Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.12.2012, 13:16   #1
Bene4
 
Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden! - Standard

Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden!



Hallo wurde von Windows Defender auf die Adware Win32/OpenCandy aufmerksam gemacht. Habe darauf hin einen Scan mit Malwarebytes durchgeführt und einen Eset Online Scan bei dem ein Threat gefunden wurde (HTML/Iframe.B.Gen virus)
Könnt ihr mir helfen diese beiden Sachen zu entfernen?

Hier der Malwarebytes Log

Code:
ATTFilter
 Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.14.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Jana :: JANA-PC [Administrator]

14.12.2012 09:18:33
mbam-log-2012-12-14 (09-18-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 333611
Laufzeit: 1 Stunde(n), 40 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

und hier der ESET Scan

Code:
ATTFilter
 ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=7ca51145c8de36468f85c8d5d7ded3e9
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-14 01:06:05
# local_time=2012-12-14 02:06:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 100 96942 101260849 88716 0
# compatibility_mode=5893 16776573 100 94 20705 107121556 0 0
# scanned=148821
# found=1
# cleaned=0
# scan_time=6433
C:\Users\Jana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CV9LCJIL\1market[1].htm	HTML/Iframe.B.Gen virus (unable to clean)	342D4D7AD82762DAC1A764078539A69010DDDF6A	I
         

Alt 14.12.2012, 13:30   #2
markusg
/// Malware-holic
 
Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden! - Standard

Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden!



Hi
und, bekommen wir auch noch das Ergebniss des Microsoft Scanners bitte?
sollte in den Details zu finden sein
__________________

__________________

Alt 16.12.2012, 12:38   #3
Bene4
 
Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden! - Standard

Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden!



hey, hab nochmal nen neuen scan mit dem defender gemacht und habe nach längerer Suche folgende Logs gefunden, hoffe einer von den beiden hilft euch weiter.

