Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Google öffnet andere seiten als gewählt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.06.2012, 16:12   #1
thompson1
 
Google öffnet andere seiten als gewählt - Standard

Google öffnet andere seiten als gewählt



Hallo zusammen,

bin ganz neu und frisch hier. hab über die google suche zu euch gefunden, da mein rechner mir seit mehr als einer woche probleme macht.

als aller erstes bekam ich den virus oder was auch immer, der sich wohl data recovery nennt. ich hatte keinen zugriff mehr auf dateien und ordner. das hatte ich dann meines erachtens mal im griff.

als zweites bekam ich dann auf einmal meldungen von live security platinum, dass weitere viren etc. platzierte.

wärend des ganzen szenarios hatte ich probleme mit allen browsern und google. insbesondere wenn ich nach trojaner, viren etc. suchte und auf ein ergebnis klickte, öffneten sich andere seiten bzw. wurde im hintergrund andere seiten nachgeladen. teils werden auch auf einmal werbetexte gesprochen, obwohl man kein fenster eines browsers sieht.

was hab ich bereits gemacht:

virenprüfung mit avira free - ohne erfolg -
malewarebyte prüfung mit einigen funden und löschungen
unhide programm eingesetzt um ordner und startmenü wieder zu sehen. nur teilerfolge. startmenü - programme hat noch immer sehr viele leere ordner.
roguekiller.exe eingesetzt - scan und entfernungen
otl.exe ausgeführt und logs erstellt

offene probleme:
- startmenü - programme einträge fehlen
- google öffnet falsche seiten
- sicher noch weitere viren, trojaner und rootkits (sofern mein laienverstand)

otl.txt
Code:
ATTFilter
OTL logfile created on: 28.06.2012 22:49:41 - Run 1
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\thompson\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,49% Memory free
4,00 Gb Paging File | 2,85 Gb Available in Paging File | 71,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 234,08 Gb Total Space | 63,79 Gb Free Space | 27,25% Space Free | Partition Type: NTFS
Drive D: | 6,09 Gb Total Space | 0,88 Gb Free Space | 14,39% Space Free | Partition Type: NTFS
Drive K: | 225,58 Gb Total Space | 205,66 Gb Free Space | 91,17% Space Free | Partition Type: NTFS
 
Computer Name: THOMPSON-PC | User Name: thompson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.28 20:24:27 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\thompson\Desktop\OTL.exe
PRC - [2012.05.08 18:43:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 18:43:50 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 18:43:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 18:43:50 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.08.10 16:39:48 | 001,313,640 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliType Pro\itype.exe
PRC - [2011.08.01 15:56:42 | 001,821,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.21 02:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.10.07 11:12:22 | 001,086,760 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
PRC - [2009.09.23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2008.07.22 19:33:36 | 000,150,528 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe
PRC - [2007.01.18 16:46:00 | 004,349,952 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.09.28 15:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.06.20 17:34:12 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.11 17:24:14 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 18:43:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 18:43:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.27 17:59:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.09.23 23:42:26 | 000,249,344 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009.09.23 23:37:54 | 000,694,784 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2009.09.23 23:28:30 | 000,133,120 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2009.09.23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.08 18:43:54 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 18:43:54 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.05.18 08:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.08.12 12:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.10.09 03:37:44 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2007.10.26 18:51:26 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.10.26 18:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2005.12.12 18:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005.05.03 17:34:02 | 000,027,392 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{BBCAA50B-B1AD-4DBB-97F1-15A17A771FFA}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&client=&rlz=1I7HPEA_deDE226
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.31 12:12:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.13 18:27:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.13 18:27:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.31 12:12:07 | 000,000,000 | ---D | M]
 
[2009.12.20 16:57:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thompson\AppData\Roaming\mozilla\Extensions
[2009.03.27 18:56:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thompson\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012.06.12 20:22:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thompson\AppData\Roaming\mozilla\Firefox\Profiles\91s4v81v.default\extensions
[2012.06.12 20:22:01 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\thompson\AppData\Roaming\mozilla\Firefox\Profiles\91s4v81v.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010.05.13 11:25:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\thompson\AppData\Roaming\mozilla\Firefox\Profiles\91s4v81v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.06.09 20:00:10 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\thompson\AppData\Roaming\mozilla\Firefox\Profiles\91s4v81v.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2012.01.22 20:16:14 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\thompson\AppData\Roaming\mozilla\Firefox\Profiles\91s4v81v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.13 19:39:05 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\thompson\AppData\Roaming\mozilla\Firefox\Profiles\91s4v81v.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009.12.20 16:57:25 | 000,000,000 | ---D | M] (SeoQuake Plugin - Seolinx) -- C:\Users\thompson\AppData\Roaming\mozilla\Firefox\Profiles\91s4v81v.default\extensions\seoquake-plugin-seolinx@seoquake.com
[2012.01.06 12:48:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.12.20 16:35:08 | 000,000,000 | ---D | M] (Long Titles) -- C:\PROGRAM FILES\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF}
[2012.05.11 17:24:14 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.13 19:46:40 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.13 19:46:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.13 19:46:40 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.13 19:46:40 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.13 19:46:40 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.13 19:46:40 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.06.26 20:34:50 | 000,000,726 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\thompson\AppData\Roaming\Mozilla\Firefox\Profiles\91s4v81v.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.77.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [hpqSRMon] C:\Programme\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKCU..\Run: [IBP]  File not found
O4 - Startup: C:\Users\thompson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\thompson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\thompson\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\thompson\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab (IPSUploader Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://seva.f-i.de/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A61794B-8259-46CA-9461-B02AE529ACF8}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.28 20:24:15 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\thompson\Desktop\OTL.exe
[2012.06.28 17:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.28 17:51:30 | 000,000,000 | ---D | C] -- C:\Users\thompson\Desktop\Tweaking.com - Unhide Non System Files
[2012.06.27 18:49:28 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\Windows Desktop Search
[2012.06.27 18:49:28 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\Sun
[2012.06.27 18:49:28 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\Skype
[2012.06.27 18:49:28 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\Opera
[2012.06.27 18:49:28 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\ICQ
[2012.06.27 18:49:28 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\Google Inc
[2012.06.27 18:49:28 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\Dropbox
[2012.06.27 18:44:44 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\Help
[2012.06.27 18:42:21 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
[2012.06.27 18:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D562590032C9340147612CB4EB23C1
[2012.06.27 18:40:00 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\TeamViewer
[2012.06.27 18:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012.06.26 21:00:52 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\Malwarebytes
[2012.06.26 21:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.26 21:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.26 20:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2012.06.25 18:12:59 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012.06.25 18:09:53 | 000,203,088 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012.06.25 18:09:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012.06.25 18:09:17 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012.06.25 18:09:16 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Roaming\TestApp
[2012.06.21 20:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\Market Samurai
[2012.06.20 18:23:21 | 000,000,000 | ---D | C] -- C:\Users\thompson\AppData\Local\Macromedia
[2012.06.19 19:55:21 | 000,000,000 | ---D | C] -- C:\Users\thompson\Desktop\thesis_185
[2012.06.13 18:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.06.13 18:34:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.06.13 18:34:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.06.13 18:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.28 22:50:57 | 000,009,504 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.28 22:50:57 | 000,009,504 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.28 22:44:37 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.28 22:44:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.28 22:43:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.28 22:43:13 | 1609,474,048 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.28 22:15:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.28 20:24:27 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\thompson\Desktop\OTL.exe
[2012.06.28 18:50:23 | 000,127,458 | ---- | M] () -- C:\Users\thompson\.ranktracker.properties
[2012.06.28 18:50:23 | 000,019,703 | ---- | M] () -- C:\Users\thompson\Documents\www.muskelbody.info.stk
[2012.06.28 18:50:23 | 000,018,878 | ---- | M] () -- C:\Users\thompson\Documents\www.muskelbody.de.stk
[2012.06.28 18:50:23 | 000,018,760 | ---- | M] () -- C:\Users\thompson\Documents\www.kickboxxen.de.stk
[2012.06.28 18:50:23 | 000,017,686 | ---- | M] () -- C:\Users\thompson\Documents\www.sportsuche.info.stk
[2012.06.28 18:50:23 | 000,017,473 | ---- | M] () -- C:\Users\thompson\Documents\www.thaiboxxen.de.stk
[2012.06.28 18:50:23 | 000,014,780 | ---- | M] () -- C:\Users\thompson\Documents\www.amerika-fans.de.stk
[2012.06.28 18:20:00 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\20090511_181600_thompson2.job
[2012.06.28 18:03:53 | 000,000,036 | ---- | M] () -- C:\Users\thompson\AppData\Local\housecall.guid.cache
[2012.06.28 17:55:49 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.28 17:51:02 | 000,555,748 | ---- | M] () -- C:\Users\thompson\Desktop\Tweaking.com-UnhideNonSystemFiles.exe
[2012.06.28 17:40:39 | 001,545,216 | ---- | M] () -- C:\Users\thompson\Desktop\RogueKiller.exe
[2012.06.27 17:58:38 | 000,657,428 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.27 17:58:38 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.27 17:58:38 | 000,130,818 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.27 17:58:38 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.26 23:24:56 | 000,001,190 | ---- | M] () -- C:\Windows\System32\ServiceConfig.xml
[2012.06.26 23:24:55 | 000,000,334 | ---- | M] () -- C:\Windows\System32\CountScans.XML
[2012.06.26 23:24:53 | 000,001,738 | ---- | M] () -- C:\Windows\System32\EmailAVConfig.xml
[2012.06.26 16:20:17 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_0_00_re.pad
[2012.06.25 18:11:18 | 001,530,075 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012.06.22 19:58:03 | 000,608,181 | ---- | M] () -- C:\Users\thompson\.spyglass.properties
[2012.06.22 19:58:03 | 000,418,952 | ---- | M] () -- C:\Users\thompson\Documents\www.kickboxxen.de.spy
[2012.06.22 19:58:03 | 000,048,121 | ---- | M] () -- C:\Users\thompson\Documents\www.amerika-fans.de.spy
[2012.06.21 20:16:42 | 000,704,512 | ---- | M] () -- C:\Users\thompson\Documents\Kickboxen.msam
[2012.06.21 17:59:17 | 000,333,504 | ---- | M] () -- C:\Users\thompson\.ranktracker.properties.bak
[2012.06.20 17:52:06 | 000,128,201 | ---- | M] () -- C:\Users\thompson\Documents\www.fitness4beginner.com.stk
[2012.06.20 17:52:06 | 000,111,770 | ---- | M] () -- C:\Users\thompson\Documents\www.bodybuilding4beginner.com.stk
[2012.06.20 17:52:06 | 000,109,667 | ---- | M] () -- C:\Users\thompson\Documents\www.power-bodybuilding.de.stk
[2012.06.20 17:52:06 | 000,104,993 | ---- | M] () -- C:\Users\thompson\Documents\www.fit54.de.stk
[2012.06.20 17:52:06 | 000,098,484 | ---- | M] () -- C:\Users\thompson\Documents\www.classic-bodybuilding.de.stk
[2012.06.16 20:57:00 | 000,140,250 | ---- | M] () -- C:\Users\thompson\Documents\www.kickboxen24.de.spy
[2012.06.14 17:31:41 | 000,490,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.06 11:33:37 | 001,157,820 | ---- | M] () -- C:\Users\thompson\Desktop\SEO-mit-Koepfchen.pdf
[2012.06.03 12:58:14 | 000,194,363 | ---- | M] () -- C:\Users\thompson\Documents\www.urlaub-erlebnisse.de.spy
[2012.06.03 12:58:12 | 000,251,693 | ---- | M] () -- C:\Users\thompson\Documents\www.thaiboxxen.de.spy
[2012.06.01 19:33:01 | 000,208,102 | ---- | M] () -- C:\Users\thompson\Documents\www.onlinemarks.de.spy
 
