960CCDA-F7A0-3BE8-B30C-71BC8D4274E4}" = ccc-localization-da
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FBED9ACC-AA03-19C2-D4F7-F055B6816EE8}" = Catalyst Control Center Localization Hungarian
"{FE688026-1C8C-4E50-889D-4B6607CADC24}" = Lexware buchhalter 2008
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"ATI Uninstaller" = ATI Uninstaller
"Avira AntiVir Desktop" = Avira Free Antivirus
"CloneCD" = CloneCD
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Easy Directory Preview_is1" = Easy Directory Preview 2.1 (Update)
"FileZilla" = FileZilla (remove only)
"FileZilla Client" = FileZilla Client 3.5.3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.0
"Free Studio_is1" = Free Studio version 4.8
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 2.9
"Free YouTube Download_is1" = Free YouTube Download 2.1
"Free YouTube to iPhone Converter_is1" = Free YouTube to iPhone Converter version 2.1
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 2.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"IBP10_is1" = IBP 10.4.1
"LogiEdit" = LogiEdit (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Professional 2010
"PSP Games Brettspiele_is1" = PSP Games Brettspiele
"RealPlayer 6.0" = RealPlayer
"seopowersuite" = LinkAssistant
"Shop for HP Supplies" = Shop for HP Supplies
"Uninstall_is1" = Uninstall 1.0.0.1
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xtreme Forum Manager_is1" = Xtreme Forum Manager v2.0
"Yahoo! Companion" = Yahoo! Toolbar
"Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 8.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.06.2012 12:47:06 | Computer Name = thompson-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 12.0.0.4493,
Zeitstempel: 0x4f9207d9 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8ac34783 ID des fehlerhaften
Prozesses: 0x1254 Startzeit der fehlerhaften Anwendung: 0x01cd554da3ff6170 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: e47d2cf0-c140-11e1-8ff6-001a92dea384
Error - 28.06.2012 12:52:36 | Computer Name = thompson-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
Zeitstempel: 0x4fb57c8f Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8c1a7ed8 ID des fehlerhaften
Prozesses: 0x954 Startzeit der fehlerhaften Anwendung: 0x01cd554e6ac09360 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: a9670ea0-c141-11e1-8ff6-001a92dea384
Error - 28.06.2012 12:53:45 | Computer Name = thompson-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 9.0.8112.16446,
Zeitstempel: 0x4fb57c8f Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8c387ed8 ID des fehlerhaften
Prozesses: 0x894 Startzeit der fehlerhaften Anwendung: 0x01cd554e947bae60 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\IEXPLORE.EXE Pfad des
fehlerhaften Moduls: unknown Berichtskennung: d25a3620-c141-11e1-8ff6-001a92dea384
Error - 28.06.2012 13:01:15 | Computer Name = thompson-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
Zeitstempel: 0x4fb57c8f Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8cb44783 ID des fehlerhaften
Prozesses: 0x11a0 Startzeit der fehlerhaften Anwendung: 0x01cd554f9bef77c0 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: deb95df0-c142-11e1-a5f8-001a92dea384
Error - 28.06.2012 13:01:46 | Computer Name = thompson-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
Zeitstempel: 0x4fb57c8f Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8c9f4783 ID des fehlerhaften
Prozesses: 0x14b0 Startzeit der fehlerhaften Anwendung: 0x01cd554fb2267ac0 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: f122a780-c142-11e1-a5f8-001a92dea384
Error - 28.06.2012 13:02:10 | Computer Name = thompson-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
Zeitstempel: 0x4fb57c8f Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8d717ed8 ID des fehlerhaften
Prozesses: 0xf44 Startzeit der fehlerhaften Anwendung: 0x01cd554fc14c1aa0 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: ff89d960-c142-11e1-a5f8-001a92dea384
Error - 28.06.2012 13:05:08 | Computer Name = thompson-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
Zeitstempel: 0x4fb57c8f Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8b927ed8 ID des fehlerhaften
Prozesses: 0x1510 Startzeit der fehlerhaften Anwendung: 0x01cd55502a3a4960 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 6976bb40-c143-11e1-a5f8-001a92dea384
Error - 28.06.2012 13:05:19 | Computer Name = thompson-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 12.0.0.4493,
Zeitstempel: 0x4f9207d9 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8ab54783 ID des fehlerhaften
Prozesses: 0xd30 Startzeit der fehlerhaften Anwendung: 0x01cd555031170020 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 6ffdc080-c143-11e1-a5f8-001a92dea384
Error - 28.06.2012 13:05:23 | Computer Name = thompson-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 12.0.0.4493,
Zeitstempel: 0x4f9207d9 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8ab54783 ID des fehlerhaften
Prozesses: 0xd30 Startzeit der fehlerhaften Anwendung: 0x01cd555031170020 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 728797e0-c143-11e1-a5f8-001a92dea384
Error - 28.06.2012 13:16:23 | Computer Name = thompson-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
Zeitstempel: 0x4fb57c8f Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8a6c7ed8 ID des fehlerhaften
Prozesses: 0x420 Startzeit der fehlerhaften Anwendung: 0x01cd5551bd952300 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: fc0c02c0-c144-11e1-a5f8-001a92dea384
[ System Events ]
Error - 28.06.2012 16:45:25 | Computer Name = thompson-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 28.06.2012 16:45:25 | Computer Name = thompson-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 28.06.2012 16:45:25 | Computer Name = thompson-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 28.06.2012 16:45:25 | Computer Name = thompson-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 28.06.2012 16:45:25 | Computer Name = thompson-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 28.06.2012 16:45:25 | Computer Name = thompson-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 28.06.2012 16:45:25 | Computer Name = thompson-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 28.06.2012 16:45:25 | Computer Name = thompson-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 28.06.2012 16:45:50 | Computer Name = thompson-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 28.06.2012 16:45:50 | Computer Name = thompson-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%2
< End of report >
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.28.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 thompson :: THOMPSON-PC [Administrator] Schutz: Deaktiviert 28.06.2012 19:11:45 mbam-log-2012-06-28 (19-11-45).txt Art des Suchlaufs: Flash-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: Registrierung | Dateisystem | P2P Durchsuchte Objekte: 149431 Laufzeit: 1 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LicenseValidator (Trojan.Downloader) -> Daten: C:\Users\thompson\AppData\Roaming\Identities\{8247470F-56E9-4608-9930-B47FB2775132}\LicenseValidator.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\thompson\AppData\Roaming\Identities\{8247470F-56E9-4608-9930-B47FB2775132}\LicenseValidator.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) über jegliche hilfe dankbar. |
|
29.06.2012, 16:41
| #2 |
| /// Malware-holic   | Google öffnet andere seiten als gewählt hi
__________________sind das alle Malwarebytes logs, falls nein, bitte poste alle, mit funden
__________________ |
|
29.06.2012, 16:49
| #3 |
| | Google öffnet andere seiten als gewählt hab noch mehr.
