| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Dieser Verbindung wird nicht vetrautWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.03.2012, 15:42
| #1 |
 |  Dieser Verbindung wird nicht vetraut Hallo, ich bekomme heute auf allen Seiten, die ein Log-In verlangen folgende Meldung: Dieser Verbindung wird nicht vertraut Sie haben Firefox angewiesen, eine gesicherte Verbindung zu www.racebers.com aufzubauen, es kann aber nicht überprüft werden, ob die Verbindung sicher ist. Wenn Sie normalerweise eine gesicherte Verbindung aufbauen, weist sich die Website mit einer vertrauenswürdigen Identifikation aus, um zu garantieren, dass Sie die richtige Website besuchen. Die Identifikation dieser Website dagegen kann nicht bestätigt werden. Was sollte ich tun? Falls Sie für gewöhnlich keine Probleme mit dieser Website haben, könnte dieser Fehler bedeuten, dass jemand die Website fälscht. Sie sollten in dem Fall nicht fortfahren. Technische Details www.racebets.com verwendet ein ungültiges Sicherheitszertifikat. Dem Zertifikat wird nicht vertraut, weil es vom Aussteller selbst signiert wurde. Das Zertifikat gilt nur für Production Security Services. (Fehlercode: sec_error_untrusted_issuer) Ich kenne das Risiko Bei Internet Explorer habe ich das Problem nicht. Was kann ich tun? |
|
27.03.2012, 16:08
| #2 |
| /// Malware-holic   | Dieser Verbindung wird nicht vetraut hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
28.03.2012, 07:55
| #3 |
| | Dieser Verbindung wird nicht vetraut Problem gelöst, hab gesterm noch Combofix durchlaufen lassen und dann bekam ich keine solche Meldungen mehr.
__________________Trotzdem Danke Hallo, hab heute wieder das Problem!OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.03.2012 09:58:30 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\utti\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 66,81% Memory free
4,21 Gb Paging File | 3,08 Gb Available in Paging File | 73,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,00 Gb Total Space | 10,14 Gb Free Space | 8,52% Space Free | Partition Type: NTFS
Drive D: | 30,04 Gb Total Space | 20,56 Gb Free Space | 68,45% Space Free | Partition Type: FAT32
Computer Name: UTTI-PC | User Name: utti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PPMate\ppmate.exe" = C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate
"C:\Program Files\PPMate\ppmnet.exe" = C:\Program Files\PPMate\ppmnet.exe:*:Enabled:PPMate
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C76EB6-E831-44A1-B4B0-2D1A2D22B96A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2867F7ED-FA52-410B-A877-DF22E172B3B1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{35F68AF2-3C32-467E-AA94-A7E1EDA7E959}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3B22D65E-316A-4714-8EC5-DB2A037FFA9A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{48967355-C636-4DE2-BB91-D2B6ED61D107}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5E7E378A-AED3-4010-9978-57620F97446C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6664D048-7C9E-430C-9435-4C3259E2E3B6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{81841874-7CDA-4D56-9DFA-A107BB703E71}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B274F027-A270-4B83-AC9E-9C738CAA4867}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B2B51264-FF2F-46F0-B2DF-939CE463B7A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E0AF4C6B-8DBA-4800-88FF-43BF601C31EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F09F116-AC2C-4ECD-9777-79763B72BB06}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2E15F41C-02DC-4A45-9BE5-7066CAD5951C}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{36B76DA6-35AA-479A-9C88-4392F01313B7}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{543241AE-5F0A-414E-9846-0E0B97F6AD1C}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{604C467E-044F-407B-94FC-DA24AB18AC33}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{6DEF10A3-00DB-4498-910D-F6EBC09CE91B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{70867438-759E-41BB-A0B1-EDCB144792C7}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{71A8B3AE-937B-4ACC-9CB5-D55CE267D92C}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{897F9638-EA5B-4B3E-85B5-EA665D7A4E8D}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{A3B07647-5382-4C13-A32D-48876A99E919}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{B5082DCF-FB59-457F-97A2-D63F8AE8DFAF}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{CC16B03C-1C3C-4D5D-A13B-61466D38F45E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D0816A2A-8DC9-4A94-8E09-C99DA8151398}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D2ECDC42-69B2-4015-B9AF-F39E37F3D98B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E2054120-03FB-4BDB-B6A3-239DC189046A}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{EBA3DB16-4CD8-4F78-BCA0-C3CACE637356}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F8AE51FB-DFEF-4DE2-B06D-A47BCFBB0984}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"TCP Query User{1E290986-7261-4D82-B77F-D0CBC3583D84}C:\casino\casinoclub\casino.exe" = protocol=6 | dir=in | app=c:\casino\casinoclub\casino.exe |
"TCP Query User{272CE53E-8E56-46A5-9714-4BD6D6E86417}C:\program files\ppmate\ppmnet.exe" = protocol=6 | dir=in | app=c:\program files\ppmate\ppmnet.exe |
"TCP Query User{3579EF24-AD0B-449B-88A3-C87D19A483B7}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{4619761E-D4FB-4D2F-8A1D-E59BBA74219C}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{689F82ED-2A8F-45C5-9637-F220813E4DF6}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{B49E77BD-F341-4E45-B5B0-ADB4D1A77B55}C:\program files\sopcast\sopvod.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopvod.exe |
"TCP Query User{BE55E803-9152-47FA-8938-6A0969FE199C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D35764FD-3E4E-4E03-964D-D44504471817}C:\users\utti\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\utti\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{D8BBAB34-4A15-43A5-9366-8C108715A8AB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{DDDE2CB5-2A36-4994-BAA3-E6453AB3DFF7}C:\program files\joost\xulrunner\tvprunner.exe" = protocol=6 | dir=in | app=c:\program files\joost\xulrunner\tvprunner.exe |
"TCP Query User{E11B7525-6D36-405E-817E-562755C253E3}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{EE9B2A86-04D4-404F-87F1-D90604E1007F}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{F79BD6A0-4C93-40AE-B145-2A28C9C52B9E}C:\users\utti\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\utti\appdata\roaming\spotify\spotify.exe |
"TCP Query User{F7CE2338-5DE5-4DF3-AAFA-DAF5F28331F9}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{071EA504-ABD2-4578-967B-5D1AA4FA2675}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{139D2D4D-7CA1-4614-8276-15EE189AEE74}C:\casino\casinoclub\casino.exe" = protocol=17 | dir=in | app=c:\casino\casinoclub\casino.exe |
"UDP Query User{2AF5EC67-0173-49A1-8D9C-9EBE77D463CA}C:\users\utti\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\utti\appdata\roaming\spotify\spotify.exe |
"UDP Query User{2D577611-DB7E-4FD0-9E2F-238CD12E4290}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{46096F92-E86A-4648-854F-BB60CF40C802}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{49DEE46F-3F92-4EC6-82CA-8BE5581B9994}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{6A55B53C-1E06-4892-BB00-C9689DB07E30}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{6C032088-9F74-4EE9-BA41-79FDAD4A707A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{7E74A7E0-0BF9-40F4-8275-D453687E2BDA}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{89C0C0BB-6BCD-4ABC-ABF8-C9C28B3D7C88}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{97CDDE5F-9653-4476-A42B-7E79034773C7}C:\program files\ppmate\ppmnet.exe" = protocol=17 | dir=in | app=c:\program files\ppmate\ppmnet.exe |
"UDP Query User{A881B028-0AD1-4EC9-BE85-242607051691}C:\users\utti\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\utti\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{ACF2BEAA-F31C-4A92-B2A2-970B9B58EE37}C:\program files\sopcast\sopvod.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopvod.exe |
"UDP Query User{FD7B0BA5-44A1-4D5D-81E4-E4840CB7911E}C:\program files\joost\xulrunner\tvprunner.exe" = protocol=17 | dir=in | app=c:\program files\joost\xulrunner\tvprunner.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F022A2E-7022-497D-90A5-0F46746D8275}" = Macromedia Extension Manager
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{34F0D55F-C386-4195-9A5B-961D3F6ACD46}" = InterVideo MediaOne Gallery
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Suyin Live Camera
"{3BEFC315-7F74-4F71-B704-2CAF4DC046BB}" = Steuer-Hilfesammlung 2010
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{410AB9BC-B057-4D39-9260-660EE1B4BED2}" = Steuer 2009
"{44025BD7-AD10-4769-99AE-6378FD0303D6}" = Macromedia Dreamweaver 8
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63B75E16-F290-4FCD-AF67-A9134CD01031}" = Nero 7 Essentials
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = SUYIN webcam
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCC8E84E-AB61-4EC0-890D-8B553915B3AD}" = TVsweeper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.3.9
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF7480B8-0986-4D9A-8778-28F32BFC0AB0}" = AAVUpdateManager
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any Video Converter_is1" = Any Video Converter 3.0.6
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"ElsterFormular für Unternehmer 12.2.2.6665u" = ElsterFormular-Update
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Erotic-Lounge Manager" = Erotic-Lounge Manager 1.0.1517
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free DVD Video Burner_is1" = Free DVD Video Burner version 3.0.0
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free PDF to Word Converter_is1" = Free PDF to Word Converter 1.5
"Free Video Dub_is1" = Free Video Dub version 1.8.10
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6.18.305
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"IrfanView" = IrfanView (remove only)
"Kastor Free Vimeo Downloader_is1" = Kastor Free Vimeo Downloader V 1.1
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"MainConcept MPEG-2 Decoder Pack 3.1.60203 (Silent)" = MainConcept MPEG-2 Decoder Pack
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"MEDION Fotos auf CD Sued D" = MEDION Fotos auf CD Sued 6.0.2.0 (D)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MPE" = MyPhoneExplorer
"NVIDIA Drivers" = NVIDIA Drivers
"SopCast" = SopCast 3.2.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.17
"Videoload Manager" = Videoload Manager 1.0.1514
"VLC media player" = VLC media player 1.0.3
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinZip" = WinZip
"WordToPDF_is1" = WordToPDF 2.4
"Zero" = Zero-Buchhaltung
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Spotify" = Spotify
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 15.03.2012 03:35:30 | Computer Name = utti-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 15.03.2012 03:35:30 | Computer Name = utti-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 15.03.2012 03:35:30 | Computer Name = utti-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 15.03.2012 03:35:30 | Computer Name = utti-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 15.03.2012 03:35:30 | Computer Name = utti-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 15.03.2012 03:35:30 | Computer Name = utti-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 15.03.2012 03:35:31 | Computer Name = utti-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 15.03.2012 03:35:31 | Computer Name = utti-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 15.03.2012 03:35:31 | Computer Name = utti-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 15.03.2012 03:35:31 | Computer Name = utti-PC | Source = Windows Search Service | ID = 3013
Description =
[ Media Center Events ]
Error - 21.03.2011 03:10:06 | Computer Name = utti-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
[ OSession Events ]
Error - 24.02.2009 10:41:18 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 19371
seconds with 12180 seconds of active time. This session ended with a crash.