Code:
ATTFilter
 Protokollname: Microsoft-Windows-Windows Defender/Operational
Quelle:        Microsoft-Windows-Windows Defender
Datum:         16.12.2012 13:19:10
Ereignis-ID:   1006
Aufgabenkategorie:Keine
Ebene:         Warnung
Schlüsselwörter:
Benutzer:      SYSTEM
Computer:      Jana-PC
Beschreibung:
Bei der Windows Defender-Überprüfung wurde Spyware oder mögliche unerwünschte Software entdeckt.
 Weitere Informationen finden Sie hier:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/OpenCandy&threatid=159633
 	Name:Adware:Win32/OpenCandy
 	ID:159633
 	Schweregrad:Mittel
 	Kategorie:Adware
 	Gefundener Pfad:containerfile:C:\Users\Jana\AppData\Roaming\OpenCandy\OpenCandy_1F6356C6D0F046AB93D0A3BD80DBF5A3\DLMgr3WrapperUniBlue.exe;containerfile:C:\Users\Jana\AppData\Roaming\OpenCandy\OpenCandy_4A7764BD9DAA4183B31359CD845F65F9\DLMgr_3_1.6.87.exe;containerfile:C:\Users\Jana\Downloads\cdbxp_setup_4.3.8.2474.exe;file:C:\Users\Jana\AppData\Roaming\OpenCandy\1F6356C6D0F046AB93D0A3BD80DBF5A3\registrybooster21.exe;file:C:\Users\Jana\AppData\Roaming\OpenCandy\1F6356C6D0F046AB93D0A3BD80DBF5A3\registrybooster21Wrapped.exe;file:C:\Users\Jana\AppData\Roaming\OpenCandy\OpenCandy_1F6356C6D0F046AB93D0A3BD80DBF5A3\DLMgr3WrapperUniBlue.exe;file:C:\Users\Jana\AppData\Roaming\OpenCandy\OpenCandy_1F6356C6D0F046AB93D0A3BD80DBF5A3\DLMgr3WrapperUniBlue.exe->(nsis-3-OCSetupHlp.dll);file:C:\Users\Jana\AppData\Roaming\OpenCandy\OpenCandy_4A7764BD9DAA4183B31359CD845F65F9\DLMgr_3_1.6.87.exe;file:C:\Users\Jana\AppData\Roaming\OpenCandy\OpenCandy_4A7764BD9DAA4183B31359CD845F65F9\DLMgr_3_1.6.87.exe->(nsis-3-OCSetupHlp.dll);file:C:\Users\Jana\AppD
 	Feststellungstyp:Konkret
 	Feststellungsquelle:System
 	Status:Unbekannt
 	Benutzer:NT-AUTORITÄT\SYSTEM
 	Prozessname:
Ereignis-XML:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Windows Defender" Guid="{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}" />
    <EventID>1006</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2012-12-16T12:19:10.525413700Z" />
    <EventRecordID>391</EventRecordID>
    <Correlation />
    <Execution ProcessID="5748" ThreadID="6032" />
    <Channel>Microsoft-Windows-Windows Defender/Operational</Channel>
    <Computer>Jana-PC</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="Product Name">%%827</Data>
    <Data Name="Product Version">6.1.7600.16385</Data>
    <Data Name="Detection ID">{D08D2695-4F13-4FA7-BF7B-553470E18FDF}</Data>
    <Data Name="Detection Source Index">2</Data>
    <Data Name="Detection Source">%%820</Data>
    <Data Name="Unused">
    </Data>
    <Data Name="Process Name">
    </Data>
    <Data Name="Domain">NT-AUTORITÄT</Data>
    <Data Name="User">SYSTEM</Data>
    <Data Name="SID">S-1-5-18</Data>
    <Data Name="Threat Name">Adware:Win32/OpenCandy</Data>
    <Data Name="Threat ID">159633</Data>
    <Data Name="Severity ID">2</Data>
    <Data Name="Category ID">1</Data>
    <Data Name="FWLink">hxxp://go.microsoft.com/fwlink/?linkid=37020&amp;name=Adware:Win32/OpenCandy&amp;threatid=159633</Data>
    <Data Name="Path Found">containerfile:C:\Users\Jana\AppData\Roaming\OpenCandy\OpenCandy_1F6356C6D0F046AB93D0A3BD80DBF5A3\DLMgr3WrapperUniBlue.exe;containerfile:C:\Users\Jana\AppData\Roaming\OpenCandy\OpenCandy_4A7764BD9DAA4183B31359CD845F65F9\DLMgr_3_1.6.87.exe;containerfile:C:\Users\Jana\Downloads\cdbxp_setup_4.3.8.2474.exe;file:C:\Users\Jana\AppData\Roaming\OpenCandy\1F6356C6D0F046AB93D0A3BD80DBF5A3\registrybooster21.exe;file:C:\Users\Jana\AppData\Roaming\OpenCandy\1F6356C6D0F046AB93D0A3BD80DBF5A3\registrybooster21Wrapped.exe;file:C:\Users\Jana\AppData\Roaming\OpenCandy\OpenCandy_1F6356C6D0F046AB93D0A3BD80DBF5A3\DLMgr3WrapperUniBlue.exe;file:C:\Users\Jana\AppData\Roaming\OpenCandy\OpenCandy_1F6356C6D0F046AB93D0A3BD80DBF5A3\DLMgr3WrapperUniBlue.exe-&gt;(nsis-3-OCSetupHlp.dll);file:C:\Users\Jana\AppData\Roaming\OpenCandy\OpenCandy_4A7764BD9DAA4183B31359CD845F65F9\DLMgr_3_1.6.87.exe;file:C:\Users\Jana\AppData\Roaming\OpenCandy\OpenCandy_4A7764BD9DAA4183B31359CD845F65F9\DLMgr_3_1.6.87.exe-&gt;(nsis-3-OCSetupHlp.dll);file:C:\Users\Jana\AppD</Data>
    <Data Name="Unused2">
    </Data>
    <Data Name="Unused3">
    </Data>
    <Data Name="Execution Status Index">0</Data>
    <Data Name="Execution Status">%%812</Data>
    <Data Name="Detection Type Index">0</Data>
    <Data Name="Detection Type">%%822</Data>
    <Data Name="Unused4">
    </Data>
    <Data Name="Unused5">
    </Data>
    <Data Name="Severity Name">Mittel</Data>
    <Data Name="Category Name">Adware</Data>
  </EventData>
</Event>
         

Zweiter Log:

Code:
ATTFilter
 Protokollname: Microsoft-Windows-Windows Defender/Operational
Quelle:        Microsoft-Windows-Windows Defender
Datum:         16.12.2012 13:19:10
Ereignis-ID:   1001
Aufgabenkategorie:Keine
Ebene:         Informationen
Schlüsselwörter:
Benutzer:      SYSTEM
Computer:      Jana-PC
Beschreibung:
Die Windows Defender-Überprüfung wurde fertig gestellt.
 	Überprüfungs-ID:{50CF1AE1-6E80-44ED-8A57-C0269ED58911}
 	Überprüfungstyp:AntiSpyware
 	Überprüfungsparameter:Vollständiger Scan
 	Benutzer:Jana-PC\Jana
 	Überprüfungszeit:1:54:56
Ereignis-XML:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Windows Defender" Guid="{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}" />
    <EventID>1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2012-12-16T12:19:10.525413700Z" />
    <EventRecordID>392</EventRecordID>
    <Correlation />
    <Execution ProcessID="5748" ThreadID="6032" />
    <Channel>Microsoft-Windows-Windows Defender/Operational</Channel>
    <Computer>Jana-PC</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="Product Name">%%827</Data>
    <Data Name="Product Version">6.1.7600.16385</Data>
    <Data Name="Scan ID">{50CF1AE1-6E80-44ED-8A57-C0269ED58911}</Data>
    <Data Name="Scan Type Index">2</Data>
    <Data Name="Scan Type">%%801</Data>
    <Data Name="Scan Parameters Index">2</Data>
    <Data Name="Scan Parameters">%%805</Data>
    <Data Name="Domain">Jana-PC</Data>
    <Data Name="User">Jana</Data>
    <Data Name="SID">S-1-5-21-708478002-281803654-409329748-1000</Data>
    <Data Name="Scan Time Hours">1</Data>
    <Data Name="Scan Time Minutes">54</Data>
    <Data Name="Scan Time Seconds">56</Data>
  </EventData>
</Event>
         
__________________

Alt 16.12.2012, 16:21   #4
markusg
/// Malware-holic
 
Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden! - Standard

Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden!



Hi,
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.12.2012, 19:28   #5
Bene4
 
Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden! - Standard

Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden!



OTL.txt :

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 16.12.2012 20:09:37 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jana\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 72,16% Memory free
6,00 Gb Paging File | 4,99 Gb Available in Paging File | 83,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424,66 Gb Total Space | 332,48 Gb Free Space | 78,29% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 30,87 Gb Free Space | 77,19% Space Free | Partition Type: NTFS
 