__________________Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.28.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 thompson :: THOMPSON-PC [Administrator] Schutz: Deaktiviert 28.06.2012 17:58:24 mbam-log-2012-06-28 (17-58-24).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 221241 Laufzeit: 7 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LicenseValidator (Trojan.Downloader) -> Daten: C:\Users\thompson\AppData\Roaming\Identities\{45E7AEF3-8BAB-4A24-98BD-B97FEDA51020}\LicenseValidator.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 18 C:\Users\thompson\AppData\Roaming\Identities\{45E7AEF3-8BAB-4A24-98BD-B97FEDA51020}\LicenseValidator.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\F4D562590032C9340147612CB4EB23C1\F4D562590032C9340147612CB4EB23C1.exe (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\thompson\AppData\Roaming\Adobe\{B4CE90A4-9B1E-4AFF-AED6-8190171B1E53}\Upgrade.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\thompson\AppData\Roaming\Dropbox\{9802DCA7-6E17-4D3D-BA2F-D153662A8512}\Upgrade.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\thompson\AppData\Roaming\Google Inc\{60703577-E697-42E4-B64C-B1B60F044291}\UpgradeHelper.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\thompson\AppData\Roaming\Google Inc\{6F474AA2-DFDB-4234-A460-610042BBC3B0}\UpgradeChecker.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\thompson\AppData\Roaming\ICQ\{AD7FC14D-08B1-4EEB-85C9-3B1121518B92}\Upgrade.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\thompson\AppData\Roaming\Identities\{B5E8A055-33D4-45E1-B067-1BD5967E15A4}\LicenseValidator.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\thompson\AppData\Roaming\Opera\{D33E08DE-2561-4EBA-9E5F-C5E2803B45E5}\Upgrade.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\thompson\AppData\Roaming\Skype\{1D793E54-078A-4287-91E2-F0819B953CBC}\LicenseValidator.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\thompson\AppData\Roaming\Sun\{EDD7158C-BBDD-4FD4-AB22-559A0AE58C6C}\Validator.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\thompson\AppData\Roaming\Sun\{F0DF645C-725F-4535-92D7-BFC59EAF421C}\UpgradeChecker.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\thompson\AppData\Roaming\TeamViewer\{25E90160-E58F-4539-BAD8-33D158B43087}\UpgradeHelper.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\thompson\AppData\Roaming\TeamViewer\{D29051E0-8A53-4BBF-8C3C-C7A0B3E1523D}\Validator.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\thompson\AppData\Roaming\TeamViewer\{D774BCDF-121A-422F-BE20-DA9B510E857F}\UpgradeChecker.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\thompson\AppData\Roaming\Windows Desktop Search\{654BA6C4-4009-46AA-9C41-A27093879E82}\LicenseValidator.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\thompson\AppData\Local\Temp\tempfiles.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\thompson\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.28.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 thompson :: THOMPSON-PC [Administrator] Schutz: Deaktiviert 28.06.2012 20:15:49 mbam-log-2012-06-28 (20-15-49).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 413806 Laufzeit: 1 Stunde(n), 38 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\thompson\AppData\Local\Xenocode\Sandbox\Bookmark Submitter Pro\1.2.927.2025\2009.12.28T18.39\Virtual\STUBEXE\8.0.1112\@PROGRAMFILES@\Bookmark Submitter Pro 1.2\SubmissionTool.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\thompson\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\3e13fa51-32a6fd72 (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\thompson\AppData\Roaming\Identities\{77457CB0-B824-4DB7-9531-D8522153A258}\LicenseValidator.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
29.06.2012, 18:44
| #4 |
| | Google öffnet andere seiten als gewählt noch etwas seltsames ist mir jetzt aufgefallen: teilweise existieren ordner mehrfach (einmal ohne zugriffsrechte und einmal normal). ich pack das mal als bild hier rein. vielleicht hilft es ja bei der klärung. |
|
29.06.2012, 18:49
| #5 |
| /// Malware-holic | Google öffnet andere seiten als gewählt das ist normal die sind normalerweise versteckt. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
29.06.2012, 20:33
| #6 |
| | Google öffnet andere seiten als gewählt anbei das log: Code:
ATTFilter 21:28:00.0808 4568 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
21:28:01.0038 4568 ============================================================
21:28:01.0038 4568 Current date / time: 2012/06/29 21:28:01.0038
21:28:01.0038 4568 SystemInfo:
21:28:01.0038 4568
21:28:01.0038 4568 OS Version: 6.1.7601 ServicePack: 1.0
21:28:01.0038 4568 Product type: Workstation
21:28:01.0038 4568 ComputerName: THOMPSON-PC
21:28:01.0038 4568 UserName: thompson
21:28:01.0038 4568 Windows directory: C:\Windows
21:28:01.0038 4568 System windows directory: C:\Windows
21:28:01.0038 4568 Processor architecture: Intel x86
21:28:01.0038 4568 Number of processors: 2
21:28:01.0038 4568 Page size: 0x1000
21:28:01.0038 4568 Boot type: Normal boot
21:28:01.0038 4568 ============================================================
21:28:01.0571 4568 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
21:28:01.0602 4568 ============================================================
21:28:01.0602 4568 \Device\Harddisk0\DR0:
21:28:01.0602 4568 MBR partitions:
21:28:01.0602 4568 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D429C81
21:28:01.0602 4568 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D42A000, BlocksNum 0x1C32B000
21:28:01.0602 4568 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x397554C0, BlocksNum 0xC2BB70
21:28:01.0602 4568 ============================================================
21:28:01.0634 4568 C: <-> \Device\Harddisk0\DR0\Partition0
21:28:01.0680 4568 D: <-> \Device\Harddisk0\DR0\Partition2
21:28:01.0712 4568 K: <-> \Device\Harddisk0\DR0\Partition1
21:28:01.0727 4568 ============================================================
21:28:01.0727 4568 Initialize success
21:28:01.0727 4568 ============================================================
21:28:38.0822 5272 ============================================================
21:28:38.0822 5272 Scan started
21:28:38.0822 5272 Mode: Manual; SigCheck; TDLFS;
21:28:38.0822 5272 ============================================================
21:28:40.0148 5272 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:28:40.0226 5272 1394ohci - ok
21:28:40.0257 5272 61883 (beb5e6a8c17c3c7485563281e0f9e77e) C:\Windows\system32\DRIVERS\61883.sys
21:28:40.0335 5272 61883 - ok
21:28:40.0366 5272 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:28:40.0382 5272 ACPI - ok
21:28:40.0413 5272 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:28:40.0475 5272 AcpiPmi - ok
21:28:40.0569 5272 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
21:28:40.0584 5272 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
21:28:40.0584 5272 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
21:28:40.0709 5272 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:28:40.0725 5272 AdobeFlashPlayerUpdateSvc - ok
21:28:40.0787 5272 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:28:40.0818 5272 adp94xx - ok
21:28:40.0850 5272 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:28:40.0865 5272 adpahci - ok
21:28:40.0881 5272 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:28:40.0881 5272 adpu320 - ok
21:28:40.0928 5272 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
21:28:40.0974 5272 AeLookupSvc - ok
21:28:41.0021 5272 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:28:41.0068 5272 AFD - ok
21:28:41.0099 5272 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:28:41.0099 5272 agp440 - ok
21:28:41.0177 5272 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:28:41.0193 5272 aic78xx - ok
21:28:41.0224 5272 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
21:28:41.0271 5272 ALG - ok
21:28:41.0302 5272 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:28:41.0318 5272 aliide - ok
21:28:41.0333 5272 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:28:41.0349 5272 amdagp - ok
21:28:41.0364 5272 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:28:41.0364 5272 amdide - ok
21:28:41.0396 5272 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:28:41.0427 5272 AmdK8 - ok