Error - 07.07.2009 03:53:15 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 18.08.2009 00:46:04 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 18.08.2009 00:46:46 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.
Error - 18.08.2009 06:09:27 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 22.08.2009 05:29:59 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.
Error - 22.08.2009 05:31:08 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
Error - 23.08.2009 16:33:24 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.
Error - 24.12.2010 11:55:01 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 280
seconds with 240 seconds of active time. This session ended with a crash.
Error - 15.02.2011 06:31:12 | Computer Name = utti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10466
seconds with 1500 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 27.03.2012 11:27:35 | Computer Name = utti-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 27.03.2012 15:43:16 | Computer Name = utti-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 28.03.2012 02:28:38 | Computer Name = utti-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 28.03.2012 02:35:07 | Computer Name = utti-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 28.03.2012 02:35:07 | Computer Name = utti-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 28.03.2012 02:35:07 | Computer Name = utti-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 28.03.2012 02:35:07 | Computer Name = utti-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 28.03.2012 02:35:07 | Computer Name = utti-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 28.03.2012 02:35:07 | Computer Name = utti-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 28.03.2012 02:35:07 | Computer Name = utti-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.03.2012 09:58:30 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\utti\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 66,81% Memory free 4,21 Gb Paging File | 3,08 Gb Available in Paging File | 73,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 119,00 Gb Total Space | 10,14 Gb Free Space | 8,52% Space Free | Partition Type: NTFS Drive D: | 30,04 Gb Total Space | 20,56 Gb Free Space | 68,45% Space Free | Partition Type: FAT32 Computer Name: UTTI-PC | User Name: utti | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.28 09:56:20 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\utti\Downloads\OTL.exe PRC - [2012.02.27 08:47:07 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2012.01.11 17:03:34 | 000,015,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Silverlight\4.1.10111.0\agcp.exe PRC - [2011.10.11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.06.11 11:16:10 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.08.29 14:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe PRC - [2008.03.12 18:26:44 | 000,508,928 | ---- | M] (ACE GmbH) -- C:\Program Files\Videoload Manager\ContentManager.exe PRC - [2007.04.13 18:14:28 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Program Files\Medion\MEDIONbox\Program\GCS.exe PRC - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) -- c:\Program Files\Common Files\Gnab\Service\ServiceController.exe PRC - [2007.02.15 17:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006.12.26 11:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe PRC - [2006.12.14 16:53:28 | 000,192,512 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe PRC - [2006.11.17 20:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe PRC - [2006.11.15 16:58:26 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2006.11.15 16:57:58 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2006.11.09 14:37:52 | 000,086,016 | ---- | M] () -- C:\Program Files\Launch Manager\WButton.exe PRC - [2006.09.28 23:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2005.07.25 13:36:40 | 000,032,768 | ---- | M] () -- C:\Program Files\Launch Manager\LaunchAp.exe ========== Modules (No Company Name) ========== MOD - [2009.11.03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2006.11.09 14:37:52 | 000,086,016 | ---- | M] () -- C:\Program Files\Launch Manager\WButton.exe MOD - [2005.07.25 13:36:40 | 000,032,768 | ---- | M] () -- C:\Program Files\Launch Manager\LaunchAp.exe ========== Win32 Services (SafeList) ========== SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.06.11 11:16:10 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc) SRV - [2008.08.29 14:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2008.03.12 18:26:44 | 000,508,928 | ---- | M] (ACE GmbH) [Auto | Running] -- C:\Program Files\Videoload Manager\ContentManager.exe -- (ContentMgrService) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Program Files\Common Files\Gnab\Service\ServiceController.exe -- (GnabService) SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006.11.17 20:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2006.11.15 16:57:58 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2006.09.28 23:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | System | Stopped] -- -- (mailKmd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\utti\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.02.15 15:43:11 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.05.10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.01.24 23:25:12 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\pssdk42.sys -- (PSSDK42) DRV - [2010.01.24 23:25:06 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\pssdklbf.sys -- (PSSDKLBF) DRV - [2008.08.29 14:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2008.06.30 23:16:26 | 000,018,912 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lmvac.sys -- (LTXMD_VAC) Litex Media Virtual Audio Cable (WDM) DRV - [2008.03.29 18:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007.07.05 19:23:42 | 000,277,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B) DRV - [2007.04.30 13:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.02.07 18:35:10 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.15 17:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2006.11.15 12:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.11.15 10:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.02.20 18:59:36 | 000,083,344 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w810obex.sys -- (w810obex) DRV - [2006.02.20 18:59:34 | 000,085,408 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w810mgmt.sys -- (w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM) DRV - [2006.02.20 18:59:33 | 000,094,064 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w810mdm.sys -- (w810mdm) DRV - [2006.02.20 18:59:31 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w810mdfl.sys -- (w810mdfl) DRV - [2006.02.20 18:59:27 | 000,058,288 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w810bus.sys -- (w810bus) Sony Ericsson W810 Driver driver (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = comdirect.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_deDE451 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.2.1:80 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.comdirect.de/" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.2.3 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPAPIX: C:\Program Files\Common Files\fluxDVD\APIX\NPAPIX.dll () FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPFluxBrowserHelper: C:\Program Files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll () FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPWMDRMWrapper: C:\Program Files\Common Files\mpDRM\NPWMDRMWrapper.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2008.05.08 00:16:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.20 07:33:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.09 07:03:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\utti\AppData\Roaming\5045 FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter [2009.07.07 10:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\utti\AppData\Roaming\mozilla\Extensions [2012.02.08 15:43:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\utti\AppData\Roaming\mozilla\Firefox\Profiles\38rjua60.default\extensions [2010.07.28 11:20:54 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\utti\AppData\Roaming\mozilla\Firefox\Profiles\38rjua60.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.02.08 09:01:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\utti\AppData\Roaming\mozilla\Firefox\Profiles\38rjua60.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.08.27 10:00:20 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\utti\AppData\Roaming\mozilla\Firefox\Profiles\38rjua60.default\extensions\youtube2mp3@mondayx.de [2011.11.11 12:48:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.12.17 13:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2009.07.11 10:57:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.03.20 07:33:55 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.02.12 15:22:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.12 15:22:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.12 15:22:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.12 15:22:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.12 15:22:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.12 15:22:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.03.27 17:17:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe File not found O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe () O4 - HKCU..\Run: [renovator] C:\Users\utti\AppData\Roaming\Macromedia\{595E76B8-D53C-4A09-9007-FFA33FA8BE30}\renovator.exe () O4 - HKCU..\Run: [Spotify] C:\Users\utti\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\utti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8889191D-50CE-4244-92A6-A164F2FAB58C}: DhcpNameServer = 10.129.32.1 10.111.81.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2538822-8FA8-4FB7-BABD-7A7E81D14206}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: LexwareInfoService - hkey= - key= - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.27 17:20:51 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Local\temp [2012.03.27 17:19:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.03.27 17:05:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.03.27 17:05:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.03.27 17:05:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.03.27 17:05:01 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.03.27 16:59:15 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.03.26 17:30:11 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\Help [2012.03.26 17:25:43 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\TeamViewer [2012.03.15 16:12:36 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Local\Spotify [2012.03.15 16:12:01 | 000,000,000 | ---D | C] -- C:\Users\utti\AppData\Roaming\Spotify [2012.03.10 23:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\MainConcept [2012.03.10 23:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MainConcept [2012.03.10 23:03:40 | 000,000,000 | ---D | C] -- C:\Users\utti\Dokumente\My Capture Files [2012.03.10 23:03:36 | 000,000,000 | ---D | C] -- C:\Program Files\PosiCom Capture [2012.03.09 13:05:38 | 000,000,000 | ---D | C] -- C:\Users\utti\Dokumente\NeroVision [2012.03.04 23:27:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012.02.28 10:15:46 | 000,000,000 | ---D | C] -- C:\Users\utti\Local Settings [2012.02.27 15:00:02 | 000,000,000 | ---D | C] -- C:\Users\utti\Dokumente\InterVideo ========== Files - Modified Within 30 Days ========== [2012.03.28 09:51:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.28 08:35:20 | 000,642,258 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.28 08:35:20 | 000,607,228 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.28 08:35:20 | 000,131,678 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.28 08:35:20 | 000,108,604 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.28 08:28:25 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.03.28 08:27:59 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.28 08:27:59 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.28 08:27:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.27 17:17:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.03.27 16:26:43 | 003,790,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.03.27 15:16:10 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\Free