========== Files Created - No Company Name ==========
 
[2012.06.28 18:03:53 | 000,000,036 | ---- | C] () -- C:\Users\thompson\AppData\Local\housecall.guid.cache
[2012.06.28 17:55:49 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.28 17:51:02 | 000,555,748 | ---- | C] () -- C:\Users\thompson\Desktop\Tweaking.com-UnhideNonSystemFiles.exe
[2012.06.28 17:40:29 | 001,545,216 | ---- | C] () -- C:\Users\thompson\Desktop\RogueKiller.exe
[2012.06.26 23:24:56 | 000,001,190 | ---- | C] () -- C:\Windows\System32\ServiceConfig.xml
[2012.06.26 23:24:55 | 000,000,334 | ---- | C] () -- C:\Windows\System32\CountScans.XML
[2012.06.26 23:24:53 | 000,001,738 | ---- | C] () -- C:\Windows\System32\EmailAVConfig.xml
[2012.06.26 09:25:19 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_0_00_re.pad
[2012.06.25 18:10:00 | 001,530,075 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2012.06.21 18:06:22 | 000,127,458 | ---- | C] () -- C:\Users\thompson\.ranktracker.properties
[2012.06.16 20:57:00 | 000,140,250 | ---- | C] () -- C:\Users\thompson\Documents\www.kickboxen24.de.spy
[2012.06.06 11:33:37 | 001,157,820 | ---- | C] () -- C:\Users\thompson\Desktop\SEO-mit-Koepfchen.pdf
[2012.06.03 12:58:15 | 000,048,121 | ---- | C] () -- C:\Users\thompson\Documents\www.amerika-fans.de.spy
[2012.06.03 12:58:14 | 000,194,363 | ---- | C] () -- C:\Users\thompson\Documents\www.urlaub-erlebnisse.de.spy
[2011.12.31 13:44:50 | 000,000,288 | ---- | C] () -- C:\Users\thompson\AppData\Roaming\.backup.dm
[2011.11.13 16:05:55 | 000,001,464 | ---- | C] () -- C:\Users\thompson\.recently-used.xbel
[2011.11.03 19:56:07 | 000,000,167 | ---- | C] () -- C:\Users\thompson\udownload.dat
[2011.05.27 16:42:00 | 000,333,504 | ---- | C] () -- C:\Users\thompson\.ranktracker.properties.bak
[2011.05.24 17:51:37 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.04.01 18:04:09 | 000,455,542 | ---- | C] () -- C:\Users\thompson\.linkassistant.properties
[2010.04.01 18:01:42 | 002,728,079 | ---- | C] () -- C:\Users\thompson\.websiteauditor.properties
[2010.02.11 18:48:04 | 000,003,584 | ---- | C] () -- C:\Users\thompson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.20 17:25:04 | 000,000,306 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2009.12.13 15:49:24 | 000,000,134 | ---- | C] () -- C:\Users\thompson\AppData\Roaming\default.rss
[2009.03.27 19:04:20 | 000,608,181 | ---- | C] () -- C:\Users\thompson\.spyglass.properties
[2009.03.27 19:00:25 | 000,469,445 | ---- | C] () -- C:\Users\thompson\.ranktracker.properties.alt
[2009.02.17 21:41:10 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL899.DBF
[2009.02.17 21:41:10 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL504.DBF
[2009.02.17 21:41:01 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL987.DBF
[2009.02.17 21:41:01 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL140.DBF
[2009.02.17 21:37:33 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL791.DBF
[2009.02.17 21:37:33 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL161.DBF
[2009.02.17 21:37:06 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL584.DBF
[2009.02.17 21:37:06 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL441.DBF
[2009.02.17 21:36:39 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL991.DBF
[2009.02.17 21:36:39 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL107.DBF
[2009.02.17 21:36:21 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL525.DBF
[2009.02.17 21:36:21 | 000,000,118 | ---- | C] () -- C:\Program Files\_QSQL389.DBF
[2008.03.11 11:18:06 | 000,000,000 | ---- | C] () -- C:\Users\thompson\tracert
[2008.02.14 17:49:41 | 000,000,400 | ---- | C] () -- C:\Users\thompson\AppData\Roaming\wklnhst.dat
 
========== LOP Check ==========
 
[2012.03.27 18:46:02 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Article Marketing Robot
[2009.12.20 16:56:55 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Artisteer
[2012.06.27 18:49:28 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Dropbox
[2012.01.22 20:16:56 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\DVDVideoSoft
[2012.01.22 20:16:13 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.12.20 16:56:55 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Elaborate Bytes
[2011.11.27 18:17:57 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\EurekaLog
[2012.06.22 19:12:04 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\FileZilla
[2009.12.20 16:56:56 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\FireShot
[2011.11.13 16:05:55 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\gtk-2.0
[2009.12.20 16:56:56 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Haufe
[2009.12.22 21:34:07 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\IBP
[2012.06.27 18:49:28 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\ICQ
[2010.01.25 20:28:53 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Image Zone Express
[2012.02.28 19:36:56 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Juniper Networks
[2009.12.20 16:56:58 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Lexware
[2012.02.25 14:45:44 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2009.12.20 16:57:26 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Notepad++
[2012.06.27 18:49:28 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Opera
[2009.12.20 16:57:26 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Printer Info Cache
[2012.02.06 19:36:54 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\redsn0w
[2011.12.08 19:09:10 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\ScrapeBoard
[2009.12.20 16:57:29 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Screenshot Studio Files
[2009.12.20 16:57:29 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\SharePod
[2010.07.30 10:44:10 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Software4u
[2012.06.28 18:11:50 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\TeamViewer
[2008.02.14 17:49:40 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Template
[2012.06.25 18:09:16 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\TestApp
[2012.06.27 18:49:28 | 000,000,000 | ---D | M] -- C:\Users\thompson\AppData\Roaming\Windows Desktop Search
[2012.06.28 18:20:00 | 000,000,496 | ---- | M] () -- C:\Windows\Tasks\20090511_181600_thompson2.job
[2012.04.27 17:31:05 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C895616B
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
         
otl extras
Code:
ATTFilter
OTL Extras logfile created on: 28.06.2012 22:49:41 - Run 1
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\thompson\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,49% Memory free
4,00 Gb Paging File | 2,85 Gb Available in Paging File | 71,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 234,08 Gb Total Space | 63,79 Gb Free Space | 27,25% Space Free | Partition Type: NTFS
Drive D: | 6,09 Gb Total Space | 0,88 Gb Free Space | 14,39% Space Free | Partition Type: NTFS
Drive K: | 225,58 Gb Total Space | 205,66 Gb Free Space | 91,17% Space Free | Partition Type: NTFS
 