21:28:41.0458 5272 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:28:41.0489 5272 AmdPPM - ok
21:28:41.0520 5272 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:28:41.0536 5272 amdsata - ok
21:28:41.0552 5272 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:28:41.0567 5272 amdsbs - ok
21:28:41.0583 5272 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:28:41.0583 5272 amdxata - ok
21:28:41.0692 5272 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:28:41.0723 5272 AntiVirSchedulerService - ok
21:28:41.0770 5272 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:28:41.0786 5272 AntiVirService - ok
21:28:41.0832 5272 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:28:41.0957 5272 AppID - ok
21:28:42.0004 5272 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
21:28:42.0035 5272 AppIDSvc - ok
21:28:42.0098 5272 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
21:28:42.0176 5272 Appinfo - ok
21:28:42.0285 5272 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:28:42.0285 5272 Apple Mobile Device - ok
21:28:42.0332 5272 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:28:42.0347 5272 arc - ok
21:28:42.0363 5272 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:28:42.0363 5272 arcsas - ok
21:28:42.0394 5272 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:28:42.0472 5272 AsyncMac - ok
21:28:42.0503 5272 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:28:42.0519 5272 atapi - ok
21:28:42.0566 5272 athr (614a60aee03a6151fdcbac295854a9cb) C:\Windows\system32\DRIVERS\athr.sys
21:28:42.0644 5272 athr - ok
21:28:42.0846 5272 atikmdag (712d8a95e45b070114c5309ada7358ff) C:\Windows\system32\drivers\atikmdag.sys
21:28:42.0971 5272 atikmdag - ok
21:28:43.0112 5272 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:28:43.0174 5272 AudioEndpointBuilder - ok
21:28:43.0174 5272 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:28:43.0205 5272 Audiosrv - ok
21:28:43.0283 5272 Avc (c44bdd77e06053cf5afe046f3a47c16b) C:\Windows\system32\DRIVERS\avc.sys
21:28:43.0330 5272 Avc - ok
21:28:43.0408 5272 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
21:28:43.0424 5272 avgntflt - ok
21:28:43.0470 5272 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
21:28:43.0486 5272 avipbb - ok
21:28:43.0517 5272 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
21:28:43.0533 5272 avkmgr - ok
21:28:43.0595 5272 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
21:28:43.0658 5272 AxInstSV - ok
21:28:43.0704 5272 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:28:43.0751 5272 b06bdrv - ok
21:28:43.0782 5272 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:28:43.0829 5272 b57nd60x - ok
21:28:43.0860 5272 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
21:28:43.0892 5272 BDESVC - ok
21:28:43.0923 5272 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:28:43.0985 5272 Beep - ok
21:28:44.0032 5272 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
21:28:44.0079 5272 BFE - ok
21:28:44.0110 5272 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
21:28:44.0172 5272 BITS - ok
21:28:44.0204 5272 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:28:44.0235 5272 blbdrive - ok
21:28:44.0344 5272 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:28:44.0391 5272 Bonjour Service - ok
21:28:44.0438 5272 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:28:44.0469 5272 bowser - ok
21:28:44.0484 5272 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:28:44.0516 5272 BrFiltLo - ok
21:28:44.0547 5272 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:28:44.0578 5272 BrFiltUp - ok
21:28:44.0640 5272 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
21:28:44.0656 5272 Browser - ok
21:28:44.0703 5272 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:28:44.0734 5272 Brserid - ok
21:28:44.0750 5272 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:28:44.0765 5272 BrSerWdm - ok
21:28:44.0796 5272 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:28:44.0828 5272 BrUsbMdm - ok
21:28:44.0843 5272 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:28:44.0874 5272 BrUsbSer - ok
21:28:44.0890 5272 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:28:44.0906 5272 BTHMODEM - ok
21:28:44.0968 5272 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
21:28:45.0062 5272 bthserv - ok
21:28:45.0093 5272 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:28:45.0124 5272 cdfs - ok
21:28:45.0155 5272 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
21:28:45.0186 5272 cdrom - ok
21:28:45.0249 5272 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:28:45.0264 5272 CertPropSvc - ok
21:28:45.0296 5272 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:28:45.0311 5272 circlass - ok
21:28:45.0358 5272 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:28:45.0374 5272 CLFS - ok
21:28:45.0483 5272 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:28:45.0514 5272 clr_optimization_v2.0.50727_32 - ok
21:28:45.0561 5272 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:28:45.0576 5272 clr_optimization_v4.0.30319_32 - ok
21:28:45.0608 5272 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:28:45.0608 5272 CmBatt - ok
21:28:45.0639 5272 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:28:45.0654 5272 cmdide - ok
21:28:45.0686 5272 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
21:28:45.0732 5272 CNG - ok
21:28:45.0764 5272 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:28:45.0764 5272 Compbatt - ok
21:28:45.0779 5272 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:28:45.0810 5272 CompositeBus - ok
21:28:45.0826 5272 COMSysApp - ok
21:28:45.0857 5272 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:28:45.0857 5272 crcdisk - ok
21:28:45.0920 5272 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
21:28:45.0982 5272 CryptSvc - ok
21:28:46.0013 5272 dc3d (7caaf4af453ef3582fef65dd72caa0aa) C:\Windows\system32\DRIVERS\dc3d.sys
21:28:46.0060 5272 dc3d - ok
21:28:46.0107 5272 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:28:46.0185 5272 DcomLaunch - ok
21:28:46.0232 5272 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
21:28:46.0278 5272 defragsvc - ok
21:28:46.0310 5272 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:28:46.0356 5272 DfsC - ok
21:28:46.0403 5272 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
21:28:46.0450 5272 Dhcp - ok
21:28:46.0481 5272 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:28:46.0512 5272 discache - ok
21:28:46.0544 5272 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:28:46.0559 5272 Disk - ok
21:28:46.0575 5272 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
21:28:46.0637 5272 Dnscache - ok
21:28:46.0684 5272 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
21:28:46.0746 5272 dot3svc - ok
21:28:46.0793 5272 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
21:28:46.0824 5272 DPS - ok
21:28:46.0871 5272 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:28:46.0902 5272 drmkaud - ok
21:28:46.0934 5272 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:28:46.0965 5272 DXGKrnl - ok
21:28:46.0996 5272 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
21:28:47.0043 5272 EapHost - ok
21:28:47.0168 5272 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:28:47.0292 5272 ebdrv - ok
21:28:47.0417 5272 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
21:28:47.0464 5272 EFS - ok
21:28:47.0526 5272 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
21:28:47.0604 5272 ehRecvr - ok
21:28:47.0636 5272 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
21:28:47.0698 5272 ehSched - ok
21:28:47.0776 5272 ElbyCDFL (c61c83501268b0110b5c5db7e63dee0c) C:\Windows\system32\Drivers\ElbyCDFL.sys
21:28:47.0792 5272 ElbyCDFL ( UnsignedFile.Multi.Generic ) - warning
21:28:47.0792 5272 ElbyCDFL - detected UnsignedFile.Multi.Generic (1)
21:28:47.0807 5272 ElbyCDIO (084a13f18856d610d44d3109a9d2acde) C:\Windows\system32\Drivers\ElbyCDIO.sys
21:28:47.0838 5272 ElbyCDIO ( UnsignedFile.Multi.Generic ) - warning
21:28:47.0838 5272 ElbyCDIO - detected UnsignedFile.Multi.Generic (1)
21:28:47.0885 5272 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:28:47.0916 5272 elxstor - ok
21:28:47.0932 5272 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:28:47.0963 5272 ErrDev - ok
21:28:48.0026 5272 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
21:28:48.0072 5272 EventSystem - ok