Computer Name: JANA-PC | User Name: Jana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.16 20:06:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jana\Downloads\OTL.exe
PRC - [2012.12.13 11:28:33 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
PRC - [2012.10.04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.08.12 13:00:06 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.10 15:24:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.10 15:24:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.10 15:24:16 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.01.04 14:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2011.10.14 07:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe
PRC - [2011.10.14 07:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe
PRC - [2011.10.14 07:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe
PRC - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.09.21 13:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 13:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.07.30 21:30:00 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.07.30 21:29:00 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.07.19 12:59:02 | 002,482,176 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Programme\System Control Manager\MGSysCtrl.exe
PRC - [2010.06.08 16:19:14 | 001,481,320 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2009.11.02 13:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.07.09 14:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Programme\System Control Manager\MSIService.exe
PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.18 13:45:48 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
MOD - [2012.11.18 13:45:40 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012.11.18 13:45:06 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012.11.18 13:44:57 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012.11.18 13:44:34 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012.11.18 13:44:29 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012.11.18 13:44:28 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012.11.18 13:44:11 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2010.11.13 01:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.10.26 15:58:38 | 001,708,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3863.37734__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll
MOD - [2010.10.26 15:58:38 | 000,380,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3863.37611__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010.10.26 15:58:38 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3863.37668__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010.10.26 15:58:38 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3863.37632__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010.10.26 15:58:38 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Dashboard\2.0.3863.37736__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Dashboard.dll
MOD - [2010.10.26 15:58:38 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3863.37702__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2010.10.26 15:58:38 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.3863.37712__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.dll
MOD - [2010.10.26 15:58:38 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3863.37669__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010.10.26 15:58:38 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3863.37683__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010.10.26 15:58:38 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3863.37619__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010.10.26 15:58:38 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3863.37663__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010.10.26 15:58:38 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3863.37704__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010.10.26 15:58:38 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3863.37668__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010.10.26 15:58:38 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossFireX.Graphics.Dashboard\2.0.3863.37728__90ba9c70f846762e\CLI.Aspect.CrossFireX.Graphics.Dashboard.dll
MOD - [2010.10.26 15:58:38 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3863.37653__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010.10.26 15:58:38 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3863.37701__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2010.10.26 15:58:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3863.37626__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010.10.26 15:58:38 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Runtime\2.0.3863.37712__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Runtime.dll
MOD - [2010.10.26 15:58:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3863.37620__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010.10.26 15:58:38 | 000,013,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Runtime\2.0.3863.37736__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Runtime.dll
MOD - [2010.10.26 15:58:38 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3863.37734__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll
MOD - [2010.10.26 15:58:37 | 001,298,432 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3863.37730__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
MOD - [2010.10.26 15:58:37 | 000,856,064 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3863.37656__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010.10.26 15:58:37 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3863.37633__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010.10.26 15:58:37 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3863.37677__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010.10.26 15:58:37 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3863.37654__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010.10.26 15:58:37 | 000,376,832 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3863.37650__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2010.10.26 15:58:37 | 000,323,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3863.37662__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2010.10.26 15:58:37 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3863.37636__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2010.10.26 15:58:37 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.10.26 15:58:37 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3863.37632__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010.10.26 15:58:37 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3863.37655__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010.10.26 15:58:37 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3863.37660__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010.10.26 15:58:37 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3863.37654__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010.10.26 15:58:37 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3863.37655__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010.10.26 15:58:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3863.37660__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010.10.26 15:58:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3863.37636__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010.10.26 15:58:37 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3863.37662__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010.10.26 15:58:37 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3863.37600__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010.10.26 15:58:37 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3863.37602__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010.10.26 15:58:37 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3863.37605__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010.10.26 15:58:37 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010.10.26 15:58:37 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3863.37602__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010.10.26 15:58:37 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3863.37606__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010.10.26 15:58:37 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3863.37701__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010.10.26 15:58:37 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3863.37604__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010.10.26 15:58:37 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3863.37708__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010.10.26 15:58:37 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3863.37610__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010.10.26 15:58:37 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3863.37606__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010.10.26 15:58:36 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3863.37604__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010.10.26 15:58:36 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3863.37601__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010.10.26 15:58:36 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3863.37646__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010.10.26 15:58:36 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3863.37683__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010.10.26 15:58:36 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3863.37668__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010.10.26 15:58:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3863.37629__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010.10.26 15:58:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3863.37654__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010.10.26 15:58:36 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3863.37620__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010.10.26 15:58:36 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010.10.26 15:58:36 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3863.37702__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010.10.26 15:58:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3863.37663__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010.10.26 15:58:36 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3863.37620__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010.10.26 15:58:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3863.37697__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010.10.26 15:58:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3863.37677__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2010.10.26 15:58:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3863.37620__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010.10.26 15:58:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3863.37629__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010.10.26 15:58:36 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3863.37603__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010.10.26 15:58:36 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3863.37660__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010.10.26 15:58:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3863.37603__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010.10.26 15:58:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3863.37610__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010.10.26 15:58:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3863.37602__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010.10.26 15:58:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010.10.26 15:58:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.dll