Registry Cleaner for Vista.lnk [2012.03.15 16:12:32 | 000,001,710 | ---- | M] () -- C:\Users\utti\Desktop\Spotify.lnk [2012.03.10 23:06:34 | 000,088,576 | ---- | M] () -- C:\Users\utti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Files Created - No Company Name ========== [2012.03.27 17:05:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.03.27 17:05:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.03.27 17:05:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.03.27 17:05:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.03.27 17:05:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.03.27 15:16:10 | 000,000,881 | ---- | C] () -- C:\Users\Public\Desktop\Free Registry Cleaner for Vista.lnk [2012.03.15 16:12:32 | 000,001,710 | ---- | C] () -- C:\Users\utti\Desktop\Spotify.lnk [2012.03.15 16:12:32 | 000,001,696 | ---- | C] () -- C:\Users\utti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2011.11.18 20:55:15 | 000,000,072 | ---- | C] () -- C:\Users\utti\AppData\Roaming\blckdom.res [2011.09.17 15:13:45 | 000,000,054 | ---- | C] () -- C:\Windows\Player.INI [2010.12.17 16:09:17 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.11.19 15:53:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== LOP Check ========== [2010.09.02 15:30:45 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\AnvSoft [2012.03.20 15:43:20 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\Audacity [2007.09.19 18:36:47 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\Azureus [2007.11.09 19:24:04 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\BullGuard [2011.02.23 17:57:45 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\Canneverbe Limited [2010.12.16 11:26:23 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010.06.21 19:30:30 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\Downloaded Installations [2012.01.08 16:40:49 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\DVDVideoSoft [2010.12.18 15:45:28 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.19 08:29:44 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\elsterformular [2010.12.17 17:20:28 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\GetRightToGo [2010.01.24 22:01:42 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\GrabPro [2012.01.01 19:34:38 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\Guitar Pro 6 [2007.10.22 18:40:28 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\InterVideo [2011.11.02 10:44:17 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\KastorFreeVimeoDownloader [2010.03.17 08:32:51 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\Lexware [2011.02.17 13:33:54 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\LimeWire [2007.11.02 18:10:37 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\MAGIX [2010.03.30 16:36:28 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\MyPhoneExplorer [2010.06.21 19:42:55 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\Nitro PDF [2010.01.24 22:32:40 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\Orbit [2007.11.06 22:48:18 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\PPMate [2008.02.09 16:59:36 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\ppStream [2010.09.08 00:54:03 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\Smart PC Solutions [2010.06.21 18:41:42 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\Smart PDF Converter [2010.04.21 08:26:16 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\Software4u [2012.03.28 08:29:22 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\Spotify [2012.03.26 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\TeamViewer [2011.11.22 23:52:33 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\TuneUp Software [2007.09.06 13:50:20 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\Ulead Systems [2010.07.01 15:17:28 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\Uniblue [2011.12.12 19:53:07 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\webex [2011.08.12 10:30:11 | 000,000,000 | ---D | M] -- C:\Users\utti\AppData\Roaming\WordToPDF [2012.03.27 22:56:20 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.03.27 17:19:58 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011.09.09 09:04:50 | 000,000,000 | ---D | M] -- C:\Boot [2012.03.27 17:24:51 | 000,000,000 | ---D | M] -- C:\ComboFix [2010.09.02 11:38:07 | 000,000,000 | ---D | M] -- C:\divx [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2007.09.06 13:42:54 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.09.21 23:37:17 | 000,000,000 | ---D | M] -- C:\downloads [2009.07.20 11:57:25 | 000,000,000 | ---D | M] -- C:\ElsterFormular [2008.02.14 15:55:50 | 000,000,000 | ---D | M] -- C:\found.000 [2010.12.16 17:52:12 | 000,000,000 | ---D | M] -- C:\ik [2007.09.19 13:34:06 | 000,000,000 | ---D | M] -- C:\Intel [2007.06.20 14:01:26 | 000,000,000 | R--D | M] -- C:\MSOCache [2008.03.04 10:18:23 | 000,000,000 | ---D | M] -- C:\NVIDIA [2008.05.25 21:45:33 | 000,000,000 | ---D | M] -- C:\PerfLogs [2008.02.17 19:20:13 | 000,000,000 | ---D | M] -- C:\ppmaterecord [2012.03.27 17:16:33 | 000,000,000 | ---D | M] -- C:\Program Files [2012.01.01 19:33:47 | 000,000,000 | ---D | M] -- C:\ProgramData [2007.09.06 13:42:54 | 000,000,000 | -HSD | M] -- C:\Programme [2012.03.27 17:20:53 | 000,000,000 | ---D | M] -- C:\Qoobox [2012.03.28 10:02:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.11.22 14:58:49 | 000,000,000 | ---D | M] -- C:\TDSS [2011.09.22 10:18:32 | 000,000,000 | ---D | M] -- C:\TEMP [2007.11.12 18:59:11 | 000,000,000 | R--D | M] -- C:\Users [2012.03.28 08:28:00 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2007.04.17 10:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys [2007.04.17 10:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys [2008.02.13 23:17:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.02.13 23:17:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.02.13 23:17:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys [2008.02.13 23:17:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2007.11.15 08:23:40 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2007.11.15 08:23:40 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2006.10.31 14:13:46 | 000,495,896 | ---- | M] (Intel Corporation) MD5=81EC16AFD70E3432B8C573782CCFEE6D -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys [2006.10.31 13:46:36 | 000,250,368 | ---- | M] (Intel Corporation) MD5=DE01BF14FFB150C779FD561BD0E3C5C5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys [2006.10.31 13:46:36 | 000,250,368 | ---- | M] (Intel Corporation) MD5=DE01BF14FFB150C779FD561BD0E3C5C5 -- C:\Windows\System32\drivers\iaStor.sys [2006.10.31 13:46:36 | 000,250,368 | ---- | M] (Intel Corporation) MD5=DE01BF14FFB150C779FD561BD0E3C5C5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3bb7bc45\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.06.19 15:33:29 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll [2007.06.19 15:33:29 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2010.01.18 14:53:37 | 021,603,248 | ---- | M] (DivX, Inc.) -- C:\Users\utti\DivXInstaller721.exe [2012.03.28 10:12:16 | 005,242,880 | -HS- | M] () -- C:\Users\utti\ntuser.dat [2012.03.28 10:12:16 | 000,262,144 | -H-- | M] () -- C:\Users\utti\ntuser.dat.LOG1 [2007.09.06 13:49:13 | 000,000,000 | -H-- | M] () -- C:\Users\utti\ntuser.dat.LOG2 [2012.03.27 22:56:06 | 000,065,536 | -HS- | M] () -- C:\Users\utti\ntuser.dat{bac38a7b-e4f5-11e0-ab65-0016d38414e9}.TM.blf [2012.03.27 22:56:06 | 000,524,288 | -HS- | M] () -- C:\Users\utti\ntuser.dat{bac38a7b-e4f5-11e0-ab65-0016d38414e9}.TMContainer00000000000000000001.regtrans-ms [2011.09.22 14:35:41 | 000,524,288 | -HS- | M] () -- C:\Users\utti\ntuser.dat{bac38a7b-e4f5-11e0-ab65-0016d38414e9}.TMContainer00000000000000000002.regtrans-ms [2012.01.03 19:29:37 | 000,000,020 | -HS- | M] () -- C:\Users\utti\ntuser.ini [2010.07.16 14:45:56 | 015,281,667 | ---- | M] (EffectMatrix Inc. ) -- C:\Users\utti\tvc_3.61.exe < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < End of report > |
|
28.03.2012, 11:49
| #4 |
| /// Malware-holic | Dieser Verbindung wird nicht vetraut wenn du hier hilfe willst, tu genau das was hier steht, sonst kann ich mir sämmtliche anweisungen sparen. wo ist das combofix log
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.03.2012, 14:56
| #5 |
| | Dieser Verbindung wird nicht vetraut combofix.txtCombofix Logfile: Code:
ATTFilter ComboFix 12-03-26.02 - utti 28.03.2012 15:36:19.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2037.787 [GMT 2:00]
ausgeführt von:: c:\users\utti\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-28 bis 2012-03-28 ))))))))))))))))))))))))))))))
.
.
2012-03-28 13:45 . 2012-03-28 13:45 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-27 06:08 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5EE82963-78EB-4837-972D-0E0BD6917028}\mpengine.dll
2012-03-26 15:25 . 2012-03-26 15:25 -------- d-----w- c:\users\utti\AppData\Roaming\TeamViewer
2012-03-20 05:33 . 2012-03-20 05:33 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-20 05:33 . 2012-03-20 05:33 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-15 14:12 . 2012-03-27 08:33 -------- d-----w- c:\users\utti\AppData\Local\Spotify
2012-03-15 14:12 . 2012-03-28 13:08 -------- d-----w- c:\users\utti\AppData\Roaming\Spotify
2012-03-14 11:57 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 11:57 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 11:57 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 11:57 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 11:57 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 11:57 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 11:57 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-03-14 11:57 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 11:57 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-10 21:03 . 2012-03-10 21:03 -------- d-----w- c:\program files\Common Files\MainConcept
2012-03-10 21:03 . 2012-03-10 21:03 -------- d-----w- c:\program files\MainConcept
2012-03-10 21:03 . 2012-03-10 21:09 -------- d-----w- c:\program files\PosiCom Capture
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2009-10-03 04:17 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 13:43 . 2011-10-17 04:55 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-16 06:26 . 2011-05-17 19:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-20 05:33 . 2011-09-09 05:03 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Spotify"="c:\users\utti\AppData\Roaming\Spotify\Spotify.exe" [2012-03-15 4011184]
"renovator"="c:\users\utti\AppData\Roaming\Macromedia\{595E76B8-D53C-4A09-9007-FFA33FA8BE30}\renovator.exe" [2012-03-26 261632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-15 857648]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-11-15 151552]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-12-14 192512]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-11-09 86016]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-10 36864]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2010-09-15 339312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2008-11-27 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-08-20 19:45 1164584 ----a-w- c:\program files\divx\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 15:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexwareInfoService]
2010-09-15 08:11 339312 ----a-w- c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-27 05:57]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-27 05:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.comdirect.de/
uInternet Settings,ProxyServer = 192.168.2.1:80
IE: Free YouTube to Mp3 Converter - c:\users\utti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
TCP: DhcpNameServer = 192.168.2.1
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
FF - ProfilePath - c:\users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comdirect.de/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-03-28 15:45
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\program files\Launch Manager\CtrlVol.exe??????0b?????h?A???b?ze2w????????????0???$???????d?????,w?????????s2w?s2w????h?A?h?A?Cb?v????4???F?mv??b?????`?A?t???? A???b?????? A?y??1Cb?v|????????a@?H??????????? ?A??C?1????? A???@?h?A??x@?h?A????1??@?x?A????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000042
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-03-28 15:48:55
ComboFix-quarantined-files.txt 2012-03-28 13:48
.