21:28:48.0088 5272 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:28:48.0150 5272 exfat - ok
21:28:48.0182 5272 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:28:48.0228 5272 fastfat - ok
21:28:48.0306 5272 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
21:28:48.0384 5272 Fax - ok
21:28:48.0416 5272 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:28:48.0447 5272 fdc - ok
21:28:48.0462 5272 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
21:28:48.0494 5272 fdPHost - ok
21:28:48.0525 5272 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
21:28:48.0572 5272 FDResPub - ok
21:28:48.0587 5272 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:28:48.0603 5272 FileInfo - ok
21:28:48.0618 5272 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:28:48.0650 5272 Filetrace - ok
21:28:48.0743 5272 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:28:48.0774 5272 FLEXnet Licensing Service - ok
21:28:48.0821 5272 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:28:48.0821 5272 flpydisk - ok
21:28:48.0852 5272 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:28:48.0868 5272 FltMgr - ok
21:28:48.0915 5272 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
21:28:48.0977 5272 FontCache - ok
21:28:49.0086 5272 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:28:49.0102 5272 FontCache3.0.0.0 - ok
21:28:49.0149 5272 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:28:49.0149 5272 FsDepends - ok
21:28:49.0180 5272 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
21:28:49.0196 5272 Fs_Rec - ok
21:28:49.0242 5272 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:28:49.0258 5272 fvevol - ok
21:28:49.0274 5272 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:28:49.0289 5272 gagp30kx - ok
21:28:49.0320 5272 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
21:28:49.0336 5272 GEARAspiWDM - ok
21:28:49.0383 5272 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
21:28:49.0430 5272 gpsvc - ok
21:28:49.0554 5272 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:28:49.0586 5272 gupdate - ok
21:28:49.0601 5272 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:28:49.0617 5272 gupdatem - ok
21:28:49.0648 5272 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:28:49.0679 5272 gusvc - ok
21:28:49.0726 5272 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:28:49.0757 5272 hcw85cir - ok
21:28:49.0788 5272 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:28:49.0820 5272 HDAudBus - ok
21:28:49.0835 5272 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:28:49.0866 5272 HidBatt - ok
21:28:49.0898 5272 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:28:49.0929 5272 HidBth - ok
21:28:49.0944 5272 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:28:49.0976 5272 HidIr - ok
21:28:50.0022 5272 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
21:28:50.0069 5272 hidserv - ok
21:28:50.0100 5272 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
21:28:50.0132 5272 HidUsb - ok
21:28:50.0147 5272 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
21:28:50.0194 5272 hkmsvc - ok
21:28:50.0225 5272 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
21:28:50.0272 5272 HomeGroupListener - ok
21:28:50.0319 5272 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
21:28:50.0334 5272 HomeGroupProvider - ok
21:28:50.0412 5272 hpqcxs08 (08457d8f8149757c70cea59c71ec5d27) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll
21:28:50.0412 5272 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
21:28:50.0412 5272 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
21:28:50.0444 5272 hpqddsvc (75cc8c5146a3fb76221a7606628778d5) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll
21:28:50.0475 5272 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
21:28:50.0475 5272 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
21:28:50.0490 5272 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:28:50.0506 5272 HpSAMD - ok
21:28:50.0553 5272 HPSLPSVC (83db5dd8be71cba5447fbd7a48fdbeda) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL
21:28:50.0584 5272 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
21:28:50.0584 5272 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
21:28:50.0646 5272 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:28:50.0709 5272 HTTP - ok
21:28:50.0740 5272 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:28:50.0756 5272 hwpolicy - ok
21:28:50.0771 5272 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:28:50.0802 5272 i8042prt - ok
21:28:50.0834 5272 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:28:50.0849 5272 iaStorV - ok
21:28:50.0958 5272 IDriverT (6f95324909b502e2651442c1548ab12f) c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:28:50.0974 5272 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:28:50.0974 5272 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:28:51.0114 5272 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:28:51.0161 5272 idsvc - ok
21:28:51.0302 5272 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:28:51.0302 5272 iirsp - ok
21:28:51.0364 5272 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
21:28:51.0411 5272 IKEEXT - ok
21:28:51.0536 5272 IntcAzAudAddService (3914ea9111dbeffaf1c68200817768ad) C:\Windows\system32\drivers\RTKVHDA.sys
21:28:51.0614 5272 IntcAzAudAddService - ok
21:28:51.0692 5272 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:28:51.0707 5272 intelide - ok
21:28:51.0738 5272 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:28:51.0770 5272 intelppm - ok
21:28:51.0801 5272 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
21:28:51.0832 5272 IPBusEnum - ok
21:28:51.0848 5272 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:28:51.0926 5272 IpFilterDriver - ok
21:28:52.0004 5272 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
21:28:52.0050 5272 iphlpsvc - ok
21:28:52.0066 5272 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:28:52.0097 5272 IPMIDRV - ok
21:28:52.0128 5272 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:28:52.0160 5272 IPNAT - ok
21:28:52.0269 5272 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
21:28:52.0300 5272 iPod Service - ok
21:28:52.0331 5272 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:28:52.0362 5272 IRENUM - ok
21:28:52.0378 5272 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:28:52.0394 5272 isapnp - ok
21:28:52.0425 5272 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:28:52.0440 5272 iScsiPrt - ok
21:28:52.0456 5272 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:28:52.0472 5272 kbdclass - ok
21:28:52.0487 5272 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
21:28:52.0503 5272 kbdhid - ok
21:28:52.0550 5272 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:28:52.0565 5272 KeyIso - ok
21:28:52.0596 5272 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
21:28:52.0612 5272 KSecDD - ok
21:28:52.0643 5272 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
21:28:52.0659 5272 KSecPkg - ok
21:28:52.0690 5272 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
21:28:52.0752 5272 KtmRm - ok
21:28:52.0815 5272 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
21:28:52.0846 5272 LanmanServer - ok
21:28:52.0893 5272 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
21:28:52.0924 5272 LanmanWorkstation - ok
21:28:53.0049 5272 LightScribeService (2238b91ac1a12cc6cc4c4fed41258b2a) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21:28:53.0080 5272 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
21:28:53.0080 5272 LightScribeService - detected UnsignedFile.Multi.Generic (1)
21:28:53.0127 5272 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:28:53.0189 5272 lltdio - ok
21:28:53.0236 5272 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
21:28:53.0314 5272 lltdsvc - ok
21:28:53.0330 5272 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
21:28:53.0361 5272 lmhosts - ok
21:28:53.0408 5272 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:28:53.0423 5272 LSI_FC - ok
21:28:53.0439 5272 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:28:53.0454 5272 LSI_SAS - ok
21:28:53.0454 5272 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:28:53.0470 5272 LSI_SAS2 - ok
21:28:53.0501 5272 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:28:53.0501 5272 LSI_SCSI - ok