Computer Name: THOMPSON-PC | User Name: thompson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.txt [@ = txt_auto_file] -- C:\Program Files\IDM Computer Solutions\UltraEdit-32\uedit32.exe (IDM Computer Solutions, Inc.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B04C7F6-9818-4DDA-AD4F-1A963297C77F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0D1D5917-217B-416C-8BD9-7FB711966ABE}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0DEBDE75-9EC9-4D95-A853-332A20FCDD11}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1E5F2988-7F4E-4DF4-8D47-CF6807A6C6A6}" = rport=137 | protocol=17 | dir=out | app=system | 
"{270ED854-D8AF-4626-8F1E-4BB8EA5729A0}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{2C6935A3-E83E-492C-A9E3-405A66063A41}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{2F46730A-9BDC-4151-BAA6-66C5B9B9814A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{41954B97-7703-42C0-87FB-3637BBD95C57}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4468E6C1-5500-4B24-85ED-EFD40107583E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4AFFB243-D8DF-4210-A4DA-34C85AAE03EA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5550C1F9-78F2-48C8-8FB1-71BD6214584E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{606EF82E-2B29-450C-BDEF-0EBD05589812}" = rport=139 | protocol=6 | dir=out | app=system | 
"{61B1A9A2-DFAD-46F8-9244-4E54A0B1E6D7}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{662A297D-D202-49EC-9F5B-E0737C6687E1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{66332F66-AADB-4639-A03C-DD94905F86E7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6D131D32-9C30-4C15-BAF8-DE72927347F3}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{737D4CFD-D3B9-49E2-ABF2-6F22EAED9F21}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{817387BE-243C-4183-AAFA-4E6D85084F0D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{81C856A7-51E8-484B-A1DB-C94AD65A83A1}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{909A1E57-5A5B-4E5A-919A-F9FA0FA151EE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{955CB305-F123-4D6E-AC75-791A97AF8B74}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{9633B770-88F8-482F-8B80-DA421ED223E0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A1070D7F-92D0-4820-90C2-59AFF5E4D0BF}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A33F6D69-36ED-44C6-A4D3-D8557008F319}" = lport=19890 | protocol=6 | dir=in | name=emuleplus | 
"{A4001F35-E0C1-4892-A7C5-BA50B0252C37}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A5C64F44-85B3-4359-AAC7-DD1662325B8C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BE63C12B-0234-4ADB-B924-D7E2BA7763B9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BFDAD47C-A6B5-43E3-BA34-C11D690A4ED0}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{C3DC3444-B13F-46E8-A384-569D987AAE71}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C5DEE29F-70FC-4201-B0CB-1BD3039F388C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DA6DDBC1-8D8F-4535-BEC9-5E12C5A0187C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E2E53249-8EF8-4712-AC31-98F7C3073B33}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E7F91CF5-7583-4CFE-9060-4505C947421A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E9D89E1B-4C02-4AC2-86C2-69231EC846F9}" = lport=19909 | protocol=17 | dir=in | name=emuleplus | 
"{EA3F2ED8-09C4-40C0-99C8-3780A0474661}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F25E9886-5514-4645-A712-9A192A47001A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F75BE7C7-E2D8-4316-8573-CAF4CD08D11B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FFA7A982-E1AE-4E94-A330-AC861133D8F5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002D64EF-B9FE-40E6-BD2D-3C43697357B9}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpofxs08.exe | 
"{0095222B-49FB-47CD-B942-E796E3D4E1B8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{0EE0F716-5243-481E-9DBE-DE301C77FD92}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0EFCC318-BAF9-4200-B112-CD72C6F997B7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{108B7FC3-AC84-4901-A1D4-3129948B95B2}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqste08.exe | 
"{15009CDB-E154-44FD-83CD-F95DE06FFB1E}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe | 
"{1C2BD388-0A6A-4F51-BCCD-CBF0AB5CCCF8}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqkygrp.exe | 
"{1E8C2CB0-9ABF-4A11-9278-CC44BC429C29}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{22A4B4CD-E099-479F-85D6-F1263528F0F7}" = dir=in | app=c:\users\thompson\appdata\local\temp\7zs686e\ojprol7x00_basic_13\setup\hpznui01.exe | 
"{25619689-992A-4872-BFAD-494F8BB1A885}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{2701DA01-860D-49A0-94BC-5B9ED31D4E3A}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqgpc01.exe | 
"{2A593A3B-FEAB-4C8A-9C9C-AEA90EB0002E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2CA810FE-5A62-4156-9D3D-C2C68EC7A7C2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2DF01227-4090-4D22-BF27-A3DC8B93660A}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{3603DAE6-5AAF-4115-9404-1F618C77C58E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{40CD558F-14F6-45F5-A45F-8FA06C179192}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{56EEF153-0627-42C9-8EFC-772F69DF7BCC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5E0CDA8D-CCE8-4FC5-AD76-AEDFCDB38B5D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{60B75AB6-FE72-4FB4-9D12-93B53DD22377}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{6217CE90-C322-414D-B5CE-A7487D8F92C3}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpzwiz01.exe | 
"{6473E382-1984-46B5-A4E0-919D339FC38E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6844C55F-EA68-4E7C-A828-11A96F1A858A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{6DDBAD2C-2049-474E-A942-B804812FE72C}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{70076366-D992-4154-94B2-A82872F78D6F}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpofxm08.exe | 
"{7EBBB9ED-12A5-4069-88E1-FA41A07E7B9E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{81B21FCB-FA23-4CBC-8BE5-A5278BEA2410}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{84557E41-C43D-4F31-9DFD-C7AD860A0E2D}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hposid01.exe | 
"{849691AC-EA0C-424A-A0EC-8C8060E86992}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{862660AF-B033-4028-9FCD-6ACB00E9243A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{906831B2-9034-4826-AC22-7C7EB65A30FE}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{92FDCAC6-A73F-423E-8DF5-8BA7EEA1E407}" = protocol=6 | dir=out | app=system | 
"{93BD79E4-2D16-4570-B84D-9B5590D44FFC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9503D348-7ECA-4C8B-82D4-E5BD16F17D8D}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqpse.exe | 
"{97679506-53CB-471E-BC4D-7816EC89638D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{9BC3337F-5A11-4F45-A30C-9C599E4D1C02}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpfccopy.exe | 
"{A2B102CF-C454-4B8B-A5D6-605B6DF0928F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A4930D2B-B5F5-432A-A8AD-D2C616EE3699}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqfxt08.exe | 
"{B047E94A-B6CC-4452-B9EE-0BD88CC887E1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B5D10224-1CA7-427F-8A9B-66920B4B0971}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{B6BFDC5F-7797-4E0D-B5FE-B3B7A14385F2}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqusgm.exe | 
"{B71061C8-EA07-4388-8CFF-5FCD072A918F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BCD97137-0631-4CE7-B809-5F6E1701AAAC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CD066AB8-DBD1-451B-AA5D-C1E4F80A062A}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpoews01.exe | 
"{CDC4F102-02FF-460E-9816-2B2193C902B4}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqsudi.exe | 
"{D1C83DA8-0B44-46EE-AB8D-D83E9220171C}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hposfx08.exe | 
"{D55C4518-B4AB-4030-9EE7-51837A12A871}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D63D127B-4C7F-45BC-85A9-6A3E5823F7D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DABB11A6-1E6B-4E30-8DF1-B6B4BFD5366D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E571B65F-F257-4610-B385-FF9293E60D4B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EA01F09F-9E56-412C-9DE4-161FB0200EAA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{EC93B788-F539-4A49-A362-DB19C451BDD4}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqpsapp.exe | 
"{ECC37AA2-1B72-492F-A412-AB0BAD0B62CA}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpiscnapp.exe | 
"{F05E2EE1-CA72-4F65-B4DB-DB5D9A5FF6BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F07FAF86-BB2F-48EB-8E41-23C1CE2B61A6}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqgplgtupl.exe | 
"{F2C2B075-79C9-4CE4-BC30-7FA3C8EDD3D1}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\smart web printing\smartwebprintexe.exe | 
"{F6C35E85-DC03-49BA-A9A0-FC98755BB73C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FAA0DC7E-3051-4690-BF55-30448CF99A2D}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqusgh.exe | 
"{FE9A03E3-9D89-453C-A0DD-68ED1D3B892D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"TCP Query User{0927750C-24F5-4F4C-8B34-34D2BDADF44E}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{13C7E3AE-7517-4F3E-BE39-D2A4908A0CDE}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{20C572A7-601F-4A4C-AF04-B8E7EF4D334F}C:\program files\filezilla\filezilla.exe" = protocol=6 | dir=in | app=c:\program files\filezilla\filezilla.exe | 
"TCP Query User{54018C2F-132C-4886-93DF-E33E83A28496}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{6BC7363E-35DF-4626-974A-3212BD46AE24}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | 
"TCP Query User{7C06C916-BD3C-434B-A3DC-2DBBCD390705}C:\program files\filezilla\filezilla.exe" = protocol=6 | dir=in | app=c:\program files\filezilla\filezilla.exe | 
"TCP Query User{7D9FB5A0-4D98-4E82-B6C2-5D3A458863D0}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{07640177-23D2-47A5-9310-98AC2C1FB017}C:\program files\filezilla\filezilla.exe" = protocol=17 | dir=in | app=c:\program files\filezilla\filezilla.exe | 
"UDP Query User{54BB9F6F-C267-4573-93B6-604F93E729D9}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{954DB2AE-6A29-4F18-A30A-EB46F8E350F8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{B7B2F9DC-C09A-4F86-9ECA-892C0ACD8FAE}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | 
"UDP Query User{C130A960-455C-4E73-BC0B-32B7D02EB576}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{C98F21B8-05DC-467E-9D80-722188C04EE5}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{D6C1EBBE-5A66-4BE8-AA3F-F0B94F6F9FF7}C:\program files\filezilla\filezilla.exe" = protocol=17 | dir=in | app=c:\program files\filezilla\filezilla.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0BC91FE3-6BF9-F7B4-0FD2-FCAE4F9000D1}" = CCC Help Russian
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{118D05F0-7FF0-3E24-CD5F-DB5D57FE177F}" = Catalyst Control Center Localization Arabic
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1712D153-997A-606E-B6AF-4F681B74080D}" = Catalyst Control Center Localization Arabic
"{1716D952-F601-4A07-8988-7FCFAEDE6FDC}" = TAXMAN Bibliothek 2008
"{1736D2AA-3AFE-FDFD-CA71-70F1097065B4}" = Catalyst Control Center Localization Japanese
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17CB4D2C-109D-4141-8ABE-81734B6EE2A6}" = Lexware reisekosten 2007
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A19B4A3-6CE7-4388-B21F-679803C6C76B}" = TAXMAN 2009
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 29
"{2868D89F-0E09-F510-786A-ED9CF373D250}" = CCC Help Finnish
"{298B9EAE-7A8B-5744-CAD4-67D9E711165A}" = CCC Help Czech
"{2A21D839-D33C-4538-9F2C-F34E23944C4F}" = Counting Calories
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D39B1D3-8D64-2375-F269-78525187D7B3}" = Catalyst Control Center Graphics Light
"{2E18F469-FA74-0A56-BC8C-367FA0CF4258}" = CCC Help Dutch
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3526C5B8-60EE-4199-BEFD-6BCC86F051B9}" = TAXMAN 2011
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A7E8601-F0C9-49A0-855A-EEDEEFE11F7E}" = Lexware buchhalter 2007
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EAE4683-E5EE-4835-AAAF-9F2A3014E04B}" = Lexware reisekosten 2007
"{3EC92206-C4A6-49CF-A272-92F75CB1D5F3}" = bpd_scan
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F6D3D01-AAD3-482A-BFB7-81E0D3D09BC8}" = Steuer Update 14.01
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4125BA98-9BEE-4FF7-7082-115BFEB27226}" = CCC Help Norwegian
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{43B6667D-7520-4186-B05B-F5C0494C495D}" = UltraEdit-32
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{459EE562-CABA-46F6-1CA4-938936A91936}" = CCC Help Danish
"{460255AF-48D3-1E9C-D8D7-298A99A0A678}" = Catalyst Control Center Localization Arabic
"{463B9920-5000-BE51-A871-35E2D45ED867}" = Catalyst Control Center Localization Chinese Standard
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4F91BB7B-34E9-4B52-B997-DD79C18EBB9C}" = Steuer Update 14.01
"{50349CC6-93AF-4E38-BA37-AE5E34FC4AAC}" = Forum Submitter Pro Full
"{515D3E4C-ADC5-4DB4-A497-ADCF3007522E}" = Bookmark Submitter Pro 1.2
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{546D2C57-5303-BA1D-6331-5A3394DDD71B}" = Catalyst Control Center Localization German
"{565CD8A6-176B-1207-1240-722CEBA84724}" = Catalyst Control Center Core Implementation
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{583CE6F6-ED34-F20F-3DC8-EFB0743B6DDA}" = CCC Help Hungarian
"{58730FDB-32C4-037A-5C90-48C6FB5DCFFE}" = Catalyst Control Center Graphics Full Existing
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A8B8118-1C13-48F1-81FB-A5101C2111A8}" = L7500
"{5C5B0836-9648-4057-8044-2DF181E073E2}" = TAXMAN 2010
"{5D71E42B-EA8B-4B05-94F1-D5965495EAF1}_is1" = Easy Directory Preview 4.0
"{5EDB9281-1F84-4195-9CDD-85985D17DDC7}" = WISO Sparbuch 2007
"{602BF11C-6893-5491-1DEB-7A6255201325}" = Catalyst Control Center Localization Korean
"{6112AB38-4403-07EE-AD4B-8F48118EBD6B}" = CCC Help Portuguese
"{617F8655-94E0-4634-9B32-2066B895E044}" = CCC Help Italian
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61FEAA90-615B-4243-B7DA-075D0898C018}" = BPDSoftware
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{639A78A5-7657-91ED-2696-C370E144EC4F}" = Catalyst Control Center Localization Arabic
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64E7BCC8-38B0-0E50-8E36-5CC1D7475D26}" = CCC Help Thai
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{6DBC0F39-0463-9BC1-849C-0A0B2C204386}" = CCC Help Polish
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{700C61BE-9424-4B20-9153-7A0C59722AF4}" = TAXMAN Bibliothek 2009
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70788C1F-9CFB-41A8-807F-E79AE0F9C6FD}" = Lexware reisekosten 2007
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E81E513-27E6-4EC2-BA25-ECF1023A070D}" = Lexware reisekosten 2007
"{80A698BD-2A09-DB65-ADFD-A66A050FAE65}" = CCC Help Chinese Traditional
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BFA0B2C-BA3B-0E8B-67BA-FA0410AA10D2}" = Catalyst Control Center Localization Chinese Traditional
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8F968232-15C6-4872-84C2-9FCDAA1AEAB6}" = MPM
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96950C03-3E2A-4A9F-8555-5D68AC86D6C9}" = PowerArchiver 2007
"{99B8D963-82E9-4062-8068-77FD918D34ED}" = ProductContext
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BD2DD45-8763-4F12-BDC6-958FCFEF0FCB}" = Microsoft IntelliType Pro 8.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A0EE0D2C-BEE9-B859-E463-458BE87B25AB}" = CCC Help Chinese Standard
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A219F6D7-D2AD-4DD5-AC31-C23AA2E18084}" = HP OfficeJet L7300/L7500/7600/7700
"{A4EB2CB5-192E-C901-49D7-27043E55F7B5}" = CCC Help Japanese
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A6BFA328-0A46-42EF-B414-8B67E87A2B1F}" = 7500_7600_7700_Help
"{A7032E84-E2A2-4CB9-B9A2-37DC13AB3944}" = Branding
"{A7104E5E-1226-FFCC-1003-6C99365F1919}" = Catalyst Control Center Localization Arabic
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA0C1E1-8F39-4AB0-9283-78140537BB40}" = BPDSoftware_Ini
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC46B67D-DB12-E7E2-61F0-4B6435653F4D}" = CCC Help German
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AE21E4BF-CF54-B6BD-4B1C-138758D20273}" = Catalyst Control Center Localization Czech
"{B086C0BC-BAF1-5854-BC82-EFF6C87338F1}" = Catalyst Control Center Localization Arabic
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B26CEFDF-DD0A-4145-ADE6-EE3440DB6711}" = Lexware reisekosten 2007
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B696F009-553D-D952-B17E-177D4A39FA9D}" = CCC Help Swedish
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B877EB7B-DE53-46F7-AF2A-AF5E3677B625}" = Lexware buchhalter 2007
"{BA21A3B6-657B-A2F6-4F4A-F66C2E1BC4DB}" = CCC Help English
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C1271FFE-3308-2DA1-BD86-9351A05F4ABF}" = Catalyst Control Center Localization Arabic
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C495CF53-757E-45B7-A7BB-6BBC78841482}" = Article Marketing Robot
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C75516AD-FF5B-E44A-D963-92D80550E489}" = Market Samurai
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C9265D86-7D94-D0E1-75CF-7CC93446198E}" = Catalyst Control Center Localization Spanish
"{CB7E133A-3D83-2D77-D9CC-74EB98315C6A}" = Catalyst Control Center Localization French
"{CBC544C4-EBFC-4471-8FE3-BF3DDCEE3840}" = Lexware buchhalter 2007
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CC8B683E-D86A-E319-97B1-CF28B058A96F}" = CCC Help Spanish
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D475C927-0688-DC5B-E084-02A06E2E4A92}" = CCC Help Korean
"{D5C8E140-6E6F-11DD-9AA9-0050560400B1}" = Haufe iDesk-Service
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DA66BD16-2521-BAB5-3B0C-6B815E6F2EA3}" = CCC Help Turkish
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DE8E01EF-B558-3F37-54FA-58E3E9AD9F99}" = Catalyst Control Center Localization Italian
"{E0381F29-0570-AD2D-2D20-163894482635}" = Catalyst Control Center Localization Greek
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E2500C71-5D43-4BA0-B044-9BA9A3A11CAD}" = Lexware buchhalter 2007
"{E3B394BD-D7DD-4AEB-C58B-F3DD661118C2}" = Catalyst Control Center Localization Finnish
"{e3da6c6a-3208-4572-9441-971c22032624}" = Nero 9
"{E434651B-B1E6-D18A-F9DE-C4F6DEB6DF50}" = ccc-utility
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}" = Roxio MyDVD Basic v9
"{E505DA68-3442-5D45-2BD4-1AF0B6312E53}" = ccc-core-static
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E90BD770-3186-D20F-D208-9DBC1D56BA59}" = Skins
"{E952ACFA-0CEB-AAFF-BDA1-1B1F52822CDB}" = CCC Help French
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{E98371BD-6C0D-463E-B004-E6303F9A34A7}" = Lexware buchhalter 2008
"{EAFD70B2-FF28-45CD-B4F2-F99E82FD39A3}" = Steuer Update 14.01
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB964A30-1DCE-A5D4-3548-818813F134C5}" = Catalyst Control Center Localization Arabic
"{EC4D5610-F99A-41C8-BA00-9801F81A46CD}" = Lexware buchhalter 2007
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE075733-8D73-953E-CFAE-608D78269724}" = CCC Help Greek
"{EF949584-D843-4F7F-A4B4-070CC9E48B45}" = UltraCompare Professional
"{EFE38CC6-2592-4F93-B59B-CE4B69600890}" = TAXMAN 2009
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0D18300-5161-E74C-2148-99B03453F394}" = Catalyst Control Center Graphics Full New
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F331FBDC-7DCF-4598-9E7C-E11865677AB4}" = TAXMAN 2008
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F48AAE0F-52F4-11DD-B1F7-0050560400B1}" = Haufe iDesk-Browser
"{F55CA27A-8C3C-4E7D-891B-D29FD3259A94}" = TAXMAN 2008
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{F960CCDA-F7A0-3BE8-B30C-71BC8D4274E4}" = ccc-localization-da
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FBED9ACC-AA03-19C2-D4F7-F055B6816EE8}" = Catalyst Control Center Localization Hungarian
"{FE688026-1C8C-4E50-889D-4B6607CADC24}" = Lexware buchhalter 2008
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"ATI Uninstaller" = ATI Uninstaller
"Avira AntiVir Desktop" = Avira Free Antivirus
"CloneCD" = CloneCD
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Easy Directory Preview_is1" = Easy Directory Preview 2.1  (Update)
"FileZilla" = FileZilla (remove only)
"FileZilla Client" = FileZilla Client 3.5.3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.0
"Free Studio_is1" = Free Studio version 4.8
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 2.9
"Free YouTube Download_is1" = Free YouTube Download 2.1
"Free YouTube to iPhone Converter_is1" = Free YouTube to iPhone Converter version 2.1
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 2.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"IBP10_is1" = IBP 10.4.1
"LogiEdit" = LogiEdit (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Professional 2010
"PSP Games Brettspiele_is1" = PSP Games Brettspiele
"RealPlayer 6.0" = RealPlayer
"seopowersuite" = LinkAssistant
"Shop for HP Supplies" = Shop for HP Supplies
"Uninstall_is1" = Uninstall 1.0.0.1
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xtreme Forum Manager_is1" = Xtreme Forum Manager v2.0
"Yahoo! Companion" = Yahoo! Toolbar
"Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 8.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.06.2012 12:47:06 | Computer Name = thompson-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 12.0.0.4493,
 Zeitstempel: 0x4f9207d9  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x8ac34783  ID des fehlerhaften
 Prozesses: 0x1254  Startzeit der fehlerhaften Anwendung: 0x01cd554da3ff6170  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: e47d2cf0-c140-11e1-8ff6-001a92dea384
 