Vor Suchlauf: 18 Verzeichnis(se), 11.363.221.504 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 11.340.242.944 Bytes frei
.
- - End Of File - - 6D35457C75C41368E13752A3683000A6
|
|
28.03.2012, 14:59
| #6 |
| /// Malware-holic | Dieser Verbindung wird nicht vetraut tdss killer nutzen, log posten http://www.trojaner-board.de/82358-t...entfernen.html
__________________ --> Dieser Verbindung wird nicht vetraut |
|
28.03.2012, 15:11
| #7 |
| | Dieser Verbindung wird nicht vetraut No threats found bei tdss killer. Der Report lässt sich nicht kopieren. |
|
28.03.2012, 18:41
| #8 |
| /// Malware-holic | Dieser Verbindung wird nicht vetraut auf c: die tdsskiller-version-datum.txt öffnen und kopieren.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.03.2012, 18:56
| #9 |
| | Dieser Verbindung wird nicht vetraut 16:02:35.0042 5632 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18 16:02:35.0181 5632 ============================================================ 16:02:35.0181 5632 Current date / time: 2012/03/28 16:02:35.0181 16:02:35.0181 5632 SystemInfo: 16:02:35.0181 5632 16:02:35.0181 5632 OS Version: 6.0.6002 ServicePack: 2.0 16:02:35.0181 5632 Product type: Workstation 16:02:35.0181 5632 ComputerName: UTTI-PC 16:02:35.0182 5632 UserName: utti 16:02:35.0182 5632 Windows directory: C:\Windows 16:02:35.0182 5632 System windows directory: C:\Windows 16:02:35.0182 5632 Processor architecture: Intel x86 16:02:35.0182 5632 Number of processors: 2 16:02:35.0182 5632 Page size: 0x1000 16:02:35.0182 5632 Boot type: Normal boot 16:02:35.0182 5632 ============================================================ 16:02:36.0011 5632 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 16:02:36.0014 5632 \Device\Harddisk0\DR0: 16:02:36.0014 5632 MBR used 16:02:36.0043 5632 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xB, StartLBA 0xEDFE36D, BlocksNum 0x3C1A754 16:02:36.0043 5632 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xEDFE2EF 16:02:36.0114 5632 Initialize success 16:02:36.0114 5632 ============================================================ 16:02:46.0728 6016 ============================================================ 16:02:46.0728 6016 Scan started 16:02:46.0728 6016 Mode: Manual; 16:02:46.0728 6016 ============================================================ 16:02:48.0347 6016 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 16:02:48.0350 6016 ACPI - ok 16:02:48.0497 6016 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 16:02:48.0516 6016 adp94xx - ok 16:02:48.0602 6016 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 16:02:48.0618 6016 adpahci - ok 16:02:48.0690 6016 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 16:02:48.0701 6016 adpu160m - ok 16:02:48.0769 6016 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 16:02:48.0782 6016 adpu320 - ok 16:02:48.0893 6016 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 16:02:48.0902 6016 AeLookupSvc - ok 16:02:49.0031 6016 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 16:02:49.0050 6016 AFD - ok 16:02:49.0090 6016 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 16:02:49.0100 6016 aic78xx - ok 16:02:49.0154 6016 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe 16:02:49.0164 6016 ALG - ok 16:02:49.0212 6016 aliide (496eda16a127ac9a38bb285bef17dbb5) C:\Windows\system32\drivers\aliide.sys 16:02:49.0232 6016 aliide - ok 16:02:49.0309 6016 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 16:02:49.0320 6016 amdagp - ok 16:02:49.0348 6016 amdide (6f65f4147c54398d7280b18cebbed215) C:\Windows\system32\drivers\amdide.sys 16:02:49.0356 6016 amdide - ok 16:02:49.0393 6016 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 16:02:49.0401 6016 AmdK7 - ok 16:02:49.0432 6016 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 16:02:49.0443 6016 AmdK8 - ok 16:02:49.0556 6016 AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe 16:02:49.0570 6016 AntiVirSchedulerService - ok 16:02:49.0649 6016 AntiVirService (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe 16:02:49.0666 6016 AntiVirService - ok 16:02:49.0813 6016 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll 16:02:49.0814 6016 Appinfo - ok 16:02:49.0939 6016 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 16:02:49.0950 6016 Apple Mobile Device - ok 16:02:50.0071 6016 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 16:02:50.0082 6016 arc - ok 16:02:50.0146 6016 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 16:02:50.0155 6016 arcsas - ok 16:02:50.0222 6016 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 16:02:50.0231 6016 AsyncMac - ok 16:02:50.0290 6016 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 16:02:50.0299 6016 atapi - ok 16:02:50.0396 6016 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 16:02:50.0429 6016 AudioEndpointBuilder - ok 16:02:50.0462 6016 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 16:02:50.0466 6016 Audiosrv - ok 16:02:50.0512 6016 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys 16:02:50.0526 6016 avgntflt - ok 16:02:50.0591 6016 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys 16:02:50.0612 6016 avipbb - ok 16:02:50.0678 6016 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys 16:02:50.0689 6016 avkmgr - ok 16:02:50.0772 6016 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 16:02:50.0779 6016 Beep - ok 16:02:50.0879 6016 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll 16:02:50.0899 6016 BFE - ok 16:02:50.0993 6016 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll 16:02:51.0021 6016 BITS - ok 16:02:51.0072 6016 blbdrive - ok 16:02:51.0137 6016 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 16:02:51.0147 6016 bowser - ok 16:02:51.0217 6016 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 16:02:51.0222 6016 BrFiltLo - ok 16:02:51.0260 6016 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 16:02:51.0266 6016 BrFiltUp - ok 16:02:51.0334 6016 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll 16:02:51.0344 6016 Browser - ok 16:02:51.0392 6016 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 16:02:51.0405 6016 Brserid - ok 16:02:51.0456 6016 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 16:02:51.0464 6016 BrSerWdm - ok 16:02:51.0510 6016 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 16:02:51.0515 6016 BrUsbMdm - ok 16:02:51.0561 6016 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 16:02:51.0567 6016 BrUsbSer - ok 16:02:51.0616 6016 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 16:02:51.0623 6016 BTHMODEM - ok 16:02:51.0739 6016 catchme - ok 16:02:51.0821 6016 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 16:02:51.0835 6016 cdfs - ok 16:02:51.0937 6016 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 16:02:51.0946 6016 cdrom - ok 16:02:52.0012 6016 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 16:02:52.0020 6016 CertPropSvc - ok 16:02:52.0055 6016 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 16:02:52.0063 6016 circlass - ok 16:02:52.0123 6016 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 16:02:52.0139 6016 CLFS - ok 16:02:52.0219 6016 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:02:52.0239 6016 clr_optimization_v2.0.50727_32 - ok 16:02:52.0358 6016 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 16:02:52.0404 6016 clr_optimization_v4.0.30319_32 - ok 16:02:52.0502 6016 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 16:02:52.0509 6016 CmBatt - ok 16:02:52.0558 6016 cmdide (59172a0724f2ab769f31d61b0571d75b) C:\Windows\system32\drivers\cmdide.sys 16:02:52.0574 6016 cmdide - ok 16:02:52.0590 6016 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 16:02:52.0607 6016 Compbatt - ok 16:02:52.0623 6016 COMSysApp - ok 16:02:52.0741 6016 ContentMgrService (65425fec0f381d753c176b2b330d9f81) C:\Program Files\Videoload Manager\ContentManager.exe 16:02:52.0782 6016 ContentMgrService - ok 16:02:52.0812 6016 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 16:02:52.0833 6016 crcdisk - ok 16:02:52.0872 6016 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 16:02:52.0882 6016 Crusoe - ok 16:02:52.0961 6016 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll 16:02:52.0963 6016 CryptSvc - ok 16:02:53.0041 6016 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys 16:02:53.0047 6016 CVirtA - ok 16:02:53.0231 6016 CVPND (8b8b082010775093081debe9621bedf0) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe 16:02:53.0367 6016 CVPND - ok 16:02:53.0503 6016 CVPNDRVA (720482888c3778f26eeb83d286a6cdc3) C:\Windows\system32\Drivers\CVPNDRVA.sys 16:02:53.0558 6016 CVPNDRVA - ok 16:02:53.0682 6016 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 16:02:53.0700 6016 DcomLaunch - ok 16:02:53.0774 6016 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 16:02:53.0783 6016 DfsC - ok 16:02:53.0900 6016 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe 16:02:54.0033 6016 DFSR - ok 16:02:54.0133 6016 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll 16:02:54.0149 6016 Dhcp - ok 16:02:54.0244 6016 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 16:02:54.0260 6016 disk - ok 16:02:54.0350 6016 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\Windows\system32\DRIVERS\dne2000.sys 16:02:54.0352 6016 DNE - ok 16:02:54.0415 6016 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll 16:02:54.0425 6016 Dnscache - ok 16:02:54.0467 6016 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll 16:02:54.0482 6016 dot3svc - ok 16:02:54.0558 6016 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll 16:02:54.0571 6016 DPS - ok 16:02:54.0636 6016 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 16:02:54.0641 6016 drmkaud - ok 16:02:54.0703 6016 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 16:02:54.0716 6016 DXGKrnl - ok 16:02:54.0784 6016 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 16:02:54.0795 6016 E1G60 - ok 16:02:54.0874 6016 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll 16:02:54.0883 6016 EapHost - ok 16:02:54.0974 6016 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 16:02:54.0992 6016 Ecache - ok 16:02:55.0051 6016 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe 16:02:55.0069 6016 ehRecvr - ok 16:02:55.0103 6016 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe 16:02:55.0115 6016 ehSched - ok 16:02:55.0122 6016 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll 16:02:55.0123 6016 ehstart - ok 16:02:55.0212 6016 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 16:02:55.0227 6016 elxstor - ok 16:02:55.0286 6016 