21:28:53.0517 5272 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:28:53.0548 5272 luafv - ok
21:28:53.0579 5272 MBAMProtector - ok
21:28:53.0657 5272 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:28:53.0720 5272 MBAMService - ok
21:28:53.0782 5272 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
21:28:53.0798 5272 Mcx2Svc - ok
21:28:53.0813 5272 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:28:53.0829 5272 megasas - ok
21:28:53.0860 5272 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:28:53.0876 5272 MegaSR - ok
21:28:53.0922 5272 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:28:53.0969 5272 MMCSS - ok
21:28:53.0985 5272 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:28:54.0016 5272 Modem - ok
21:28:54.0047 5272 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:28:54.0078 5272 monitor - ok
21:28:54.0110 5272 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
21:28:54.0125 5272 mouclass - ok
21:28:54.0141 5272 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:28:54.0172 5272 mouhid - ok
21:28:54.0219 5272 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:28:54.0234 5272 mountmgr - ok
21:28:54.0328 5272 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:28:54.0359 5272 MozillaMaintenance - ok
21:28:54.0375 5272 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:28:54.0390 5272 mpio - ok
21:28:54.0422 5272 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:28:54.0468 5272 mpsdrv - ok
21:28:54.0500 5272 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
21:28:54.0562 5272 MpsSvc - ok
21:28:54.0593 5272 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:28:54.0624 5272 MRxDAV - ok
21:28:54.0671 5272 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:28:54.0702 5272 mrxsmb - ok
21:28:54.0718 5272 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:28:54.0734 5272 mrxsmb10 - ok
21:28:54.0749 5272 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:28:54.0780 5272 mrxsmb20 - ok
21:28:54.0796 5272 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:28:54.0812 5272 msahci - ok
21:28:54.0843 5272 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:28:54.0843 5272 msdsm - ok
21:28:54.0874 5272 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
21:28:54.0921 5272 MSDTC - ok
21:28:54.0952 5272 MSDV (114b67c324d64c8195fd3bf93b4df02a) C:\Windows\system32\DRIVERS\msdv.sys
21:28:54.0999 5272 MSDV - ok
21:28:55.0030 5272 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:28:55.0046 5272 Msfs - ok
21:28:55.0061 5272 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:28:55.0092 5272 mshidkmdf - ok
21:28:55.0108 5272 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:28:55.0108 5272 msisadrv - ok
21:28:55.0155 5272 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
21:28:55.0202 5272 MSiSCSI - ok
21:28:55.0217 5272 msiserver - ok
21:28:55.0248 5272 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:28:55.0326 5272 MSKSSRV - ok
21:28:55.0358 5272 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:28:55.0420 5272 MSPCLOCK - ok
21:28:55.0451 5272 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:28:55.0482 5272 MSPQM - ok
21:28:55.0498 5272 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:28:55.0514 5272 MsRPC - ok
21:28:55.0545 5272 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:28:55.0545 5272 mssmbios - ok
21:28:55.0576 5272 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:28:55.0592 5272 MSTEE - ok
21:28:55.0623 5272 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:28:55.0638 5272 MTConfig - ok
21:28:55.0654 5272 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:28:55.0654 5272 Mup - ok
21:28:55.0701 5272 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
21:28:55.0748 5272 napagent - ok
21:28:55.0779 5272 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:28:55.0810 5272 NativeWifiP - ok
21:28:55.0857 5272 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:28:55.0872 5272 NDIS - ok
21:28:55.0888 5272 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:28:55.0904 5272 NdisCap - ok
21:28:55.0935 5272 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:28:55.0966 5272 NdisTapi - ok
21:28:56.0013 5272 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:28:56.0075 5272 Ndisuio - ok
21:28:56.0122 5272 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:28:56.0184 5272 NdisWan - ok
21:28:56.0216 5272 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:28:56.0247 5272 NDProxy - ok
21:28:56.0434 5272 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
21:28:56.0465 5272 Nero BackItUp Scheduler 4.0 - ok
21:28:56.0496 5272 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\Windows\system32\HPZinw12.dll
21:28:56.0496 5272 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:28:56.0496 5272 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:28:56.0543 5272 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:28:56.0574 5272 NetBIOS - ok
21:28:56.0606 5272 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:28:56.0652 5272 NetBT - ok
21:28:56.0684 5272 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:28:56.0699 5272 Netlogon - ok
21:28:56.0730 5272 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
21:28:56.0777 5272 Netman - ok
21:28:56.0808 5272 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
21:28:56.0855 5272 netprofm - ok
21:28:56.0933 5272 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:28:56.0964 5272 NetTcpPortSharing - ok
21:28:56.0996 5272 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:28:57.0027 5272 nfrd960 - ok
21:28:57.0074 5272 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
21:28:57.0120 5272 NlaSvc - ok
21:28:57.0136 5272 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:28:57.0167 5272 Npfs - ok
21:28:57.0183 5272 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
21:28:57.0214 5272 nsi - ok
21:28:57.0230 5272 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:28:57.0261 5272 nsiproxy - ok
21:28:57.0323 5272 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:28:57.0370 5272 Ntfs - ok
21:28:57.0401 5272 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:28:57.0432 5272 Null - ok
21:28:57.0479 5272 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
21:28:57.0495 5272 NVENETFD - ok
21:28:57.0526 5272 NVNET (1de923088878b495cd4219e47ba34eb8) C:\Windows\system32\DRIVERS\nvmf6232.sys
21:28:57.0542 5272 NVNET - ok
21:28:57.0573 5272 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:28:57.0573 5272 nvraid - ok
21:28:57.0620 5272 nvrd32 (049e81b6fb41c73619ed3fe4df7d8638) C:\Windows\system32\DRIVERS\nvrd32.sys
21:28:57.0635 5272 nvrd32 - ok
21:28:57.0651 5272 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:28:57.0666 5272 nvstor - ok
21:28:57.0698 5272 nvstor32 (7eba6c9a0a295b1559efb9062e701218) C:\Windows\system32\DRIVERS\nvstor32.sys
21:28:57.0713 5272 nvstor32 - ok
21:28:57.0729 5272 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:28:57.0744 5272 nv_agp - ok
21:28:57.0760 5272 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:28:57.0791 5272 ohci1394 - ok
21:28:57.0854 5272 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:28:57.0869 5272 ose - ok
21:28:58.0041 5272 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:28:58.0181 5272 osppsvc - ok
21:28:58.0306 5272 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:28:58.0368 5272 p2pimsvc - ok
21:28:58.0415 5272 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
21:28:58.0446 5272 p2psvc - ok
21:28:58.0524 5272 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:28:58.0556 5272 Parport - ok
21:28:58.0587 5272 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
21:28:58.0587 5272 partmgr - ok
21:28:58.0618 5272 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:28:58.0649 5272 Parvdm - ok
21:28:58.0665 5272 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
21:28:58.0680 5272 PcaSvc - ok
21:28:58.0712 5272 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:28:58.0727 5272 pci - ok
21:28:58.0727 5272 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:28:58.0743 5272 pciide - ok
21:28:58.0774 5272 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:28:58.0790 5272 pcmcia - ok
21:28:58.0805 5272 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:28:58.0821 5272 pcw - ok
21:28:58.0852 5272 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:28:58.0899 5272 PEAUTH - ok