Error - 28.06.2012 12:52:36 | Computer Name = thompson-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x8c1a7ed8  ID des fehlerhaften
 Prozesses: 0x954  Startzeit der fehlerhaften Anwendung: 0x01cd554e6ac09360  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: a9670ea0-c141-11e1-8ff6-001a92dea384
 
Error - 28.06.2012 12:53:45 | Computer Name = thompson-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x8c387ed8  ID des fehlerhaften
 Prozesses: 0x894  Startzeit der fehlerhaften Anwendung: 0x01cd554e947bae60  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\IEXPLORE.EXE  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: d25a3620-c141-11e1-8ff6-001a92dea384
 
Error - 28.06.2012 13:01:15 | Computer Name = thompson-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x8cb44783  ID des fehlerhaften
 Prozesses: 0x11a0  Startzeit der fehlerhaften Anwendung: 0x01cd554f9bef77c0  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: deb95df0-c142-11e1-a5f8-001a92dea384
 
Error - 28.06.2012 13:01:46 | Computer Name = thompson-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x8c9f4783  ID des fehlerhaften
 Prozesses: 0x14b0  Startzeit der fehlerhaften Anwendung: 0x01cd554fb2267ac0  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: f122a780-c142-11e1-a5f8-001a92dea384
 
Error - 28.06.2012 13:02:10 | Computer Name = thompson-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x8d717ed8  ID des fehlerhaften
 Prozesses: 0xf44  Startzeit der fehlerhaften Anwendung: 0x01cd554fc14c1aa0  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: ff89d960-c142-11e1-a5f8-001a92dea384
 
Error - 28.06.2012 13:05:08 | Computer Name = thompson-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x8b927ed8  ID des fehlerhaften
 Prozesses: 0x1510  Startzeit der fehlerhaften Anwendung: 0x01cd55502a3a4960  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: 6976bb40-c143-11e1-a5f8-001a92dea384
 
Error - 28.06.2012 13:05:19 | Computer Name = thompson-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 12.0.0.4493,
 Zeitstempel: 0x4f9207d9  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x8ab54783  ID des fehlerhaften
 Prozesses: 0xd30  Startzeit der fehlerhaften Anwendung: 0x01cd555031170020  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 6ffdc080-c143-11e1-a5f8-001a92dea384
 
Error - 28.06.2012 13:05:23 | Computer Name = thompson-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 12.0.0.4493,
 Zeitstempel: 0x4f9207d9  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x8ab54783  ID des fehlerhaften
 Prozesses: 0xd30  Startzeit der fehlerhaften Anwendung: 0x01cd555031170020  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 728797e0-c143-11e1-a5f8-001a92dea384
 
Error - 28.06.2012 13:16:23 | Computer Name = thompson-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x8a6c7ed8  ID des fehlerhaften
 Prozesses: 0x420  Startzeit der fehlerhaften Anwendung: 0x01cd5551bd952300  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: fc0c02c0-c144-11e1-a5f8-001a92dea384
 
[ System Events ]
Error - 28.06.2012 16:45:25 | Computer Name = thompson-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 28.06.2012 16:45:25 | Computer Name = thompson-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 28.06.2012 16:45:25 | Computer Name = thompson-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 28.06.2012 16:45:25 | Computer Name = thompson-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 28.06.2012 16:45:25 | Computer Name = thompson-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 28.06.2012 16:45:25 | Computer Name = thompson-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 28.06.2012 16:45:25 | Computer Name = thompson-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 28.06.2012 16:45:25 | Computer Name = thompson-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 28.06.2012 16:45:50 | Computer Name = thompson-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%2
 
Error - 28.06.2012 16:45:50 | Computer Name = thompson-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig, 
der aufgrund folgenden Fehlers nicht gestartet wurde:   %%2
 
 
< End of report >
         
Maleware.log
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.28.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
thompson :: THOMPSON-PC [Administrator]

Schutz: Deaktiviert

28.06.2012 19:11:45
mbam-log-2012-06-28 (19-11-45).txt

Art des Suchlaufs: Flash-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Registrierung | Dateisystem | P2P
Durchsuchte Objekte: 149431
Laufzeit: 1 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LicenseValidator (Trojan.Downloader) -> Daten: C:\Users\thompson\AppData\Roaming\Identities\{8247470F-56E9-4608-9930-B47FB2775132}\LicenseValidator.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\thompson\AppData\Roaming\Identities\{8247470F-56E9-4608-9930-B47FB2775132}\LicenseValidator.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
so, ich hoffe ich hab alles richtig gepostet.

über jegliche hilfe dankbar.

Alt 29.06.2012, 16:41   #2
markusg
/// Malware-holic
 
Google öffnet andere seiten als gewählt - Standard

Google öffnet andere seiten als gewählt



hi
sind das alle Malwarebytes logs, falls nein, bitte poste alle, mit funden
__________________

__________________

Alt 29.06.2012, 16:49   #3
thompson1
 
Google öffnet andere seiten als gewählt - Standard

Google öffnet andere seiten als gewählt



hab noch mehr.

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.28.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
thompson :: THOMPSON-PC [Administrator]

Schutz: Deaktiviert

28.06.2012 17:58:24
mbam-log-2012-06-28 (17-58-24).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 221241
Laufzeit: 7 Minute(n), 

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LicenseValidator (Trojan.Downloader) -> Daten: C:\Users\thompson\AppData\Roaming\Identities\{45E7AEF3-8BAB-4A24-98BD-B97FEDA51020}\LicenseValidator.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 18
C:\Users\thompson\AppData\Roaming\Identities\{45E7AEF3-8BAB-4A24-98BD-B97FEDA51020}\LicenseValidator.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\F4D562590032C9340147612CB4EB23C1\F4D562590032C9340147612CB4EB23C1.exe (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\thompson\AppData\Roaming\Adobe\{B4CE90A4-9B1E-4AFF-AED6-8190171B1E53}\Upgrade.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\thompson\AppData\Roaming\Dropbox\{9802DCA7-6E17-4D3D-BA2F-D153662A8512}\Upgrade.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\thompson\AppData\Roaming\Google Inc\{60703577-E697-42E4-B64C-B1B60F044291}\UpgradeHelper.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\thompson\AppData\Roaming\Google Inc\{6F474AA2-DFDB-4234-A460-610042BBC3B0}\UpgradeChecker.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\thompson\AppData\Roaming\ICQ\{AD7FC14D-08B1-4EEB-85C9-3B1121518B92}\Upgrade.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\thompson\AppData\Roaming\Identities\{B5E8A055-33D4-45E1-B067-1BD5967E15A4}\LicenseValidator.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\thompson\AppData\Roaming\Opera\{D33E08DE-2561-4EBA-9E5F-C5E2803B45E5}\Upgrade.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\thompson\AppData\Roaming\Skype\{1D793E54-078A-4287-91E2-F0819B953CBC}\LicenseValidator.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\thompson\AppData\Roaming\Sun\{EDD7158C-BBDD-4FD4-AB22-559A0AE58C6C}\Validator.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\thompson\AppData\Roaming\Sun\{F0DF645C-725F-4535-92D7-BFC59EAF421C}\UpgradeChecker.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\thompson\AppData\Roaming\TeamViewer\{25E90160-E58F-4539-BAD8-33D158B43087}\UpgradeHelper.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\thompson\AppData\Roaming\TeamViewer\{D29051E0-8A53-4BBF-8C3C-C7A0B3E1523D}\Validator.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\thompson\AppData\Roaming\TeamViewer\{D774BCDF-121A-422F-BE20-DA9B510E857F}\UpgradeChecker.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\thompson\AppData\Roaming\Windows Desktop Search\{654BA6C4-4009-46AA-9C41-A27093879E82}\LicenseValidator.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\thompson\AppData\Local\Temp\tempfiles.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\thompson\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.28.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
thompson :: THOMPSON-PC [Administrator]

Schutz: Deaktiviert

28.06.2012 20:15:49
mbam-log-2012-06-28 (20-15-49).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 413806
Laufzeit: 1 Stunde(n), 38 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\thompson\AppData\Local\Xenocode\Sandbox\Bookmark Submitter Pro\1.2.927.2025\2009.12.28T18.39\Virtual\STUBEXE\8.0.1112\@PROGRAMFILES@\Bookmark Submitter Pro 1.2\SubmissionTool.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\thompson\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\3e13fa51-32a6fd72 (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\thompson\AppData\Roaming\Identities\{77457CB0-B824-4DB7-9531-D8522153A258}\LicenseValidator.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
das ist alles.
__________________

Alt 29.06.2012, 18:44   #4
thompson1
 
Google öffnet andere seiten als gewählt - Standard

Google öffnet andere seiten als gewählt



noch etwas seltsames ist mir jetzt aufgefallen:

teilweise existieren ordner mehrfach (einmal ohne zugriffsrechte und einmal normal). ich pack das mal als bild hier rein. vielleicht hilft es ja bei der klärung.
Angehängte Grafiken
Dateityp: jpg explorer.jpg (67,7 KB, 188x aufgerufen)

Alt 29.06.2012, 18:49   #5
markusg
/// Malware-holic
 
Google öffnet andere seiten als gewählt - Standard

Google öffnet andere seiten als gewählt



das ist normal
die sind normalerweise versteckt.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 29.06.2012, 20:33   #6
thompson1
 