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll 16:02:55.0317 6016 EMDMgmt - ok 16:02:55.0409 6016 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll 16:02:55.0414 6016 EventSystem - ok 16:02:55.0464 6016 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 16:02:55.0475 6016 exfat - ok 16:02:55.0525 6016 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 16:02:55.0536 6016 fastfat - ok 16:02:55.0567 6016 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 16:02:55.0575 6016 fdc - ok 16:02:55.0630 6016 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll 16:02:55.0631 6016 fdPHost - ok 16:02:55.0653 6016 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll 16:02:55.0666 6016 FDResPub - ok 16:02:55.0732 6016 FETNDIS (b2b2c38e916184ff8523c7439ddd417f) C:\Windows\system32\DRIVERS\fetnd5.sys 16:02:55.0741 6016 FETNDIS - ok 16:02:55.0792 6016 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 16:02:55.0805 6016 FileInfo - ok 16:02:55.0853 6016 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 16:02:55.0870 6016 Filetrace - ok 16:02:56.0044 6016 FirebirdServerMAGIXInstance (167d24a045499ebef438f231976158df) C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe 16:02:56.0170 6016 FirebirdServerMAGIXInstance - ok 16:02:56.0210 6016 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 16:02:56.0217 6016 flpydisk - ok 16:02:56.0262 6016 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 16:02:56.0284 6016 FltMgr - ok 16:02:56.0408 6016 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll 16:02:56.0440 6016 FontCache - ok 16:02:56.0516 6016 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 16:02:56.0531 6016 FontCache3.0.0.0 - ok 16:02:56.0585 6016 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 16:02:56.0590 6016 Fs_Rec - ok 16:02:56.0625 6016 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 16:02:56.0635 6016 gagp30kx - ok 16:02:56.0687 6016 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 16:02:56.0694 6016 GEARAspiWDM - ok 16:02:56.0741 6016 GnabService (51b2d8629e1a0f463682f365d56325cb) c:\program files\common files\gnab\service\servicecontroller.exe 16:02:56.0750 6016 GnabService - ok 16:02:56.0841 6016 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll 16:02:56.0874 6016 gpsvc - ok 16:02:57.0075 6016 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 16:02:57.0077 6016 gupdate - ok 16:02:57.0090 6016 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 16:02:57.0092 6016 gupdatem - ok 16:02:57.0175 6016 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 16:02:57.0197 6016 gusvc - ok 16:02:57.0337 6016 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 16:02:57.0360 6016 HdAudAddService - ok 16:02:57.0462 6016 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 16:02:57.0472 6016 HDAudBus - ok 16:02:57.0511 6016 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 16:02:57.0518 6016 HidBth - ok 16:02:57.0547 6016 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 16:02:57.0557 6016 HidIr - ok 16:02:57.0598 6016 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll 16:02:57.0608 6016 hidserv - ok 16:02:57.0665 6016 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 16:02:57.0674 6016 HidUsb - ok 16:02:57.0737 6016 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll 16:02:57.0750 6016 hkmsvc - ok 16:02:57.0776 6016 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 16:02:57.0786 6016 HpCISSs - ok 16:02:57.0893 6016 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\Windows\system32\DRIVERS\HPZid412.sys 16:02:57.0902 6016 HPZid412 - ok 16:02:57.0950 6016 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\Windows\system32\DRIVERS\HPZipr12.sys 16:02:57.0958 6016 HPZipr12 - ok 16:02:58.0004 6016 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\Windows\system32\DRIVERS\HPZius12.sys 16:02:58.0011 6016 HPZius12 - ok 16:02:58.0097 6016 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 16:02:58.0121 6016 HTTP - ok 16:02:58.0174 6016 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 16:02:58.0184 6016 i2omp - ok 16:02:58.0269 6016 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 16:02:58.0286 6016 i8042prt - ok 16:02:58.0354 6016 IAANTMON (d72f2a013ada9e2dda417887a8dfd217) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe 16:02:58.0370 6016 IAANTMON - ok 16:02:58.0521 6016 ialm (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys 16:02:58.0624 6016 ialm - ok 16:02:58.0671 6016 iaStor (de01bf14ffb150c779fd561bd0e3c5c5) C:\Windows\system32\DRIVERS\iaStor.sys 16:02:58.0674 6016 iaStor - ok 16:02:58.0724 6016 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 16:02:58.0743 6016 iaStorV - ok 16:02:58.0888 6016 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 16:02:58.0902 6016 IDriverT - ok 16:02:58.0990 6016 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 16:02:59.0043 6016 idsvc - ok 16:02:59.0209 6016 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys 16:02:59.0226 6016 igfx - ok 16:02:59.0278 6016 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 16:02:59.0287 6016 iirsp - ok 16:02:59.0340 6016 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll 16:02:59.0370 6016 IKEEXT - ok 16:02:59.0467 6016 IntcAzAudAddService (aef2fa29204056b81bc4cbf30260dee1) C:\Windows\system32\drivers\RTKVHDA.sys 16:02:59.0568 6016 IntcAzAudAddService - ok 16:02:59.0734 6016 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 16:02:59.0742 6016 intelide - ok 16:02:59.0790 6016 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 16:02:59.0791 6016 intelppm - ok 16:02:59.0858 6016 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll 16:02:59.0870 6016 IPBusEnum - ok 16:02:59.0916 6016 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:02:59.0925 6016 IpFilterDriver - ok 16:02:59.0996 6016 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll 16:03:00.0013 6016 iphlpsvc - ok 16:03:00.0027 6016 IpInIp - ok 16:03:00.0086 6016 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 16:03:00.0098 6016 IPMIDRV - ok 16:03:00.0143 6016 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 16:03:00.0160 6016 IPNAT - ok 16:03:00.0281 6016 iPod Service (b84a28b3984185eda8867541af14cddb) C:\Program Files\iPod\bin\iPodService.exe 16:03:00.0304 6016 iPod Service - ok 16:03:00.0375 6016 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 16:03:00.0383 6016 IRENUM - ok 16:03:00.0429 6016 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 16:03:00.0443 6016 isapnp - ok 16:03:00.0518 6016 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 16:03:00.0521 6016 iScsiPrt - ok 16:03:00.0555 6016 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 16:03:00.0564 6016 iteatapi - ok 16:03:00.0598 6016 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 16:03:00.0629 6016 iteraid - ok 16:03:00.0708 6016 Iviaspi (5dce7eed60bae992bab7f5ff1ce60641) C:\Windows\system32\drivers\iviaspi.sys 16:03:00.0716 6016 Iviaspi - ok 16:03:00.0803 6016 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe 16:03:00.0815 6016 IviRegMgr - ok 16:03:00.0870 6016 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 16:03:00.0878 6016 kbdclass - ok 16:03:00.0901 6016 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys 16:03:00.0907 6016 kbdhid - ok 16:03:00.0948 6016 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 16:03:00.0954 6016 KeyIso - ok 16:03:00.0993 6016 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys 16:03:01.0018 6016 KSecDD - ok 16:03:01.0090 6016 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll 16:03:01.0098 6016 KtmRm - ok 16:03:01.0180 6016 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll 16:03:01.0196 6016 LanmanServer - ok 16:03:01.0241 6016 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll 16:03:01.0255 6016 LanmanWorkstation - ok 16:03:01.0347 6016 LightScribeService (6e5dac168d1ff9843e84a59d51d31107) C:\Program Files\Common Files\LightScribe\LSSrvc.exe 16:03:01.0358 6016 LightScribeService - ok 16:03:01.0424 6016 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 16:03:01.0432 6016 lltdio - ok 16:03:01.0486 6016 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll 16:03:01.0502 6016 lltdsvc - ok 16:03:01.0535 6016 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll 16:03:01.0543 6016 lmhosts - ok 16:03:01.0582 6016 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 16:03:01.0591 6016 LSI_FC - ok 16:03:01.0619 6016 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 16:03:01.0630 6016 LSI_SAS - ok 16:03:01.0662 6016 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 16:03:01.0672 6016 LSI_SCSI - ok 16:03:01.0759 6016 LTXMD_VAC (834098ee53663043e94f51d8b8e2cb0e) C:\Windows\system32\drivers\lmvac.sys 16:03:01.0767 6016 LTXMD_VAC - ok 16:03:01.0822 6016 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 16:03:01.0828 6016 luafv - ok 16:03:01.0869 6016 mailKmd - ok 16:03:01.0921 6016 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll 16:03:01.0935 6016 Mcx2Svc - ok 16:03:01.0995 6016 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 16:03:02.0004 6016 megasas - ok 16:03:02.0096 6016 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 16:03:02.0107 6016 Microsoft Office Groove Audit Service - ok 16:03:02.0173 6016 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 16:03:02.0182 6016 MMCSS - ok 16:03:02.0222 6016 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 16:03:02.0223 6016 Modem - ok 16:03:02.0282 6016 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 16:03:02.0283 6016 monitor - ok 16:03:02.0340 6016 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 16:03:02.0348 6016 mouclass - ok 16:03:02.0370 6016 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 16:03:02.0376 6016 mouhid - ok 16:03:02.0426 6016 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 16:03:02.0436 6016 MountMgr - ok 16:03:02.0471 6016 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 16:03:02.0483 6016 mpio - ok 16:03:02.0528 6016 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 16:03:02.0536 6016 mpsdrv - ok 16:03:02.0587 6016 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll 16:03:02.0619 6016 MpsSvc - ok 16:03:02.0672 6016 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 16:03:02.0679 6016 Mraid35x - ok 16:03:02.0725 6016 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 16:03:02.0738 6016 MRxDAV - ok 16:03:02.0788 6016 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 16:03:02.0803 6016 mrxsmb - ok 16:03:02.0871 6016 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:03:02.0886 6016 mrxsmb10 - ok 16:03:02.0911 6016 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:03:02.0920 6016 mrxsmb20 - ok 16:03:02.0957 6016 msahci (86068b8b54a5eb092f51657f00b2222a) C:\Windows\system32\drivers\msahci.sys 16:03:02.0964 6016 msahci - ok 16:03:02.0990 6016 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 16:03:03.0001 6016 msdsm - ok 16:03:03.0068 6016 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe 16:03:03.0082 6016 MSDTC - ok 16:03:03.0137 6016 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 16:03:03.0144 6016 Msfs - ok 16:03:03.0176 6016 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 16:03:03.0185 6016 msisadrv - ok 16:03:03.0224 6016 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll 16:03:03.0237 6016 MSiSCSI - ok 16:03:03.0282 6016 msiserver - ok 16:03:03.0365 6016 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 16:03:03.0370 6016 MSKSSRV - ok 16:03:03.0439 6016 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 16:03:03.0444 6016 MSPCLOCK - ok 16:03:03.0497 6016 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 16:03:03.0502 6016 MSPQM - ok 16:03:03.0549 6016 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 16:03:03.0563 6016 MsRPC - ok 16:03:03.0609 6016 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 16:03:03.0610 6016 mssmbios - ok 16:03:03.0648 6016 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 16:03:03.0653 6016 MSTEE - ok 16:03:03.0686 6016 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 16:03:03.0697 6016 Mup - ok 16:03:03.0793 6016 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll 16:03:03.0801 6016 napagent - ok 16:03:03.0874 6016 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 16:03:03.0891 6016 NativeWifiP - ok 16:03:04.0043 6016 NBService (9576cc8e84f7ceda9189cdda1cfd4bc1) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe 16:03:04.0088 6016 NBService - ok 16:03:04.0198 6016 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 16:03:04.0205 6016 NDIS - ok 16:03:04.0263 6016 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 16:03:04.0271 6016 NdisTapi - ok 16:03:04.0327 6016 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 16:03:04.0333 6016 Ndisuio - ok 16:03:04.0386 6016 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 16:03:04.0399 6016 NdisWan - ok 16:03:04.0463 6016 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 16:03:04.0471 6016 NDProxy - ok 16:03:04.0557 6016 Netaapl (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys 16:03:04.0564 6016 Netaapl - ok 16:03:04.0624 6016 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 16:03:04.0633 6016 NetBIOS - ok 16:03:04.0700 6016 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 16:03:04.0717 6016 netbt - ok 16:03:04.0769 6016 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 16:03:04.0772 6016 Netlogon - ok 16:03:04.0834 6016 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll 16:03:04.0867 6016 Netman - ok 16:03:04.0921 6016 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll 16:03:04.0928 6016 netprofm - ok 16:03:05.0013 6016 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 16:03:05.0035 6016 NetTcpPortSharing - ok 16:03:05.0112 6016 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 16:03:05.0131 6016 nfrd960 - ok 16:03:05.0170 6016 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll 16:03:05.0178 6016 NlaSvc - ok 16:03:05.0253 6016 nlsX86cc (74cf12844fec630a7db1971a7c74e4e1) C:\Windows\system32\NLSSRV32.EXE 16:03:05.0274 6016 nlsX86cc - ok 16:03:05.0454 6016 NMIndexingService (c4ebbbd7165be535f0bfd06b80601d91) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe 16:03:05.0479 6016 NMIndexingService - ok 16:03:05.0580 6016 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 16:03:05.0587 6016 Npfs - ok 16:03:05.0642 6016 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll 16:03:05.0651 6016 nsi - ok 16:03:05.0717 6016 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 16:03:05.0723 6016 nsiproxy - ok 16:03:05.0839 6016 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 16:03:05.0944 6016 Ntfs - ok 16:03:05.0992 6016 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 16:03:06.0002 6016 ntrigdigi - ok 16:03:06.0056 6016 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 16:03:06.0062 6016 Null - ok 16:03:06.0118 6016 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 16:03:06.0132 6016 nvraid - ok 16:03:06.0158 6016 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 16:03:06.0167 6016 nvstor - ok 16:03:06.0193 6016 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 16:03:06.0205 6016 nv_agp - ok 16:03:06.0220 6016 NwlnkFlt - ok 16:03:06.0242 6016 NwlnkFwd - ok 16:03:06.0324 6016 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 16:03:06.0356 6016 odserv - ok 16:03:06.0431 6016 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 16:03:06.0432 6016 ohci1394 - ok 16:03:06.0495 6016 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 16:03:06.0511 6016 ose - ok 16:03:06.0567 6016 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 16:03:06.0599 6016 p2pimsvc - ok 16:03:06.0616 6016 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 16:03:06.0625 6016 p2psvc - ok 16:03:06.0668 6016 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys 16:03:06.0678 6016 Parport - ok 16:03:06.0716 6016 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 16:03:06.0728 6016 partmgr - ok 16:03:06.0759 6016 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys 16:03:06.0764 6016 Parvdm - ok 16:03:06.0809 6016 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll 16:03:06.0821 6016 PcaSvc - ok 16:03:06.0893 6016 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 16:03:06.0907 6016 pci - ok 16:03:06.0954 6016 pciide (304048c2565a803d091cca1ac945f593) C:\Windows\system32\drivers\pciide.sys 16:03:06.0962 6016 pciide - ok 16:03:06.0996 6016 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 16:03:07.0013 6016 pcmcia - ok 16:03:07.0100 6016 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 16:03:07.0151 6016 PEAUTH - ok 16:03:07.0274 6016 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll 16:03:07.0338 6016 pla - ok 16:03:07.0392 6016 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll 16:03:07.0414 6016 PlugPlay - ok 16:03:07.0479 6016 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 16:03:07.0487 6016 PNRPAutoReg - ok 16:03:07.0523 6016 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 16:03:07.0531 6016 PNRPsvc - ok 16:03:07.0572 6016 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll 16:03:07.0591 6016 PolicyAgent - ok 16:03:07.0655 6016 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 16:03:07.0663 6016 PptpMiniport - ok 16:03:07.0702 6016 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 16:03:07.0710 6016 Processor - ok 16:03:07.0744 6016 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll 16:03:07.0748 6016 ProfSvc - ok 16:03:07.0790 6016 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 16:03:07.0792 6016 ProtectedStorage - ok 16:03:07.0852 6016 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 16:03:07.0865 6016 PSched - ok 16:03:07.0950 6016 PSSDK42 (c8eb36910d3bd582891977e80925e21e) C:\Windows\system32\Drivers\pssdk42.sys 16:03:07.0960 6016 PSSDK42 - ok 16:03:08.0017 6016 PSSDKLBF (0bec7b42f4093400509821c63f13f1d5) C:\Windows\system32\Drivers\pssdklbf.sys 16:03:08.0027 6016 PSSDKLBF - ok 16:03:08.0122 6016 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 16:03:08.0164 6016 ql2300 - ok 16:03:08.0204 6016 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 16:03:08.0216 6016 ql40xx - ok 16:03:08.0263 6016 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll 16:03:08.0288 6016 QWAVE - ok 16:03:08.0334 6016 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 16:03:08.0341 6016 QWAVEdrv - ok 16:03:08.0454 6016 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys 16:03:08.0567 6016 R300 - ok 16:03:08.0608 6016 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 16:03:08.0613 6016 RasAcd - ok 16:03:08.0685 6016 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll 16:03:08.0698 6016 RasAuto - ok 16:03:08.0750 6016 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 16:03:08.0760 6016 Rasl2tp - ok 16:03:08.0820 6016 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll 16:03:08.0840 6016 RasMan - ok 16:03:08.0883 6016 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 16:03:08.0889 6016 RasPppoe - ok 16:03:08.0932 6016 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 16:03:08.0941 6016 RasSstp - ok 16:03:08.0979 6016 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 16:03:08.0997 6016 rdbss - ok 16:03:09.0044 6016 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 16:03:09.0050 6016 RDPCDD - ok 16:03:09.0107 6016 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 16:03:09.0126 6016 rdpdr - ok 16:03:09.0143 6016 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 16:03:09.0149 6016 RDPENCDD - ok 16:03:09.0199 6016 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys 16:03:09.0212 6016 RDPWD - ok 16:03:09.0283 6016 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll 16:03:09.0294 6016 RemoteAccess - ok 16:03:09.0331 6016 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll 16:03:09.0344 6016 RemoteRegistry - ok 16:03:09.0414 6016 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys 16:03:09.0420 6016 rimmptsk - ok 16:03:09.0487 6016 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys 16:03:09.0496 6016 rimsptsk - ok 16:03:09.0559 6016 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys 16:03:09.0566 6016 rismxdp - ok 16:03:09.0592 6016 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe 16:03:09.0599 6016 RpcLocator - ok 16:03:09.0658 6016 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll 16:03:09.0668 6016 RpcSs - ok 16:03:09.0722 6016 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 16:03:09.0731 6016 rspndr - ok 16:03:09.0779 6016 RTL8169 (b8b159fa669c6386a458fcd468ebb1e6) C:\Windows\system32\DRIVERS\Rtlh86.sys 16:03:09.0788 6016 RTL8169 - ok 16:03:09.0859 6016 RTL8187B (0f2d736066656dee1c791087e0751e99) C:\Windows\system32\DRIVERS\RTL8187B.sys 16:03:09.0878 6016 RTL8187B - ok 16:03:09.0923 6016 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 16:03:09.0926 6016 SamSs - ok 16:03:09.0965 6016 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 16:03:09.0977 6016 sbp2port - ok 16:03:10.0026 6016 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll 16:03:10.0041 6016 SCardSvr - ok 16:03:10.0123 6016 