21:28:59.0008 5272 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
21:28:59.0133 5272 pla - ok
21:28:59.0242 5272 PLFlash DeviceIoControl Service (86b49480d4d9f24bd52976a90171d676) C:\Windows\system32\IoctlSvc.exe
21:28:59.0242 5272 PLFlash DeviceIoControl Service - ok
21:28:59.0289 5272 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
21:28:59.0336 5272 PlugPlay - ok
21:28:59.0367 5272 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\Windows\system32\HPZipm12.dll
21:28:59.0367 5272 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:28:59.0367 5272 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:28:59.0398 5272 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
21:28:59.0429 5272 PNRPAutoReg - ok
21:28:59.0460 5272 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:28:59.0476 5272 PNRPsvc - ok
21:28:59.0538 5272 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
21:28:59.0554 5272 Point32 - ok
21:28:59.0585 5272 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
21:28:59.0632 5272 PolicyAgent - ok
21:28:59.0663 5272 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
21:28:59.0694 5272 Power - ok
21:28:59.0726 5272 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:28:59.0772 5272 PptpMiniport - ok
21:28:59.0788 5272 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:28:59.0819 5272 Processor - ok
21:28:59.0866 5272 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
21:28:59.0913 5272 ProfSvc - ok
21:28:59.0944 5272 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:28:59.0975 5272 ProtectedStorage - ok
21:29:00.0006 5272 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
21:29:00.0006 5272 Ps2 ( UnsignedFile.Multi.Generic ) - warning
21:29:00.0006 5272 Ps2 - detected UnsignedFile.Multi.Generic (1)
21:29:00.0053 5272 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:29:00.0100 5272 Psched - ok
21:29:00.0131 5272 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
21:29:00.0147 5272 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
21:29:00.0147 5272 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
21:29:00.0178 5272 qjhgdi (e6d35f3aa51a65eb35c1f2340154a25e) C:\Windows\system32\drivers\rlhwrpj.sys
21:29:00.0194 5272 qjhgdi ( UnsignedFile.Multi.Generic ) - warning
21:29:00.0194 5272 qjhgdi - detected UnsignedFile.Multi.Generic (1)
21:29:00.0240 5272 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:29:00.0287 5272 ql2300 - ok
21:29:00.0428 5272 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:29:00.0459 5272 ql40xx - ok
21:29:00.0490 5272 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
21:29:00.0537 5272 QWAVE - ok
21:29:00.0552 5272 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:29:00.0584 5272 QWAVEdrv - ok
21:29:00.0646 5272 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
21:29:00.0662 5272 RapiMgr - ok
21:29:00.0677 5272 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:29:00.0708 5272 RasAcd - ok
21:29:00.0755 5272 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:29:00.0786 5272 RasAgileVpn - ok
21:29:00.0802 5272 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
21:29:00.0833 5272 RasAuto - ok
21:29:00.0864 5272 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:29:00.0896 5272 Rasl2tp - ok
21:29:00.0958 5272 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
21:29:01.0036 5272 RasMan - ok
21:29:01.0067 5272 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:29:01.0114 5272 RasPppoe - ok
21:29:01.0130 5272 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:29:01.0176 5272 RasSstp - ok
21:29:01.0223 5272 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:29:01.0270 5272 rdbss - ok
21:29:01.0286 5272 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:29:01.0301 5272 rdpbus - ok
21:29:01.0332 5272 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:29:01.0364 5272 RDPCDD - ok
21:29:01.0379 5272 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:29:01.0410 5272 RDPENCDD - ok
21:29:01.0426 5272 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:29:01.0488 5272 RDPREFMP - ok
21:29:01.0520 5272 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
21:29:01.0566 5272 RDPWD - ok
21:29:01.0629 5272 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:29:01.0644 5272 rdyboost - ok
21:29:01.0676 5272 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
21:29:01.0722 5272 RemoteAccess - ok
21:29:01.0754 5272 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
21:29:01.0800 5272 RemoteRegistry - ok
21:29:01.0925 5272 RoxMediaDB9 (00f3e30d63078fc4b543c32fd7337a7b) c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
21:29:01.0956 5272 RoxMediaDB9 - ok
21:29:01.0988 5272 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
21:29:02.0019 5272 RpcEptMapper - ok
21:29:02.0050 5272 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
21:29:02.0081 5272 RpcLocator - ok
21:29:02.0112 5272 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:29:02.0144 5272 RpcSs - ok
21:29:02.0237 5272 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:29:02.0284 5272 rspndr - ok
21:29:02.0315 5272 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:29:02.0315 5272 SamSs - ok
21:29:02.0362 5272 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:29:02.0362 5272 sbp2port - ok
21:29:02.0378 5272 SBRE - ok
21:29:02.0409 5272 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
21:29:02.0440 5272 SCardSvr - ok
21:29:02.0471 5272 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:29:02.0518 5272 scfilter - ok
21:29:02.0565 5272 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
21:29:02.0596 5272 Schedule - ok
21:29:02.0627 5272 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:29:02.0658 5272 SCPolicySvc - ok
21:29:02.0690 5272 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
21:29:02.0752 5272 SDRSVC - ok
21:29:02.0799 5272 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:29:02.0877 5272 secdrv - ok
21:29:02.0892 5272 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
21:29:02.0939 5272 seclogon - ok
21:29:02.0970 5272 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
21:29:03.0002 5272 SENS - ok
21:29:03.0033 5272 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
21:29:03.0064 5272 SensrSvc - ok
21:29:03.0095 5272 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:29:03.0126 5272 Serenum - ok
21:29:03.0189 5272 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:29:03.0204 5272 Serial - ok
21:29:03.0251 5272 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:29:03.0251 5272 sermouse - ok
21:29:03.0314 5272 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
21:29:03.0392 5272 SessionEnv - ok
21:29:03.0407 5272 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:29:03.0438 5272 sffdisk - ok
21:29:03.0454 5272 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:29:03.0470 5272 sffp_mmc - ok
21:29:03.0485 5272 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:29:03.0485 5272 sffp_sd - ok
21:29:03.0516 5272 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:29:03.0532 5272 sfloppy - ok
21:29:03.0579 5272 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
21:29:03.0626 5272 SharedAccess - ok
21:29:03.0672 5272 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
21:29:03.0704 5272 ShellHWDetection - ok
21:29:03.0719 5272 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:29:03.0735 5272 sisagp - ok
21:29:03.0750 5272 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:29:03.0766 5272 SiSRaid2 - ok
21:29:03.0797 5272 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:29:03.0797 5272 SiSRaid4 - ok
21:29:03.0828 5272 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:29:03.0860 5272 Smb - ok
21:29:03.0906 5272 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
21:29:03.0938 5272 SNMPTRAP - ok
21:29:03.0969 5272 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:29:03.0984 5272 spldr - ok
21:29:04.0031 5272 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
21:29:04.0078 5272 Spooler - ok
21:29:04.0187 5272 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
21:29:04.0265 5272 sppsvc - ok
21:29:04.0374 5272 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
21:29:04.0452 5272 sppuinotify - ok
21:29:04.0515 5272 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:29:04.0577 5272 srv - ok