Google öffnet andere seiten als gewählt - Standard

Google öffnet andere seiten als gewählt



anbei das log:
Code:
ATTFilter
21:28:00.0808 4568	TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
21:28:01.0038 4568	============================================================
21:28:01.0038 4568	Current date / time: 2012/06/29 21:28:01.0038
21:28:01.0038 4568	SystemInfo:
21:28:01.0038 4568	
21:28:01.0038 4568	OS Version: 6.1.7601 ServicePack: 1.0
21:28:01.0038 4568	Product type: Workstation
21:28:01.0038 4568	ComputerName: THOMPSON-PC
21:28:01.0038 4568	UserName: thompson
21:28:01.0038 4568	Windows directory: C:\Windows
21:28:01.0038 4568	System windows directory: C:\Windows
21:28:01.0038 4568	Processor architecture: Intel x86
21:28:01.0038 4568	Number of processors: 2
21:28:01.0038 4568	Page size: 0x1000
21:28:01.0038 4568	Boot type: Normal boot
21:28:01.0038 4568	============================================================
21:28:01.0571 4568	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
21:28:01.0602 4568	============================================================
21:28:01.0602 4568	\Device\Harddisk0\DR0:
21:28:01.0602 4568	MBR partitions:
21:28:01.0602 4568	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D429C81
21:28:01.0602 4568	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D42A000, BlocksNum 0x1C32B000
21:28:01.0602 4568	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x397554C0, BlocksNum 0xC2BB70
21:28:01.0602 4568	============================================================
21:28:01.0634 4568	C: <-> \Device\Harddisk0\DR0\Partition0
21:28:01.0680 4568	D: <-> \Device\Harddisk0\DR0\Partition2
21:28:01.0712 4568	K: <-> \Device\Harddisk0\DR0\Partition1
21:28:01.0727 4568	============================================================
21:28:01.0727 4568	Initialize success
21:28:01.0727 4568	============================================================
21:28:38.0822 5272	============================================================
21:28:38.0822 5272	Scan started
21:28:38.0822 5272	Mode: Manual; SigCheck; TDLFS; 
21:28:38.0822 5272	============================================================
21:28:40.0148 5272	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:28:40.0226 5272	1394ohci - ok
21:28:40.0257 5272	61883           (beb5e6a8c17c3c7485563281e0f9e77e) C:\Windows\system32\DRIVERS\61883.sys
21:28:40.0335 5272	61883 - ok
21:28:40.0366 5272	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:28:40.0382 5272	ACPI - ok
21:28:40.0413 5272	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:28:40.0475 5272	AcpiPmi - ok
21:28:40.0569 5272	Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
21:28:40.0584 5272	Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
21:28:40.0584 5272	Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
21:28:40.0709 5272	AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:28:40.0725 5272	AdobeFlashPlayerUpdateSvc - ok
21:28:40.0787 5272	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:28:40.0818 5272	adp94xx - ok
21:28:40.0850 5272	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:28:40.0865 5272	adpahci - ok
21:28:40.0881 5272	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:28:40.0881 5272	adpu320 - ok
21:28:40.0928 5272	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
21:28:40.0974 5272	AeLookupSvc - ok
21:28:41.0021 5272	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:28:41.0068 5272	AFD - ok
21:28:41.0099 5272	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:28:41.0099 5272	agp440 - ok
21:28:41.0177 5272	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:28:41.0193 5272	aic78xx - ok
21:28:41.0224 5272	ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
21:28:41.0271 5272	ALG - ok
21:28:41.0302 5272	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:28:41.0318 5272	aliide - ok
21:28:41.0333 5272	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:28:41.0349 5272	amdagp - ok
21:28:41.0364 5272	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:28:41.0364 5272	amdide - ok
21:28:41.0396 5272	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:28:41.0427 5272	AmdK8 - ok
21:28:41.0458 5272	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:28:41.0489 5272	AmdPPM - ok
21:28:41.0520 5272	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:28:41.0536 5272	amdsata - ok
21:28:41.0552 5272	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:28:41.0567 5272	amdsbs - ok
21:28:41.0583 5272	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:28:41.0583 5272	amdxata - ok
21:28:41.0692 5272	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:28:41.0723 5272	AntiVirSchedulerService - ok
21:28:41.0770 5272	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:28:41.0786 5272	AntiVirService - ok
21:28:41.0832 5272	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:28:41.0957 5272	AppID - ok
21:28:42.0004 5272	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
21:28:42.0035 5272	AppIDSvc - ok
21:28:42.0098 5272	Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
21:28:42.0176 5272	Appinfo - ok
21:28:42.0285 5272	Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:28:42.0285 5272	Apple Mobile Device - ok
21:28:42.0332 5272	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:28:42.0347 5272	arc - ok
21:28:42.0363 5272	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:28:42.0363 5272	arcsas - ok
21:28:42.0394 5272	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:28:42.0472 5272	AsyncMac - ok
21:28:42.0503 5272	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:28:42.0519 5272	atapi - ok
21:28:42.0566 5272	athr            (614a60aee03a6151fdcbac295854a9cb) C:\Windows\system32\DRIVERS\athr.sys
21:28:42.0644 5272	athr - ok
21:28:42.0846 5272	atikmdag        (712d8a95e45b070114c5309ada7358ff) C:\Windows\system32\drivers\atikmdag.sys
21:28:42.0971 5272	atikmdag - ok
21:28:43.0112 5272	AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:28:43.0174 5272	AudioEndpointBuilder - ok
21:28:43.0174 5272	Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:28:43.0205 5272	Audiosrv - ok
21:28:43.0283 5272	Avc             (c44bdd77e06053cf5afe046f3a47c16b) C:\Windows\system32\DRIVERS\avc.sys
21:28:43.0330 5272	Avc - ok
21:28:43.0408 5272	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
21:28:43.0424 5272	avgntflt - ok
21:28:43.0470 5272	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
21:28:43.0486 5272	avipbb - ok
21:28:43.0517 5272	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
21:28:43.0533 5272	avkmgr - ok
21:28:43.0595 5272	AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
21:28:43.0658 5272	AxInstSV - ok
21:28:43.0704 5272	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:28:43.0751 5272	b06bdrv - ok
21:28:43.0782 5272	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:28:43.0829 5272	b57nd60x - ok
21:28:43.0860 5272	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
21:28:43.0892 5272	BDESVC - ok
21:28:43.0923 5272	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:28:43.0985 5272	Beep - ok
21:28:44.0032 5272	BFE             (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
21:28:44.0079 5272	BFE - ok
21:28:44.0110 5272	BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
21:28:44.0172 5272	BITS - ok
21:28:44.0204 5272	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:28:44.0235 5272	blbdrive - ok
21:28:44.0344 5272	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:28:44.0391 5272	Bonjour Service - ok
21:28:44.0438 5272	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:28:44.0469 5272	bowser - ok
21:28:44.0484 5272	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:28:44.0516 5272	BrFiltLo - ok
21:28:44.0547 5272	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:28:44.0578 5272	BrFiltUp - ok
21:28:44.0640 5272	Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
21:28:44.0656 5272	Browser - ok
21:28:44.0703 5272	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:28:44.0734 5272	Brserid - ok
21:28:44.0750 5272	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:28:44.0765 5272	BrSerWdm - ok
21:28:44.0796 5272	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:28:44.0828 5272	BrUsbMdm - ok
21:28:44.0843 5272	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:28:44.0874 5272	BrUsbSer - ok
21:28:44.0890 5272	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:28:44.0906 5272	BTHMODEM - ok
21:28:44.0968 5272	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
21:28:45.0062 5272	bthserv - ok
21:28:45.0093 5272	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:28:45.0124 5272	cdfs - ok
21:28:45.0155 5272	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
21:28:45.0186 5272	cdrom - ok
21:28:45.0249 5272	CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:28:45.0264 5272	CertPropSvc - ok
21:28:45.0296 5272	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:28:45.0311 5272	circlass - ok
21:28:45.0358 5272	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:28:45.0374 5272	CLFS - ok
21:28:45.0483 5272	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:28:45.0514 5272	clr_optimization_v2.0.50727_32 - ok
21:28:45.0561 5272	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:28:45.0576 5272	clr_optimization_v4.0.30319_32 - ok
21:28:45.0608 5272	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:28:45.0608 5272	CmBatt - ok
21:28:45.0639 5272	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:28:45.0654 5272	cmdide - ok
21:28:45.0686 5272	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
21:28:45.0732 5272	CNG - ok
21:28:45.0764 5272	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:28:45.0764 5272	Compbatt - ok
21:28:45.0779 5272	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:28:45.0810 5272	CompositeBus - ok
21:28:45.0826 5272	COMSysApp - ok
21:28:45.0857 5272	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:28:45.0857 5272	crcdisk - ok
21:28:45.0920 5272	CryptSvc        (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
21:28:45.0982 5272	CryptSvc - ok
21:28:46.0013 5272	dc3d            (7caaf4af453ef3582fef65dd72caa0aa) C:\Windows\system32\DRIVERS\dc3d.sys
21:28:46.0060 5272	dc3d - ok
21:28:46.0107 5272	DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:28:46.0185 5272	DcomLaunch - ok
21:28:46.0232 5272	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
21:28:46.0278 5272	defragsvc - ok
21:28:46.0310 5272	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:28:46.0356 5272	DfsC - ok
21:28:46.0403 5272	Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
21:28:46.0450 5272	Dhcp - ok
21:28:46.0481 5272	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:28:46.0512 5272	discache - ok
21:28:46.0544 5272	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:28:46.0559 5272	Disk - ok
21:28:46.0575 5272	Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
21:28:46.0637 5272	Dnscache - ok
21:28:46.0684 5272	dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
21:28:46.0746 5272	dot3svc - ok
21:28:46.0793 5272	DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
21:28:46.0824 5272	DPS - ok
21:28:46.0871 5272	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:28:46.0902 5272	drmkaud - ok
21:28:46.0934 5272	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:28:46.0965 5272	DXGKrnl - ok
21:28:46.0996 5272	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
21:28:47.0043 5272	EapHost - ok
21:28:47.0168 5272	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:28:47.0292 5272	ebdrv - ok
21:28:47.0417 5272	EFS             (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
21:28:47.0464 5272	EFS - ok
21:28:47.0526 5272	ehRecvr         (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
21:28:47.0604 5272	ehRecvr - ok
21:28:47.0636 5272	ehSched         (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
21:28:47.0698 5272	ehSched - ok
21:28:47.0776 5272	ElbyCDFL        (c61c83501268b0110b5c5db7e63dee0c) C:\Windows\system32\Drivers\ElbyCDFL.sys
21:28:47.0792 5272	ElbyCDFL ( UnsignedFile.Multi.Generic ) - warning
21:28:47.0792 5272	ElbyCDFL - detected UnsignedFile.Multi.Generic (1)
21:28:47.0807 5272	ElbyCDIO        (084a13f18856d610d44d3109a9d2acde) C:\Windows\system32\Drivers\ElbyCDIO.sys
21:28:47.0838 5272	ElbyCDIO ( UnsignedFile.Multi.Generic ) - warning
21:28:47.0838 5272	ElbyCDIO - detected UnsignedFile.Multi.Generic (1)
21:28:47.0885 5272	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:28:47.0916 5272	elxstor - ok
21:28:47.0932 5272	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:28:47.0963 5272	ErrDev - ok
21:28:48.0026 5272	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
21:28:48.0072 5272	EventSystem - ok
21:28:48.0088 5272	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:28:48.0150 5272	exfat - ok
21:28:48.0182 5272	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:28:48.0228 5272	fastfat - ok
21:28:48.0306 5272	Fax             (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
21:28:48.0384 5272	Fax - ok
21:28:48.0416 5272	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:28:48.0447 5272	fdc - ok
21:28:48.0462 5272	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
21:28:48.0494 5272	fdPHost - ok
21:28:48.0525 5272	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
21:28:48.0572 5272	FDResPub - ok
21:28:48.0587 5272	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:28:48.0603 5272	FileInfo - ok
21:28:48.0618 5272	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:28:48.0650 5272	Filetrace - ok
21:28:48.0743 5272	FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:28:48.0774 5272	FLEXnet Licensing Service - ok
21:28:48.0821 5272	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:28:48.0821 5272	flpydisk - ok
21:28:48.0852 5272	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:28:48.0868 5272	FltMgr - ok
21:28:48.0915 5272	FontCache       (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
21:28:48.0977 5272	FontCache - ok
21:28:49.0086 5272	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:28:49.0102 5272	FontCache3.0.0.0 - ok
21:28:49.0149 5272	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:28:49.0149 5272	FsDepends - ok
21:28:49.0180 5272	Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
21:28:49.0196 5272	Fs_Rec - ok
21:28:49.0242 5272	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:28:49.0258 5272	fvevol - ok
21:28:49.0274 5272	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:28:49.0289 5272	gagp30kx - ok
21:28:49.0320 5272	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
21:28:49.0336 5272	GEARAspiWDM - ok
21:28:49.0383 5272	gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
21:28:49.0430 5272	gpsvc - ok
21:28:49.0554 5272	gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:28:49.0586 5272	gupdate - ok
21:28:49.0601 5272	gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:28:49.0617 5272	gupdatem - ok
21:28:49.0648 5272	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:28:49.0679 5272	gusvc - ok
21:28:49.0726 5272	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:28:49.0757 5272	hcw85cir - ok
21:28:49.0788 5272	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:28:49.0820 5272	HDAudBus - ok
21:28:49.0835 5272	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:28:49.0866 5272	HidBatt - ok
21:28:49.0898 5272	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:28:49.0929 5272	HidBth - ok
21:28:49.0944 5272	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:28:49.0976 5272	HidIr - ok
21:28:50.0022 5272	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
21:28:50.0069 5272	hidserv - ok
21:28:50.0100 5272	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
21:28:50.0132 5272	HidUsb - ok
21:28:50.0147 5272	hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
21:28:50.0194 5272	hkmsvc - ok
21:28:50.0225 5272	HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
21:28:50.0272 5272	HomeGroupListener - ok
21:28:50.0319 5272	HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
21:28:50.0334 5272	HomeGroupProvider - ok
21:28:50.0412 5272	hpqcxs08        (08457d8f8149757c70cea59c71ec5d27) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll
21:28:50.0412 5272	hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
21:28:50.0412 5272	hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
21:28:50.0444 5272	hpqddsvc        (75cc8c5146a3fb76221a7606628778d5) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll
21:28:50.0475 5272	hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
21:28:50.0475 5272	hpqddsvc - detected UnsignedFile.Multi.Generic (1)
21:28:50.0490 5272	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:28:50.0506 5272	HpSAMD - ok
21:28:50.0553 5272	HPSLPSVC        (83db5dd8be71cba5447fbd7a48fdbeda) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL
21:28:50.0584 5272	HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
21:28:50.0584 5272	HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
21:28:50.0646 5272	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:28:50.0709 5272	HTTP - ok
21:28:50.0740 5272	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:28:50.0756 5272	hwpolicy - ok
21:28:50.0771 5272	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:28:50.0802 5272	i8042prt - ok
21:28:50.0834 5272	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:28:50.0849 5272	iaStorV - ok
21:28:50.0958 5272	IDriverT        (6f95324909b502e2651442c1548ab12f) c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:28:50.0974 5272	IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:28:50.0974 5272	IDriverT - detected UnsignedFile.Multi.Generic (1)
21:28:51.0114 5272	idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:28:51.0161 5272	idsvc - ok
21:28:51.0302 5272	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:28:51.0302 5272	iirsp - ok
21:28:51.0364 5272	IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
21:28:51.0411 5272	IKEEXT - ok