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll 16:03:10.0173 6016 Schedule - ok 16:03:10.0207 6016 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 16:03:10.0209 6016 SCPolicySvc - ok 16:03:10.0281 6016 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 16:03:10.0293 6016 sdbus - ok 16:03:10.0348 6016 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll 16:03:10.0367 6016 SDRSVC - ok 16:03:10.0399 6016 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 16:03:10.0407 6016 secdrv - ok 16:03:10.0454 6016 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll 16:03:10.0467 6016 seclogon - ok 16:03:10.0500 6016 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll 16:03:10.0506 6016 SENS - ok 16:03:10.0532 6016 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys 16:03:10.0542 6016 Serenum - ok 16:03:10.0572 6016 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys 16:03:10.0586 6016 Serial - ok 16:03:10.0636 6016 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 16:03:10.0644 6016 sermouse - ok 16:03:10.0712 6016 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll 16:03:10.0718 6016 SessionEnv - ok 16:03:10.0771 6016 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 16:03:10.0779 6016 sffdisk - ok 16:03:10.0812 6016 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 16:03:10.0822 6016 sffp_mmc - ok 16:03:10.0848 6016 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 16:03:10.0856 6016 sffp_sd - ok 16:03:10.0890 6016 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 16:03:10.0898 6016 sfloppy - ok 16:03:10.0952 6016 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll 16:03:10.0987 6016 SharedAccess - ok 16:03:11.0064 6016 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll 16:03:11.0079 6016 ShellHWDetection - ok 16:03:11.0120 6016 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 16:03:11.0128 6016 SiSRaid2 - ok 16:03:11.0171 6016 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 16:03:11.0180 6016 SiSRaid4 - ok 16:03:11.0317 6016 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe 16:03:11.0467 6016 slsvc - ok 16:03:11.0538 6016 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll 16:03:11.0550 6016 SLUINotify - ok 16:03:11.0599 6016 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 16:03:11.0608 6016 Smb - ok 16:03:11.0723 6016 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys 16:03:11.0800 6016 smserial - ok 16:03:11.0863 6016 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe 16:03:11.0872 6016 SNMPTRAP - ok 16:03:12.0009 6016 SNP2UVC (53d1e2ecbf26b313ffdd2b8ba3d2f66e) C:\Windows\system32\DRIVERS\snp2uvc.sys 16:03:12.0126 6016 SNP2UVC - ok 16:03:12.0170 6016 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 16:03:12.0181 6016 spldr - ok 16:03:12.0256 6016 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe 16:03:12.0280 6016 Spooler - ok 16:03:12.0345 6016 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 16:03:12.0369 6016 srv - ok 16:03:12.0411 6016 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 16:03:12.0426 6016 srv2 - ok 16:03:12.0474 6016 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 16:03:12.0486 6016 srvnet - ok 16:03:12.0520 6016 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll 16:03:12.0525 6016 SSDPSRV - ok 16:03:12.0575 6016 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 16:03:12.0583 6016 ssmdrv - ok 16:03:12.0654 6016 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll 16:03:12.0668 6016 SstpSvc - ok 16:03:12.0724 6016 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll 16:03:12.0734 6016 stisvc - ok 16:03:12.0776 6016 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 16:03:12.0783 6016 swenum - ok 16:03:12.0850 6016 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll 16:03:12.0870 6016 swprv - ok 16:03:12.0914 6016 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 16:03:12.0922 6016 Symc8xx - ok 16:03:12.0956 6016 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 16:03:12.0964 6016 Sym_hi - ok 16:03:12.0997 6016 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 16:03:13.0006 6016 Sym_u3 - ok 16:03:13.0086 6016 SynTP (3196c5df63d5e86fc0041ae0c816b80f) C:\Windows\system32\DRIVERS\SynTP.sys 16:03:13.0100 6016 SynTP - ok 16:03:13.0168 6016 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll 16:03:13.0200 6016 SysMain - ok 16:03:13.0244 6016 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll 16:03:13.0258 6016 TabletInputService - ok 16:03:13.0306 6016 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll 16:03:13.0326 6016 TapiSrv - ok 16:03:13.0382 6016 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll 16:03:13.0386 6016 TBS - ok 16:03:13.0475 6016 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys 16:03:13.0525 6016 Tcpip - ok 16:03:13.0559 6016 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys 16:03:13.0567 6016 Tcpip6 - ok 16:03:13.0612 6016 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 16:03:13.0619 6016 tcpipreg - ok 16:03:13.0669 6016 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 16:03:13.0674 6016 TDPIPE - ok 16:03:13.0724 6016 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 16:03:13.0731 6016 TDTCP - ok 16:03:13.0773 6016 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 16:03:13.0782 6016 tdx - ok 16:03:13.0824 6016 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 16:03:13.0834 6016 TermDD - ok 16:03:13.0889 6016 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll 16:03:13.0921 6016 TermService - ok 16:03:13.0986 6016 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll 16:03:13.0992 6016 Themes - ok 16:03:14.0047 6016 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 16:03:14.0050 6016 THREADORDER - ok 16:03:14.0105 6016 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll 16:03:14.0117 6016 TrkWks - ok 16:03:14.0175 6016 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe 16:03:14.0176 6016 TrustedInstaller - ok 16:03:14.0238 6016 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 16:03:14.0246 6016 tssecsrv - ok 16:03:14.0290 6016 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 16:03:14.0297 6016 tunmp - ok 16:03:14.0360 6016 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 16:03:14.0367 6016 tunnel - ok 16:03:14.0410 6016 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\DRIVERS\uagp35.sys 16:03:14.0421 6016 uagp35 - ok 16:03:14.0460 6016 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 16:03:14.0474 6016 udfs - ok 16:03:14.0529 6016 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe 16:03:14.0542 6016 UI0Detect - ok 16:03:14.0628 6016 UleadBurningHelper (f13da74969897359a88f2a739f54a250) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe 16:03:14.0638 6016 UleadBurningHelper - ok 16:03:14.0682 6016 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 16:03:14.0692 6016 uliagpkx - ok 16:03:14.0743 6016 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 16:03:14.0756 6016 uliahci - ok 16:03:14.0797 6016 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 16:03:14.0808 6016 UlSata - ok 16:03:14.0835 6016 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 16:03:14.0848 6016 ulsata2 - ok 16:03:14.0892 6016 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 16:03:14.0900 6016 umbus - ok 16:03:14.0947 6016 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll 16:03:14.0968 6016 upnphost - ok 16:03:15.0035 6016 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys 16:03:15.0044 6016 USBAAPL - ok 16:03:15.0101 6016 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 16:03:15.0110 6016 usbccgp - ok 16:03:15.0136 6016 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 16:03:15.0151 6016 usbcir - ok 16:03:15.0226 6016 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 16:03:15.0234 6016 usbehci - ok 16:03:15.0265 6016 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 16:03:15.0287 6016 usbhub - ok 16:03:15.0314 6016 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 16:03:15.0321 6016 usbohci - ok 16:03:15.0376 6016 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 16:03:15.0383 6016 usbprint - ok 16:03:15.0409 6016 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:03:15.0420 6016 USBSTOR - ok 16:03:15.0469 6016 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 16:03:15.0477 6016 usbuhci - ok 16:03:15.0525 6016 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys 16:03:15.0539 6016 usbvideo - ok 16:03:15.0577 6016 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll 16:03:15.0592 6016 UxSms - ok 16:03:15.0652 6016 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe 16:03:15.0685 6016 vds - ok 16:03:15.0759 6016 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 16:03:15.0768 6016 vga - ok 16:03:15.0818 6016 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 16:03:15.0826 6016 VgaSave - ok 16:03:15.0851 6016 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 16:03:15.0873 6016 viaagp - ok 16:03:15.0903 6016 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 16:03:15.0914 6016 ViaC7 - ok 16:03:15.0994 6016 viaide (7aa7ec9a08dc2c39649c413b1a26e298) C:\Windows\system32\drivers\viaide.sys 16:03:16.0001 6016 viaide - ok 16:03:16.0074 6016 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 16:03:16.0084 6016 volmgr - ok 16:03:16.0149 6016 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 16:03:16.0168 6016 volmgrx - ok 16:03:16.0225 6016 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 16:03:16.0241 6016 volsnap - ok 16:03:16.0286 6016 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 16:03:16.0296 6016 vsmraid - ok 16:03:16.0361 6016 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe 16:03:16.0436 6016 VSS - ok 16:03:16.0494 6016 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll 16:03:16.0515 6016 W32Time - ok 16:03:16.0568 6016 w810bus (5e8b60606fc4173b69cdecd964f22d28) C:\Windows\system32\DRIVERS\w810bus.sys 16:03:16.0578 6016 w810bus - ok 16:03:16.0651 6016 w810mdfl (c0cc4f5a3c58b4c07ec4a82a5ae24714) C:\Windows\system32\DRIVERS\w810mdfl.sys 16:03:16.0657 6016 w810mdfl - ok 16:03:16.0699 6016 w810mdm (2aafeedc3bfe14419cbce7ceea59dd05) C:\Windows\system32\DRIVERS\w810mdm.sys 16:03:16.0710 6016 w810mdm - ok 16:03:16.0773 6016 w810mgmt (b0037db3f890d0ffcf7e35f356a435ec) C:\Windows\system32\DRIVERS\w810mgmt.sys 16:03:16.0784 6016 w810mgmt - ok 16:03:16.0832 6016 w810obex (bf609636068f17246f94b490c5812483) C:\Windows\system32\DRIVERS\w810obex.sys 16:03:16.0843 6016 w810obex - ok 16:03:16.0881 6016 