21:29:04.0608 5272 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:29:04.0640 5272 srv2 - ok
21:29:04.0671 5272 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:29:04.0686 5272 srvnet - ok
21:29:04.0733 5272 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
21:29:04.0796 5272 SSDPSRV - ok
21:29:04.0827 5272 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
21:29:04.0827 5272 ssmdrv - ok
21:29:04.0858 5272 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
21:29:04.0905 5272 SstpSvc - ok
21:29:04.0936 5272 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:29:04.0952 5272 stexstor - ok
21:29:04.0983 5272 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
21:29:04.0998 5272 StillCam - ok
21:29:05.0061 5272 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
21:29:05.0108 5272 StiSvc - ok
21:29:05.0201 5272 stllssvr (d4ce4d370a26ae1bf41be9f69d24d049) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
21:29:05.0232 5272 stllssvr - ok
21:29:05.0248 5272 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:29:05.0264 5272 swenum - ok
21:29:05.0310 5272 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
21:29:05.0342 5272 swprv - ok
21:29:05.0404 5272 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
21:29:05.0451 5272 SysMain - ok
21:29:05.0482 5272 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
21:29:05.0498 5272 TabletInputService - ok
21:29:05.0544 5272 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
21:29:05.0607 5272 TapiSrv - ok
21:29:05.0669 5272 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
21:29:05.0732 5272 TBS - ok
21:29:05.0841 5272 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
21:29:05.0903 5272 Tcpip - ok
21:29:05.0903 5272 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
21:29:05.0950 5272 TCPIP6 - ok
21:29:05.0981 5272 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:29:06.0028 5272 tcpipreg - ok
21:29:06.0044 5272 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:29:06.0106 5272 TDPIPE - ok
21:29:06.0122 5272 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
21:29:06.0168 5272 TDTCP - ok
21:29:06.0200 5272 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:29:06.0246 5272 tdx - ok
21:29:06.0278 5272 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
21:29:06.0293 5272 TermDD - ok
21:29:06.0340 5272 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
21:29:06.0402 5272 TermService - ok
21:29:06.0434 5272 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
21:29:06.0449 5272 Themes - ok
21:29:06.0480 5272 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:29:06.0512 5272 THREADORDER - ok
21:29:06.0527 5272 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
21:29:06.0574 5272 TrkWks - ok
21:29:06.0636 5272 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
21:29:06.0714 5272 TrustedInstaller - ok
21:29:06.0761 5272 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:29:06.0777 5272 tssecsrv - ok
21:29:06.0824 5272 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:29:06.0839 5272 TsUsbFlt - ok
21:29:06.0902 5272 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:29:06.0933 5272 tunnel - ok
21:29:06.0964 5272 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:29:06.0980 5272 uagp35 - ok
21:29:07.0026 5272 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:29:07.0104 5272 udfs - ok
21:29:07.0136 5272 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
21:29:07.0182 5272 UI0Detect - ok
21:29:07.0198 5272 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:29:07.0214 5272 uliagpkx - ok
21:29:07.0245 5272 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
21:29:07.0260 5272 umbus - ok
21:29:07.0276 5272 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:29:07.0292 5272 UmPass - ok
21:29:07.0323 5272 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
21:29:07.0354 5272 upnphost - ok
21:29:07.0401 5272 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
21:29:07.0432 5272 USBAAPL - ok
21:29:07.0448 5272 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
21:29:07.0479 5272 usbccgp - ok
21:29:07.0479 5272 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:29:07.0510 5272 usbcir - ok
21:29:07.0541 5272 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
21:29:07.0557 5272 usbehci - ok
21:29:07.0572 5272 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
21:29:07.0588 5272 usbhub - ok
21:29:07.0604 5272 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
21:29:07.0650 5272 usbohci - ok
21:29:07.0682 5272 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:29:07.0713 5272 usbprint - ok
21:29:07.0728 5272 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:29:07.0775 5272 USBSTOR - ok
21:29:07.0791 5272 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
21:29:07.0838 5272 usbuhci - ok
21:29:07.0869 5272 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
21:29:07.0869 5272 usb_rndisx - ok
21:29:07.0916 5272 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
21:29:07.0931 5272 UxSms - ok
21:29:07.0962 5272 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:29:07.0978 5272 VaultSvc - ok
21:29:08.0009 5272 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:29:08.0025 5272 vdrvroot - ok
21:29:08.0072 5272 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
21:29:08.0103 5272 vds - ok
21:29:08.0134 5272 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:29:08.0165 5272 vga - ok
21:29:08.0181 5272 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:29:08.0228 5272 VgaSave - ok
21:29:08.0243 5272 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:29:08.0259 5272 vhdmp - ok
21:29:08.0274 5272 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:29:08.0290 5272 viaagp - ok
21:29:08.0306 5272 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:29:08.0337 5272 ViaC7 - ok
21:29:08.0352 5272 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:29:08.0368 5272 viaide - ok
21:29:08.0384 5272 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:29:08.0399 5272 volmgr - ok
21:29:08.0430 5272 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:29:08.0446 5272 volmgrx - ok
21:29:08.0462 5272 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:29:08.0477 5272 volsnap - ok
21:29:08.0493 5272 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:29:08.0508 5272 vsmraid - ok
21:29:08.0571 5272 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
21:29:08.0618 5272 VSS - ok
21:29:08.0633 5272 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
21:29:08.0664 5272 vwifibus - ok
21:29:08.0696 5272 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
21:29:08.0711 5272 vwififlt - ok
21:29:08.0758 5272 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
21:29:08.0789 5272 W32Time - ok
21:29:08.0805 5272 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:29:08.0852 5272 WacomPen - ok
21:29:08.0914 5272 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:29:08.0961 5272 WANARP - ok
21:29:08.0961 5272 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:29:08.0992 5272 Wanarpv6 - ok
21:29:09.0054 5272 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
21:29:09.0132 5272 wbengine - ok
21:29:09.0164 5272 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
21:29:09.0195 5272 WbioSrvc - ok
21:29:09.0242 5272 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
21:29:09.0273 5272 WcesComm - ok
21:29:09.0320 5272 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
21:29:09.0366 5272 wcncsvc - ok
21:29:09.0382 5272 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
21:29:09.0444 5272 WcsPlugInService - ok
21:29:09.0507 5272 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:29:09.0538 5272 Wd - ok
21:29:09.0569 5272 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:29:09.0600 5272 Wdf01000 - ok
21:29:09.0600 5272 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:29:09.0678 5272 WdiServiceHost - ok
21:29:09.0694 5272 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:29:09.0710 5272 WdiSystemHost - ok
21:29:09.0756 5272 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
21:29:09.0803 5272 WebClient - ok
21:29:09.0819 5272 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
21:29:09.0850 5272 Wecsvc - ok
21:29:09.0881 5272 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
21:29:09.0928 5272 wercplsupport - ok
21:29:09.0975 5272 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