21:28:51.0536 5272	IntcAzAudAddService (3914ea9111dbeffaf1c68200817768ad) C:\Windows\system32\drivers\RTKVHDA.sys
21:28:51.0614 5272	IntcAzAudAddService - ok
21:28:51.0692 5272	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:28:51.0707 5272	intelide - ok
21:28:51.0738 5272	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:28:51.0770 5272	intelppm - ok
21:28:51.0801 5272	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
21:28:51.0832 5272	IPBusEnum - ok
21:28:51.0848 5272	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:28:51.0926 5272	IpFilterDriver - ok
21:28:52.0004 5272	iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
21:28:52.0050 5272	iphlpsvc - ok
21:28:52.0066 5272	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:28:52.0097 5272	IPMIDRV - ok
21:28:52.0128 5272	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:28:52.0160 5272	IPNAT - ok
21:28:52.0269 5272	iPod Service    (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
21:28:52.0300 5272	iPod Service - ok
21:28:52.0331 5272	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:28:52.0362 5272	IRENUM - ok
21:28:52.0378 5272	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:28:52.0394 5272	isapnp - ok
21:28:52.0425 5272	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:28:52.0440 5272	iScsiPrt - ok
21:28:52.0456 5272	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:28:52.0472 5272	kbdclass - ok
21:28:52.0487 5272	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
21:28:52.0503 5272	kbdhid - ok
21:28:52.0550 5272	KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:28:52.0565 5272	KeyIso - ok
21:28:52.0596 5272	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
21:28:52.0612 5272	KSecDD - ok
21:28:52.0643 5272	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
21:28:52.0659 5272	KSecPkg - ok
21:28:52.0690 5272	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
21:28:52.0752 5272	KtmRm - ok
21:28:52.0815 5272	LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
21:28:52.0846 5272	LanmanServer - ok
21:28:52.0893 5272	LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
21:28:52.0924 5272	LanmanWorkstation - ok
21:28:53.0049 5272	LightScribeService (2238b91ac1a12cc6cc4c4fed41258b2a) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21:28:53.0080 5272	LightScribeService ( UnsignedFile.Multi.Generic ) - warning
21:28:53.0080 5272	LightScribeService - detected UnsignedFile.Multi.Generic (1)
21:28:53.0127 5272	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:28:53.0189 5272	lltdio - ok
21:28:53.0236 5272	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
21:28:53.0314 5272	lltdsvc - ok
21:28:53.0330 5272	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
21:28:53.0361 5272	lmhosts - ok
21:28:53.0408 5272	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:28:53.0423 5272	LSI_FC - ok
21:28:53.0439 5272	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:28:53.0454 5272	LSI_SAS - ok
21:28:53.0454 5272	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:28:53.0470 5272	LSI_SAS2 - ok
21:28:53.0501 5272	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:28:53.0501 5272	LSI_SCSI - ok
21:28:53.0517 5272	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:28:53.0548 5272	luafv - ok
21:28:53.0579 5272	MBAMProtector - ok
21:28:53.0657 5272	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:28:53.0720 5272	MBAMService - ok
21:28:53.0782 5272	Mcx2Svc         (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
21:28:53.0798 5272	Mcx2Svc - ok
21:28:53.0813 5272	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:28:53.0829 5272	megasas - ok
21:28:53.0860 5272	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:28:53.0876 5272	MegaSR - ok
21:28:53.0922 5272	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:28:53.0969 5272	MMCSS - ok
21:28:53.0985 5272	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:28:54.0016 5272	Modem - ok
21:28:54.0047 5272	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:28:54.0078 5272	monitor - ok
21:28:54.0110 5272	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
21:28:54.0125 5272	mouclass - ok
21:28:54.0141 5272	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:28:54.0172 5272	mouhid - ok
21:28:54.0219 5272	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:28:54.0234 5272	mountmgr - ok
21:28:54.0328 5272	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:28:54.0359 5272	MozillaMaintenance - ok
21:28:54.0375 5272	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:28:54.0390 5272	mpio - ok
21:28:54.0422 5272	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:28:54.0468 5272	mpsdrv - ok
21:28:54.0500 5272	MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
21:28:54.0562 5272	MpsSvc - ok
21:28:54.0593 5272	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:28:54.0624 5272	MRxDAV - ok
21:28:54.0671 5272	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:28:54.0702 5272	mrxsmb - ok
21:28:54.0718 5272	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:28:54.0734 5272	mrxsmb10 - ok
21:28:54.0749 5272	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:28:54.0780 5272	mrxsmb20 - ok
21:28:54.0796 5272	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:28:54.0812 5272	msahci - ok
21:28:54.0843 5272	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:28:54.0843 5272	msdsm - ok
21:28:54.0874 5272	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
21:28:54.0921 5272	MSDTC - ok
21:28:54.0952 5272	MSDV            (114b67c324d64c8195fd3bf93b4df02a) C:\Windows\system32\DRIVERS\msdv.sys
21:28:54.0999 5272	MSDV - ok
21:28:55.0030 5272	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:28:55.0046 5272	Msfs - ok
21:28:55.0061 5272	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:28:55.0092 5272	mshidkmdf - ok
21:28:55.0108 5272	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:28:55.0108 5272	msisadrv - ok
21:28:55.0155 5272	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
21:28:55.0202 5272	MSiSCSI - ok
21:28:55.0217 5272	msiserver - ok
21:28:55.0248 5272	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:28:55.0326 5272	MSKSSRV - ok
21:28:55.0358 5272	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:28:55.0420 5272	MSPCLOCK - ok
21:28:55.0451 5272	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:28:55.0482 5272	MSPQM - ok
21:28:55.0498 5272	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:28:55.0514 5272	MsRPC - ok
21:28:55.0545 5272	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:28:55.0545 5272	mssmbios - ok
21:28:55.0576 5272	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:28:55.0592 5272	MSTEE - ok
21:28:55.0623 5272	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:28:55.0638 5272	MTConfig - ok
21:28:55.0654 5272	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:28:55.0654 5272	Mup - ok
21:28:55.0701 5272	napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
21:28:55.0748 5272	napagent - ok
21:28:55.0779 5272	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:28:55.0810 5272	NativeWifiP - ok
21:28:55.0857 5272	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:28:55.0872 5272	NDIS - ok
21:28:55.0888 5272	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:28:55.0904 5272	NdisCap - ok
21:28:55.0935 5272	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:28:55.0966 5272	NdisTapi - ok
21:28:56.0013 5272	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:28:56.0075 5272	Ndisuio - ok
21:28:56.0122 5272	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:28:56.0184 5272	NdisWan - ok
21:28:56.0216 5272	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:28:56.0247 5272	NDProxy - ok
21:28:56.0434 5272	Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
21:28:56.0465 5272	Nero BackItUp Scheduler 4.0 - ok
21:28:56.0496 5272	Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\Windows\system32\HPZinw12.dll
21:28:56.0496 5272	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:28:56.0496 5272	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:28:56.0543 5272	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:28:56.0574 5272	NetBIOS - ok
21:28:56.0606 5272	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:28:56.0652 5272	NetBT - ok
21:28:56.0684 5272	Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:28:56.0699 5272	Netlogon - ok
21:28:56.0730 5272	Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
21:28:56.0777 5272	Netman - ok
21:28:56.0808 5272	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
21:28:56.0855 5272	netprofm - ok
21:28:56.0933 5272	NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:28:56.0964 5272	NetTcpPortSharing - ok
21:28:56.0996 5272	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:28:57.0027 5272	nfrd960 - ok
21:28:57.0074 5272	NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
21:28:57.0120 5272	NlaSvc - ok
21:28:57.0136 5272	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:28:57.0167 5272	Npfs - ok
21:28:57.0183 5272	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
21:28:57.0214 5272	nsi - ok
21:28:57.0230 5272	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:28:57.0261 5272	nsiproxy - ok
21:28:57.0323 5272	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:28:57.0370 5272	Ntfs - ok
21:28:57.0401 5272	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:28:57.0432 5272	Null - ok
21:28:57.0479 5272	NVENETFD        (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
21:28:57.0495 5272	NVENETFD - ok
21:28:57.0526 5272	NVNET           (1de923088878b495cd4219e47ba34eb8) C:\Windows\system32\DRIVERS\nvmf6232.sys
21:28:57.0542 5272	NVNET - ok
21:28:57.0573 5272	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:28:57.0573 5272	nvraid - ok
21:28:57.0620 5272	nvrd32          (049e81b6fb41c73619ed3fe4df7d8638) C:\Windows\system32\DRIVERS\nvrd32.sys
21:28:57.0635 5272	nvrd32 - ok
21:28:57.0651 5272	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:28:57.0666 5272	nvstor - ok
21:28:57.0698 5272	nvstor32        (7eba6c9a0a295b1559efb9062e701218) C:\Windows\system32\DRIVERS\nvstor32.sys
21:28:57.0713 5272	nvstor32 - ok
21:28:57.0729 5272	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:28:57.0744 5272	nv_agp - ok
21:28:57.0760 5272	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:28:57.0791 5272	ohci1394 - ok
21:28:57.0854 5272	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:28:57.0869 5272	ose - ok
21:28:58.0041 5272	osppsvc         (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:28:58.0181 5272	osppsvc - ok
21:28:58.0306 5272	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:28:58.0368 5272	p2pimsvc - ok
21:28:58.0415 5272	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
21:28:58.0446 5272	p2psvc - ok
21:28:58.0524 5272	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:28:58.0556 5272	Parport - ok
21:28:58.0587 5272	partmgr         (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
21:28:58.0587 5272	partmgr - ok
21:28:58.0618 5272	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:28:58.0649 5272	Parvdm - ok
21:28:58.0665 5272	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
21:28:58.0680 5272	PcaSvc - ok
21:28:58.0712 5272	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:28:58.0727 5272	pci - ok
21:28:58.0727 5272	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:28:58.0743 5272	pciide - ok
21:28:58.0774 5272	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:28:58.0790 5272	pcmcia - ok
21:28:58.0805 5272	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:28:58.0821 5272	pcw - ok
21:28:58.0852 5272	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:28:58.0899 5272	PEAUTH - ok
21:28:59.0008 5272	pla             (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
21:28:59.0133 5272	pla - ok
21:28:59.0242 5272	PLFlash DeviceIoControl Service (86b49480d4d9f24bd52976a90171d676) C:\Windows\system32\IoctlSvc.exe
21:28:59.0242 5272	PLFlash DeviceIoControl Service - ok
21:28:59.0289 5272	PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
21:28:59.0336 5272	PlugPlay - ok
21:28:59.0367 5272	Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\Windows\system32\HPZipm12.dll
21:28:59.0367 5272	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:28:59.0367 5272	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:28:59.0398 5272	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
21:28:59.0429 5272	PNRPAutoReg - ok
21:28:59.0460 5272	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:28:59.0476 5272	PNRPsvc - ok
21:28:59.0538 5272	Point32         (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
21:28:59.0554 5272	Point32 - ok
21:28:59.0585 5272	PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
21:28:59.0632 5272	PolicyAgent - ok
21:28:59.0663 5272	Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
21:28:59.0694 5272	Power - ok
21:28:59.0726 5272	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:28:59.0772 5272	PptpMiniport - ok
21:28:59.0788 5272	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:28:59.0819 5272	Processor - ok
21:28:59.0866 5272	ProfSvc         (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
21:28:59.0913 5272	ProfSvc - ok
21:28:59.0944 5272	ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:28:59.0975 5272	ProtectedStorage - ok
21:29:00.0006 5272	Ps2             (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
21:29:00.0006 5272	Ps2 ( UnsignedFile.Multi.Generic ) - warning
21:29:00.0006 5272	Ps2 - detected UnsignedFile.Multi.Generic (1)
21:29:00.0053 5272	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:29:00.0100 5272	Psched - ok
21:29:00.0131 5272	PxHelp20        (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
21:29:00.0147 5272	PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
21:29:00.0147 5272	PxHelp20 - detected UnsignedFile.Multi.Generic (1)
21:29:00.0178 5272	qjhgdi          (e6d35f3aa51a65eb35c1f2340154a25e) C:\Windows\system32\drivers\rlhwrpj.sys
21:29:00.0194 5272	qjhgdi ( UnsignedFile.Multi.Generic ) - warning
21:29:00.0194 5272	qjhgdi - detected UnsignedFile.Multi.Generic (1)
21:29:00.0240 5272	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:29:00.0287 5272	ql2300 - ok
21:29:00.0428 5272	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:29:00.0459 5272	ql40xx - ok
21:29:00.0490 5272	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
21:29:00.0537 5272	QWAVE - ok
21:29:00.0552 5272	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:29:00.0584 5272	QWAVEdrv - ok
21:29:00.0646 5272	RapiMgr         (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
21:29:00.0662 5272	RapiMgr - ok
21:29:00.0677 5272	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:29:00.0708 5272	RasAcd - ok
21:29:00.0755 5272	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:29:00.0786 5272	RasAgileVpn - ok
21:29:00.0802 5272	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
21:29:00.0833 5272	RasAuto - ok
21:29:00.0864 5272	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:29:00.0896 5272	Rasl2tp - ok
21:29:00.0958 5272	RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
21:29:01.0036 5272	RasMan - ok
21:29:01.0067 5272	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:29:01.0114 5272	RasPppoe - ok
21:29:01.0130 5272	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:29:01.0176 5272	RasSstp - ok
21:29:01.0223 5272	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:29:01.0270 5272	rdbss - ok
21:29:01.0286 5272	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:29:01.0301 5272	rdpbus - ok
21:29:01.0332 5272	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:29:01.0364 5272	RDPCDD - ok
21:29:01.0379 5272	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:29:01.0410 5272	RDPENCDD - ok
21:29:01.0426 5272	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:29:01.0488 5272	RDPREFMP - ok
21:29:01.0520 5272	RDPWD           (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
21:29:01.0566 5272	RDPWD - ok
21:29:01.0629 5272	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:29:01.0644 5272	rdyboost - ok
21:29:01.0676 5272	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
21:29:01.0722 5272	RemoteAccess - ok
21:29:01.0754 5272	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
21:29:01.0800 5272	RemoteRegistry - ok
21:29:01.0925 5272	RoxMediaDB9     (00f3e30d63078fc4b543c32fd7337a7b) c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
21:29:01.0956 5272	RoxMediaDB9 - ok
21:29:01.0988 5272	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
21:29:02.0019 5272	RpcEptMapper - ok
21:29:02.0050 5272	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
21:29:02.0081 5272	RpcLocator - ok
21:29:02.0112 5272	RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:29:02.0144 5272	RpcSs - ok
21:29:02.0237 5272	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:29:02.0284 5272	rspndr - ok
21:29:02.0315 5272	SamSs           (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:29:02.0315 5272	SamSs - ok
21:29:02.0362 5272	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:29:02.0362 5272	sbp2port - ok
21:29:02.0378 5272	SBRE - ok
21:29:02.0409 5272	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
21:29:02.0440 5272	SCardSvr - ok
21:29:02.0471 5272	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:29:02.0518 5272	scfilter - ok
21:29:02.0565 5272	Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
21:29:02.0596 5272	Schedule - ok
21:29:02.0627 5272	SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:29:02.0658 5272	SCPolicySvc - ok
21:29:02.0690 5272	SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
21:29:02.0752 5272	SDRSVC - ok
21:29:02.0799 5272	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:29:02.0877 5272	secdrv - ok
21:29:02.0892 5272	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
21:29:02.0939 5272	seclogon - ok
21:29:02.0970 5272	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
21:29:03.0002 5272	SENS - ok
21:29:03.0033 5272	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