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 16:03:16.0887 6016 WacomPen - ok 16:03:16.0937 6016 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 16:03:16.0946 6016 Wanarp - ok 16:03:16.0953 6016 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 16:03:16.0955 6016 Wanarpv6 - ok 16:03:17.0005 6016 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll 16:03:17.0035 6016 wcncsvc - ok 16:03:17.0079 6016 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll 16:03:17.0089 6016 WcsPlugInService - ok 16:03:17.0129 6016 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 16:03:17.0136 6016 Wd - ok 16:03:17.0189 6016 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 16:03:17.0214 6016 Wdf01000 - ok 16:03:17.0263 6016 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 16:03:17.0278 6016 WdiServiceHost - ok 16:03:17.0283 6016 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 16:03:17.0288 6016 WdiSystemHost - ok 16:03:17.0326 6016 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll 16:03:17.0339 6016 WebClient - ok 16:03:17.0385 6016 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll 16:03:17.0400 6016 Wecsvc - ok 16:03:17.0443 6016 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll 16:03:17.0456 6016 wercplsupport - ok 16:03:17.0499 6016 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll 16:03:17.0512 6016 WerSvc - ok 16:03:17.0596 6016 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll 16:03:17.0623 6016 WinDefend - ok 16:03:17.0639 6016 WinHttpAutoProxySvc - ok 16:03:17.0712 6016 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll 16:03:17.0726 6016 Winmgmt - ok 16:03:17.0818 6016 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll 16:03:17.0907 6016 WinRM - ok 16:03:17.0985 6016 WisLMSvc (b0e6faa0f0ead4772c545a3737efb47f) C:\Program Files\Launch Manager\WisLMSvc.exe 16:03:17.0987 6016 WisLMSvc - ok 16:03:18.0053 6016 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll 16:03:18.0107 6016 Wlansvc - ok 16:03:18.0187 6016 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 16:03:18.0187 6016 WmiAcpi - ok 16:03:18.0297 6016 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe 16:03:18.0313 6016 wmiApSrv - ok 16:03:18.0416 6016 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe 16:03:18.0555 6016 WMPNetworkSvc - ok 16:03:18.0588 6016 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll 16:03:18.0607 6016 WPCSvc - ok 16:03:18.0670 6016 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll 16:03:18.0684 6016 WPDBusEnum - ok 16:03:18.0751 6016 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 16:03:18.0760 6016 WpdUsb - ok 16:03:18.0899 6016 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 16:03:18.0944 6016 WPFFontCache_v0400 - ok 16:03:19.0000 6016 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 16:03:19.0005 6016 ws2ifsl - ok 16:03:19.0062 6016 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll 16:03:19.0067 6016 wscsvc - ok 16:03:19.0087 6016 WSearch - ok 16:03:19.0191 6016 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll 16:03:19.0245 6016 wuauserv - ok 16:03:19.0319 6016 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 16:03:19.0331 6016 WUDFRd - ok 16:03:19.0380 6016 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll 16:03:19.0396 6016 wudfsvc - ok 16:03:19.0478 6016 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 16:03:19.0520 6016 \Device\Harddisk0\DR0 - ok 16:03:19.0543 6016 Boot (0x1200) (32821b9f891b0d77d78d6aadb319ceb8) \Device\Harddisk0\DR0\Partition0 16:03:19.0544 6016 \Device\Harddisk0\DR0\Partition0 - ok 16:03:19.0553 6016 Boot (0x1200) (4b1d68fd8ca15ee4266c68622c739133) \Device\Harddisk0\DR0\Partition1 16:03:19.0555 6016 \Device\Harddisk0\DR0\Partition1 - ok 16:03:19.0557 6016 ============================================================ 16:03:19.0557 6016 Scan finished 16:03:19.0557 6016 ============================================================ 16:03:19.0583 5860 Detected object count: 0 16:03:19.0584 5860 Actual detected object count: 0 16:05:44.0014 5636 Deinitialize success |
|
28.03.2012, 18:59
| #10 |
| /// Malware-holic | Dieser Verbindung wird nicht vetraut sehr merkwürdig. kannst du auch mal prüfen ob dein systemdatum uhrzeit, jahreszahl etc, stimmt? lade mal bitte hitmanpro Home - SurfRight doppelklicken, settings, license, testlizenz aktivieren. dann scan, funde in quarantäne. log am ende als xml exportieren und hier posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.03.2012, 19:55
| #11 |
| | Dieser Verbindung wird nicht vetraut <?xml version="1.0"?> -<Log filesProcessed="30850" timeSpentInSecs="329" reboot="yes" date="2012-03-28T20:21:52" version="3.6.0.148" scan="Normal" computer="UTTI-PC">-<Item status="None" score="22.0" type="Suspicious"><File hash="9CB4BB2A1EC33BBF15682DD9257E34665E00D75DACF973175491A30096C8D145" path="C:\Program Files\Erotic-Lounge Manager\fluxDVDCustomClientUninst.exe"/>-<References><File path="C:\Users\utti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Erotic-Lounge Manager\Uninstall.lnk"/></References></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\madmax\AppData\Roaming\Mozilla\Firefox\Profiles\zhip3zj4.default\cookies.sqlite:ad.ad-srv.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\madmax\AppData\Roaming\Mozilla\Firefox\Profiles\zhip3zj4.default\cookies.sqlite:ad.boreus.de"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\madmax\AppData\Roaming\Mozilla\Firefox\Profiles\zhip3zj4.default\cookies.sqlite:ads.immobilienscout24.de"/></Item>-<Item status="Quarantiend" score="116.0" type="Malware" malwareName="Trojan">-<Scanners><Scanner name="Trojan.Agent.AUQO (Engine A)" id="G Data"/></Scanners><File hash="4AB80F558CDCB0EAC5ACBFD97DB5551134FA5C6A9BC10B051EC07BB00B5F8CE4" path="C:\Users\utti\AppData\Roaming\Macromedia\{595E76B8-D53C-4A09-9007-FFA33FA8BE30}\renovator.exe"/>-<Startup><Key path="HKU\S-1-5-21-977526049-4203851204-4170899763-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\renovator"/></Startup></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Microsoft\Windows\Cookies\BBRAONWH.txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Microsoft\Windows\Cookies\CKC1INIL.txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Microsoft\Windows\Cookies\P28CS35E.txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Microsoft\Windows\Cookies\R0YJ3MQZ.txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:ad.360yield.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:ad.ad-srv.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:ad.yieldmanager.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:ad.zanox.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:adbrite.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:ads.adk2.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:ads.creative-serving.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:adserver.gb5.motorpresse.de"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:adtech.de"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:advertising.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:adviva.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:apmebf.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:at.atwola.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:atdmt.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:bs.serving-sys.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:casalemedia.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:collective-media.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:de.sitestat.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:doubleclick.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:eas.apm.emediate.eu"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:emjcd.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:fastclick.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:getclicky.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:guj.122.2o7.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:invitemedia.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:media6degrees.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:mediaplex.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:revsci.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:ru4.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:serving-sys.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:smartadserver.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:specificclick.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:static.getclicky.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:statse.webtrendslive.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:track.adform.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:track.effiliation.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:tradedoubler.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:ww251.smartadserver.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:www.etracker.de"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:www.googleadservices.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:yadro.ru"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:yieldmanager.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\utti\AppData\Roaming\Mozilla\Firefox\Profiles\38rjua60.default\cookies.sqlite:zedo.com"/></Item>-<Item status="Quarantiend" score="103.0" type="Malware" malwareName="Malware">-<Scanners><Scanner name="Infected" id="DrWeb"/></Scanners><File hash="7BF464A7373404D7AB5562AEAF034FBAF0CADEFCA147DA10FFA870D97FA7C2AC" path="C:\Users\utti\Downloads\SoftonicDownloader_fuer_combofix.exe"/>-<References><Key path="HKU\S-1-5-21-977526049-4203851204-4170899763-1003\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\utti\Downloads\SoftonicDownloader_fuer_combofix.exe"/></References></Item>-<Item status="None" score="63.0" type="Suspicious"><File hash="46CF6455A102740DBE7D8876AD552222B03A2C0EEAA287F613F62897BF48F060" path="C:\Windows\system32\Olch2d32.dll"/></Item></Log> Datum, Uhrzeit in Ordnung |
|
29.03.2012, 11:55
| #12 |
| /// Malware-holic | Dieser Verbindung wird nicht vetraut wenn es nach hitman nicht besser geworden sind, sollte der pc neu aufgesetzt werden. 1. Datenrettung:
4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Dieser Verbindung wird nicht vetraut |
| error, explorer, fehler, fehlercode, firefox, folge, folgende, gen, heute, ide, interne, internet, internet explorer, log-in, meldung, probleme, security, seite, seiten, tiere, trusted, ungültiges, verbindung, verlangen, verwendet, website |
Linear-Darstellung