21:29:10.0006 5272 WerSvc - ok
21:29:10.0037 5272 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:29:10.0068 5272 WfpLwf - ok
21:29:10.0084 5272 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:29:10.0084 5272 WIMMount - ok
21:29:10.0209 5272 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
21:29:10.0271 5272 WinDefend - ok
21:29:10.0271 5272 WinHttpAutoProxySvc - ok
21:29:10.0349 5272 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
21:29:10.0396 5272 Winmgmt - ok
21:29:10.0458 5272 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
21:29:10.0521 5272 WinRM - ok
21:29:10.0630 5272 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
21:29:10.0646 5272 WinUsb - ok
21:29:10.0692 5272 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
21:29:10.0724 5272 Wlansvc - ok
21:29:10.0880 5272 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:29:10.0942 5272 wlidsvc - ok
21:29:11.0098 5272 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
21:29:11.0114 5272 WmiAcpi - ok
21:29:11.0176 5272 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
21:29:11.0223 5272 wmiApSrv - ok
21:29:11.0379 5272 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:29:11.0457 5272 WMPNetworkSvc - ok
21:29:11.0488 5272 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
21:29:11.0519 5272 WPCSvc - ok
21:29:11.0550 5272 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
21:29:11.0582 5272 WPDBusEnum - ok
21:29:11.0660 5272 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:29:11.0691 5272 ws2ifsl - ok
21:29:11.0722 5272 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
21:29:11.0738 5272 wscsvc - ok
21:29:11.0738 5272 WSearch - ok
21:29:11.0816 5272 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
21:29:11.0878 5272 wuauserv - ok
21:29:11.0987 5272 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:29:12.0034 5272 WudfPf - ok
21:29:12.0065 5272 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:29:12.0096 5272 WUDFRd - ok
21:29:12.0143 5272 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
21:29:12.0174 5272 wudfsvc - ok
21:29:12.0206 5272 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
21:29:12.0237 5272 WwanSvc - ok
21:29:12.0284 5272 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:29:12.0315 5272 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
21:29:12.0315 5272 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
21:29:12.0393 5272 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:29:12.0393 5272 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:29:12.0393 5272 Boot (0x1200) (adeab7de14e4ae7acfc4102551fa070f) \Device\Harddisk0\DR0\Partition0
21:29:12.0393 5272 \Device\Harddisk0\DR0\Partition0 - ok
21:29:12.0408 5272 Boot (0x1200) (c581ad0c9085fe921e16b80f6d3c913a) \Device\Harddisk0\DR0\Partition1
21:29:12.0424 5272 \Device\Harddisk0\DR0\Partition1 - ok
21:29:12.0440 5272 Boot (0x1200) (65ddd6cbd7db49b1f7435706c2c9a633) \Device\Harddisk0\DR0\Partition2
21:29:12.0440 5272 \Device\Harddisk0\DR0\Partition2 - ok
21:29:12.0440 5272 ============================================================
21:29:12.0440 5272 Scan finished
21:29:12.0440 5272 ============================================================
21:29:12.0455 5448 Detected object count: 15
21:29:12.0455 5448 Actual detected object count: 15
21:32:05.0308 5448 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:05.0308 5448 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:32:05.0324 5448 ElbyCDFL ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:05.0324 5448 ElbyCDFL ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:32:05.0324 5448 ElbyCDIO ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:05.0324 5448 ElbyCDIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:32:05.0324 5448 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:05.0324 5448 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:32:05.0324 5448 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:05.0324 5448 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:32:05.0324 5448 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:05.0324 5448 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:32:05.0339 5448 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:05.0339 5448 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:32:05.0339 5448 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:05.0339 5448 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:32:05.0339 5448 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:05.0339 5448 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:32:05.0339 5448 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:05.0339 5448 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:32:05.0339 5448 Ps2 ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:05.0339 5448 Ps2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:32:05.0339 5448 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:05.0339 5448 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:32:05.0355 5448 qjhgdi ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:05.0355 5448 qjhgdi ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:32:05.0901 5448 \Device\Harddisk0\DR0\# - copied to quarantine
21:32:05.0901 5448 \Device\Harddisk0\DR0 - copied to quarantine
21:32:05.0932 5448 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
21:32:05.0932 5448 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
21:32:05.0963 5448 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
21:32:05.0963 5448 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
21:32:05.0979 5448 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
21:32:05.0995 5448 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
21:32:05.0995 5448 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
21:32:06.0010 5448 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
21:32:06.0010 5448 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
21:32:06.0026 5448 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:32:06.0057 5448 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:32:06.0073 5448 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:32:06.0073 5448 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:32:06.0088 5448 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
21:32:06.0104 5448 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
21:32:06.0104 5448 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
21:32:06.0104 5448 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
21:32:06.0166 5448 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
21:32:06.0197 5448 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
21:32:06.0244 5448 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
21:32:06.0244 5448 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
21:32:06.0541 5448 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
21:32:06.0541 5448 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
21:32:06.0556 5448 \Device\Harddisk0\DR0 - ok
21:32:06.0915 5448 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
21:32:06.0915 5448 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:32:06.0915 5448 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
|
|
29.06.2012, 20:35
| #7 |
| /// Malware-holic | Google öffnet andere seiten als gewählt hi nutzt du den pc für onlinebanking, einkäufe, sonstige zahlungsabwicklungen, oder ähnlich wichtiges, wie berufliches?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
30.06.2012, 10:23
| #8 |
| | Google öffnet andere seiten als gewählt seit der infektion nicht mehr. vorher einkäufe, onlinebanking und hauptsächlich beruflich (seo, onlinemarketing etc) . warum fragst du ? |
|
30.06.2012, 14:44
| #9 |
| /// Malware-holic | Google öffnet andere seiten als gewählt wenn du onlinebanking machst, rufe die bank an, notfall nummer: 116 116 onlinebanking wegen rootkit befall sperren lassen. der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Google öffnet andere seiten als gewählt |
| 32 bit, 7-zip, ad-aware, alternate, antivir, avira, browser, converter, dateisystem, document, error, excel, firefox, flash player, google, heuristiks/extra, heuristiks/shuriken, home, iexplore.exe, install.exe, logfile, microsoft office word, mp3, officejet, plug-in, realtek, scan, searchscopes, security, senden, sparbuch, trojaner, version=1.0, viren, virus, windows, wiso, öffnet andere seiten |