21:29:03.0064 5272	SensrSvc - ok
21:29:03.0095 5272	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:29:03.0126 5272	Serenum - ok
21:29:03.0189 5272	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:29:03.0204 5272	Serial - ok
21:29:03.0251 5272	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:29:03.0251 5272	sermouse - ok
21:29:03.0314 5272	SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
21:29:03.0392 5272	SessionEnv - ok
21:29:03.0407 5272	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:29:03.0438 5272	sffdisk - ok
21:29:03.0454 5272	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:29:03.0470 5272	sffp_mmc - ok
21:29:03.0485 5272	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:29:03.0485 5272	sffp_sd - ok
21:29:03.0516 5272	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:29:03.0532 5272	sfloppy - ok
21:29:03.0579 5272	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
21:29:03.0626 5272	SharedAccess - ok
21:29:03.0672 5272	ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
21:29:03.0704 5272	ShellHWDetection - ok
21:29:03.0719 5272	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:29:03.0735 5272	sisagp - ok
21:29:03.0750 5272	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:29:03.0766 5272	SiSRaid2 - ok
21:29:03.0797 5272	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:29:03.0797 5272	SiSRaid4 - ok
21:29:03.0828 5272	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:29:03.0860 5272	Smb - ok
21:29:03.0906 5272	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
21:29:03.0938 5272	SNMPTRAP - ok
21:29:03.0969 5272	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:29:03.0984 5272	spldr - ok
21:29:04.0031 5272	Spooler         (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
21:29:04.0078 5272	Spooler - ok
21:29:04.0187 5272	sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
21:29:04.0265 5272	sppsvc - ok
21:29:04.0374 5272	sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
21:29:04.0452 5272	sppuinotify - ok
21:29:04.0515 5272	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:29:04.0577 5272	srv - ok
21:29:04.0608 5272	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:29:04.0640 5272	srv2 - ok
21:29:04.0671 5272	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:29:04.0686 5272	srvnet - ok
21:29:04.0733 5272	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
21:29:04.0796 5272	SSDPSRV - ok
21:29:04.0827 5272	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
21:29:04.0827 5272	ssmdrv - ok
21:29:04.0858 5272	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
21:29:04.0905 5272	SstpSvc - ok
21:29:04.0936 5272	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:29:04.0952 5272	stexstor - ok
21:29:04.0983 5272	StillCam        (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
21:29:04.0998 5272	StillCam - ok
21:29:05.0061 5272	StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
21:29:05.0108 5272	StiSvc - ok
21:29:05.0201 5272	stllssvr        (d4ce4d370a26ae1bf41be9f69d24d049) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
21:29:05.0232 5272	stllssvr - ok
21:29:05.0248 5272	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:29:05.0264 5272	swenum - ok
21:29:05.0310 5272	swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
21:29:05.0342 5272	swprv - ok
21:29:05.0404 5272	SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
21:29:05.0451 5272	SysMain - ok
21:29:05.0482 5272	TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
21:29:05.0498 5272	TabletInputService - ok
21:29:05.0544 5272	TapiSrv         (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
21:29:05.0607 5272	TapiSrv - ok
21:29:05.0669 5272	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
21:29:05.0732 5272	TBS - ok
21:29:05.0841 5272	Tcpip           (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
21:29:05.0903 5272	Tcpip - ok
21:29:05.0903 5272	TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
21:29:05.0950 5272	TCPIP6 - ok
21:29:05.0981 5272	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:29:06.0028 5272	tcpipreg - ok
21:29:06.0044 5272	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:29:06.0106 5272	TDPIPE - ok
21:29:06.0122 5272	TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
21:29:06.0168 5272	TDTCP - ok
21:29:06.0200 5272	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:29:06.0246 5272	tdx - ok
21:29:06.0278 5272	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
21:29:06.0293 5272	TermDD - ok
21:29:06.0340 5272	TermService     (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
21:29:06.0402 5272	TermService - ok
21:29:06.0434 5272	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
21:29:06.0449 5272	Themes - ok
21:29:06.0480 5272	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:29:06.0512 5272	THREADORDER - ok
21:29:06.0527 5272	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
21:29:06.0574 5272	TrkWks - ok
21:29:06.0636 5272	TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
21:29:06.0714 5272	TrustedInstaller - ok
21:29:06.0761 5272	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:29:06.0777 5272	tssecsrv - ok
21:29:06.0824 5272	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:29:06.0839 5272	TsUsbFlt - ok
21:29:06.0902 5272	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:29:06.0933 5272	tunnel - ok
21:29:06.0964 5272	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:29:06.0980 5272	uagp35 - ok
21:29:07.0026 5272	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:29:07.0104 5272	udfs - ok
21:29:07.0136 5272	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
21:29:07.0182 5272	UI0Detect - ok
21:29:07.0198 5272	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:29:07.0214 5272	uliagpkx - ok
21:29:07.0245 5272	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
21:29:07.0260 5272	umbus - ok
21:29:07.0276 5272	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:29:07.0292 5272	UmPass - ok
21:29:07.0323 5272	upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
21:29:07.0354 5272	upnphost - ok
21:29:07.0401 5272	USBAAPL         (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
21:29:07.0432 5272	USBAAPL - ok
21:29:07.0448 5272	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
21:29:07.0479 5272	usbccgp - ok
21:29:07.0479 5272	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:29:07.0510 5272	usbcir - ok
21:29:07.0541 5272	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
21:29:07.0557 5272	usbehci - ok
21:29:07.0572 5272	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
21:29:07.0588 5272	usbhub - ok
21:29:07.0604 5272	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
21:29:07.0650 5272	usbohci - ok
21:29:07.0682 5272	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:29:07.0713 5272	usbprint - ok
21:29:07.0728 5272	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:29:07.0775 5272	USBSTOR - ok
21:29:07.0791 5272	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
21:29:07.0838 5272	usbuhci - ok
21:29:07.0869 5272	usb_rndisx      (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
21:29:07.0869 5272	usb_rndisx - ok
21:29:07.0916 5272	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
21:29:07.0931 5272	UxSms - ok
21:29:07.0962 5272	VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:29:07.0978 5272	VaultSvc - ok
21:29:08.0009 5272	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:29:08.0025 5272	vdrvroot - ok
21:29:08.0072 5272	vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
21:29:08.0103 5272	vds - ok
21:29:08.0134 5272	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:29:08.0165 5272	vga - ok
21:29:08.0181 5272	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:29:08.0228 5272	VgaSave - ok
21:29:08.0243 5272	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:29:08.0259 5272	vhdmp - ok
21:29:08.0274 5272	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:29:08.0290 5272	viaagp - ok
21:29:08.0306 5272	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:29:08.0337 5272	ViaC7 - ok
21:29:08.0352 5272	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:29:08.0368 5272	viaide - ok
21:29:08.0384 5272	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:29:08.0399 5272	volmgr - ok
21:29:08.0430 5272	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:29:08.0446 5272	volmgrx - ok
21:29:08.0462 5272	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:29:08.0477 5272	volsnap - ok
21:29:08.0493 5272	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:29:08.0508 5272	vsmraid - ok
21:29:08.0571 5272	VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
21:29:08.0618 5272	VSS - ok
21:29:08.0633 5272	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
21:29:08.0664 5272	vwifibus - ok
21:29:08.0696 5272	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
21:29:08.0711 5272	vwififlt - ok
21:29:08.0758 5272	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
21:29:08.0789 5272	W32Time - ok
21:29:08.0805 5272	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:29:08.0852 5272	WacomPen - ok
21:29:08.0914 5272	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:29:08.0961 5272	WANARP - ok
21:29:08.0961 5272	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:29:08.0992 5272	Wanarpv6 - ok
21:29:09.0054 5272	wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
21:29:09.0132 5272	wbengine - ok
21:29:09.0164 5272	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
21:29:09.0195 5272	WbioSrvc - ok
21:29:09.0242 5272	WcesComm        (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
21:29:09.0273 5272	WcesComm - ok
21:29:09.0320 5272	wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
21:29:09.0366 5272	wcncsvc - ok
21:29:09.0382 5272	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
21:29:09.0444 5272	WcsPlugInService - ok
21:29:09.0507 5272	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:29:09.0538 5272	Wd - ok
21:29:09.0569 5272	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:29:09.0600 5272	Wdf01000 - ok
21:29:09.0600 5272	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:29:09.0678 5272	WdiServiceHost - ok
21:29:09.0694 5272	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:29:09.0710 5272	WdiSystemHost - ok
21:29:09.0756 5272	WebClient       (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
21:29:09.0803 5272	WebClient - ok
21:29:09.0819 5272	Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
21:29:09.0850 5272	Wecsvc - ok
21:29:09.0881 5272	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
21:29:09.0928 5272	wercplsupport - ok
21:29:09.0975 5272	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
21:29:10.0006 5272	WerSvc - ok
21:29:10.0037 5272	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:29:10.0068 5272	WfpLwf - ok
21:29:10.0084 5272	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:29:10.0084 5272	WIMMount - ok
21:29:10.0209 5272	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
21:29:10.0271 5272	WinDefend - ok
21:29:10.0271 5272	WinHttpAutoProxySvc - ok
21:29:10.0349 5272	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
21:29:10.0396 5272	Winmgmt - ok
21:29:10.0458 5272	WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
21:29:10.0521 5272	WinRM - ok
21:29:10.0630 5272	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
21:29:10.0646 5272	WinUsb - ok
21:29:10.0692 5272	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
21:29:10.0724 5272	Wlansvc - ok
21:29:10.0880 5272	wlidsvc         (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:29:10.0942 5272	wlidsvc - ok
21:29:11.0098 5272	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
21:29:11.0114 5272	WmiAcpi - ok
21:29:11.0176 5272	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
21:29:11.0223 5272	wmiApSrv - ok
21:29:11.0379 5272	WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:29:11.0457 5272	WMPNetworkSvc - ok
21:29:11.0488 5272	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
21:29:11.0519 5272	WPCSvc - ok
21:29:11.0550 5272	WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
21:29:11.0582 5272	WPDBusEnum - ok
21:29:11.0660 5272	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:29:11.0691 5272	ws2ifsl - ok
21:29:11.0722 5272	wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
21:29:11.0738 5272	wscsvc - ok
21:29:11.0738 5272	WSearch - ok
21:29:11.0816 5272	wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
21:29:11.0878 5272	wuauserv - ok
21:29:11.0987 5272	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:29:12.0034 5272	WudfPf - ok
21:29:12.0065 5272	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:29:12.0096 5272	WUDFRd - ok
21:29:12.0143 5272	wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
21:29:12.0174 5272	wudfsvc - ok
21:29:12.0206 5272	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
21:29:12.0237 5272	WwanSvc - ok
21:29:12.0284 5272	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:29:12.0315 5272	\Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
21:29:12.0315 5272	\Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
21:29:12.0393 5272	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:29:12.0393 5272	\Device\Harddisk0\DR0 - detected TDSS File System (1)
21:29:12.0393 5272	Boot (0x1200)   (adeab7de14e4ae7acfc4102551fa070f) \Device\Harddisk0\DR0\Partition0
21:29:12.0393 5272	\Device\Harddisk0\DR0\Partition0 - ok
21:29:12.0408 5272	Boot (0x1200)   (c581ad0c9085fe921e16b80f6d3c913a) \Device\Harddisk0\DR0\Partition1
21:29:12.0424 5272	\Device\Harddisk0\DR0\Partition1 - ok
21:29:12.0440 5272	Boot (0x1200)   (65ddd6cbd7db49b1f7435706c2c9a633) \Device\Harddisk0\DR0\Partition2
21:29:12.0440 5272	\Device\Harddisk0\DR0\Partition2 - ok
21:29:12.0440 5272	============================================================
21:29:12.0440 5272	Scan finished
21:29:12.0440 5272	============================================================
21:29:12.0455 5448	Detected object count: 15
21:29:12.0455 5448	Actual detected object count: 15
21:32:05.0308 5448	Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:05.0308 5448	Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:32:05.0324 5448	ElbyCDFL ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:05.0324 5448	ElbyCDFL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:32:05.0324 5448	ElbyCDIO ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:05.0324 5448	ElbyCDIO ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:32:05.0324 5448	hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:05.0324 5448	hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:32:05.0324 5448	hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:05.0324 5448	hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:32:05.0324 5448	HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:05.0324 5448	HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:32:05.0339 5448	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:05.0339 5448	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:32:05.0339 5448	LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:05.0339 5448	LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:32:05.0339 5448	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:05.0339 5448	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:32:05.0339 5448	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:05.0339 5448	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:32:05.0339 5448	Ps2 ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:05.0339 5448	Ps2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:32:05.0339 5448	PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:05.0339 5448	PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:32:05.0355 5448	qjhgdi ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:05.0355 5448	qjhgdi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:32:05.0901 5448	\Device\Harddisk0\DR0\# - copied to quarantine
21:32:05.0901 5448	\Device\Harddisk0\DR0 - copied to quarantine
21:32:05.0932 5448	\Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
21:32:05.0932 5448	\Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
21:32:05.0963 5448	\Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
21:32:05.0963 5448	\Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
21:32:05.0979 5448	\Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
21:32:05.0995 5448	\Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
21:32:05.0995 5448	\Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
21:32:06.0010 5448	\Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
21:32:06.0010 5448	\Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
21:32:06.0026 5448	\Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:32:06.0057 5448	\Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:32:06.0073 5448	\Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:32:06.0073 5448	\Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:32:06.0088 5448	\Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
21:32:06.0104 5448	\Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
21:32:06.0104 5448	\Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
21:32:06.0104 5448	\Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
21:32:06.0166 5448	\Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
21:32:06.0197 5448	\Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
21:32:06.0244 5448	\Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
21:32:06.0244 5448	\Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
21:32:06.0541 5448	\Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
21:32:06.0541 5448	\Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
21:32:06.0556 5448	\Device\Harddisk0\DR0 - ok
21:32:06.0915 5448	\Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure 
21:32:06.0915 5448	\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:32:06.0915 5448	\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
         

Alt 29.06.2012, 20:35   #7
markusg
/// Malware-holic
 
Google öffnet andere seiten als gewählt - Standard

Google öffnet andere seiten als gewählt



hi
nutzt du den pc für onlinebanking, einkäufe, sonstige zahlungsabwicklungen, oder ähnlich wichtiges, wie berufliches?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 30.06.2012, 10:23   #8
thompson1
 
Google öffnet andere seiten als gewählt - Standard

Google öffnet andere seiten als gewählt



seit der infektion nicht mehr. vorher einkäufe, onlinebanking und hauptsächlich beruflich (seo, onlinemarketing etc) .

warum fragst du ?

Alt 30.06.2012, 14:44   #9
markusg
/// Malware-holic
 
Google öffnet andere seiten als gewählt - Standard

Google öffnet andere seiten als gewählt



wenn du onlinebanking machst, rufe die bank an, notfall nummer:
116 116
onlinebanking wegen rootkit befall sperren lassen.

der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Google öffnet andere seiten als gewählt
32 bit, 7-zip, ad-aware, alternate, antivir, avira, browser, converter, dateisystem, document, error, excel, firefox, flash player, google, heuristiks/extra, heuristiks/shuriken, home, iexplore.exe, install.exe, logfile, microsoft office word, mp3, officejet, realtek, scan, searchscopes, security, senden, sparbuch, trojaner, version=1.0, viren, virus, windows, wiso, öffnet andere seiten



Ähnliche Themen: Google öffnet andere seiten als gewählt


  1. Google leitet auf andere Seiten um....
    Log-Analyse und Auswertung - 25.04.2015 (13)
  2. Google öffnet andere Seiten als ausgewählt
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (22)
  3. google öffnet andere seiten
    Plagegeister aller Art und deren Bekämpfung - 24.09.2012 (7)
  4. Google.de nicht erreichbar - andere Seiten sehr langsam - andere normal DNS-Provider Problem oder Trojaner?
    Log-Analyse und Auswertung - 05.09.2012 (2)
  5. Google öffnet andere Seiten als gewünscht (Rocketnews)
    Plagegeister aller Art und deren Bekämpfung - 21.06.2012 (19)
  6. Google öffnet andere Seiten als Suchergebnis
    Log-Analyse und Auswertung - 08.06.2012 (19)
  7. Google öffnet andere Seiten als gewünscht (Rocketnews, freegaming.com, groupon etc.)
    Plagegeister aller Art und deren Bekämpfung - 11.05.2012 (11)
  8. Browser öffnet andere Seiten bei google!
    Plagegeister aller Art und deren Bekämpfung - 20.01.2012 (2)
  9. Trojaner - Google öffnet andere Seiten
    Plagegeister aller Art und deren Bekämpfung - 15.07.2011 (1)
  10. Google öffnet immer andere Seiten wie z.b. goinonearth.com
    Plagegeister aller Art und deren Bekämpfung - 28.06.2011 (16)
  11. Google leitet auf andere Seiten um
    Log-Analyse und Auswertung - 05.04.2011 (1)
  12. Google leitet auf andere Seiten um, Seiten wollen sich ungefragt öffnen. Gelöst(?) Sicher?
    Plagegeister aller Art und deren Bekämpfung - 26.07.2010 (8)
  13. Google öffnet andere Seiten als angeklickt
    Log-Analyse und Auswertung - 19.06.2010 (20)
  14. Google öffnet andere Seiten
    Log-Analyse und Auswertung - 02.02.2010 (94)
  15. Bei Google auf andere Seiten - LogFile
    Log-Analyse und Auswertung - 08.03.2009 (37)
  16. Google verlinkt auf andere Seiten
    Log-Analyse und Auswertung - 01.10.2008 (4)
  17. Explorer IE7 öffnet andere Seiten
    Log-Analyse und Auswertung - 22.06.2007 (2)

Zum Thema Google öffnet andere seiten als gewählt - Hallo zusammen, bin ganz neu und frisch hier. hab über die google suche zu euch gefunden, da mein rechner mir seit mehr als einer woche probleme macht. als aller erstes - Google öffnet andere seiten als gewählt...
Archiv
Du betrachtest: Google öffnet andere seiten als gewählt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.