MOD - [2010.10.26 15:58:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010.10.26 15:58:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3863.37626__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010.10.26 15:58:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3863.37619__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010.10.26 15:58:36 | 000,012,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3863.37677__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll
MOD - [2010.10.26 15:58:36 | 000,009,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3863.37703__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll
MOD - [2010.10.26 15:58:36 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3863.37602__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010.10.26 15:58:36 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3863.37610__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010.10.26 15:58:36 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3863.37606__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010.10.26 15:58:36 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3863.37605__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010.10.26 15:58:35 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3863.37616__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010.10.26 15:58:35 | 000,741,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3863.37728__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2010.10.26 15:58:35 | 000,577,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3863.37692__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2010.10.26 15:58:35 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3863.37625__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010.10.26 15:58:35 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3863.37697__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010.10.26 15:58:35 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3863.37695__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010.10.26 15:58:35 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3863.37608__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010.10.26 15:58:35 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3863.37609__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010.10.26 15:58:35 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3863.37605__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010.10.26 15:58:35 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3863.37709__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010.10.26 15:58:35 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3863.37605__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010.10.26 15:58:35 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3863.37614__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010.10.26 15:58:35 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3863.37603__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010.10.26 15:58:35 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010.10.26 15:58:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3863.37604__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010.10.26 15:58:35 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3863.37697__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010.10.26 15:58:35 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3863.37625__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010.10.26 15:58:35 | 000,010,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3863.37615__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010.10.26 15:58:35 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3863.37631__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010.10.26 15:58:35 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3863.37608__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010.10.26 15:58:35 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3863.37606__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010.10.26 15:58:34 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3863.37608__90ba9c70f846762e\APM.Server.dll
MOD - [2010.10.26 15:58:34 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3863.37607__90ba9c70f846762e\AEM.Server.dll
MOD - [2009.11.02 13:23:36 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 13:20:10 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.12.13 11:28:35 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.05.10 15:24:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.10 15:24:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.04 14:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2011.10.14 07:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011.10.14 07:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 13:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.07.30 21:29:00 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.09 14:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Programme\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.05.10 15:24:18 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.10 15:24:18 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011.10.01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011.10.01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011.10.01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011.09.16 15:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.09.01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.08.16 05:41:00 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010.07.30 23:40:00 | 005,552,640 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.07.30 20:56:00 | 000,176,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.05.26 16:59:52 | 000,136,304 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2010.04.29 04:43:00 | 000,030,464 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2010.04.01 09:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010.03.09 21:03:00 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.12.02 14:01:06 | 000,168,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009.10.08 15:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.13 23:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programme\Crawler\Toolbar\ctbr.dll (Crawler.com)
IE - HKCU\..\SearchScopes,DefaultScope = {3B46B3D6-FE7D-43E6-8A6C-19F97C43CA37}
IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60452
IE - HKCU\..\SearchScopes\{3B46B3D6-FE7D-43E6-8A6C-19F97C43CA37}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393DE411
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programme\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programme\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programme\Crawler\Toolbar\ctbr.dll (Crawler.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [PCSpeedUp] C:\Program Files\PC Beschleunigen\PCSpeedUp.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{135951BA-ECD3-423F-BA85-ACB7B4E98D4E}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programme\Crawler\Toolbar\ctbr.dll (Crawler.com)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk - C:\Programme\Secunia\PSI\psi_tray.exe - (Secunia)
MsConfig - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.14 14:20:15 | 000,000,000 | ---D | C] -- C:\Users\Jana\Desktop\Virenbekämpfung
[2012.12.14 12:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.12.14 09:16:21 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\Malwarebytes
[2012.12.14 09:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.14 09:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.14 09:16:08 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.14 09:16:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.12.13 11:35:41 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Local\WindowsUpdate
[2012.12.13 11:30:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.12.13 11:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.12.10 22:26:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012.12.09 16:00:58 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\OpenOffice.org
[2012.12.09 16:00:30 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012.12.09 15:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2012.12.09 15:57:16 | 000,000,000 | ---D | C] -- C:\Users\Jana\Desktop\OpenOffice.org 3.4.1 (de) Installation Files
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.16 20:13:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.16 20:12:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.16 20:08:23 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.16 20:08:23 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.16 20:02:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.16 20:00:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.16 20:00:43 | 2415,316,992 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.13 11:33:30 | 000,317,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.13 11:19:25 | 000,002,252 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.12.13 11:10:07 | 000,000,816 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.12.10 22:32:47 | 000,082,857 | ---- | M] () -- C:\Users\Jana\Desktop\Herzinsuffizienz.pdf
[2012.12.10 22:31:54 | 000,224,848 | ---- | M] () -- C:\Users\Jana\Documents\referat.xps
[2012.12.10 22:31:03 | 000,021,553 | ---- | M] () -- C:\Users\Jana\Desktop\Herzinsuffizienz.odt
[2012.12.09 16:00:30 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.13 11:28:36 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.13 11:10:07 | 000,000,816 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.12.10 22:32:45 | 000,082,857 | ---- | C] () -- C:\Users\Jana\Desktop\Herzinsuffizienz.pdf
[2012.12.10 22:31:52 | 000,224,848 | ---- | C] () -- C:\Users\Jana\Documents\referat.xps
[2012.12.09 19:33:46 | 000,021,553 | ---- | C] () -- C:\Users\Jana\Desktop\Herzinsuffizienz.odt
[2012.12.09 16:00:30 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2011.10.09 18:56:42 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.10.09 18:56:42 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.10.01 12:11:34 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.08.10 15:34:14 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Ashampoo
[2011.02.14 13:12:13 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\BullGuard
[2010.12.18 15:37:39 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Canneverbe Limited
[2010.12.18 15:47:03 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1
[2012.06.25 19:34:21 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\ICQ
[2011.10.09 11:48:21 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\OpenCandy
[2012.12.09 16:00:58 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\OpenOffice.org
[2011.09.05 19:13:17 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\ProtectDISC
[2012.12.09 21:34:55 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\SoftGrid Client
[2011.02.14 13:12:13 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Software Inspection Library
[2011.01.09 22:23:54 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\TP
[2010.12.20 23:19:51 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.12.18 17:32:57 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.12.16 20:26:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.12.14 12:16:31 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.14 09:16:09 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.12.16 20:26:38 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.12.16 20:26:38 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.12.16 20:11:15 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.12.16 20:30:02 | 000,000,000 | R--D | M] -- C:\Users
[2012.12.14 09:15:25 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
[2009.07.14 05:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2010.12.16 20:27:00 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010.12.16 20:27:01 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.12.13 11:28:36 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010.07.30 21:30:00 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012.12.16 20:13:10 | 002,097,152 | -HS- | M] () -- C:\Users\Jana\ntuser.dat
[2012.12.16 20:13:10 | 000,262,144 | -HS- | M] () -- C:\Users\Jana\ntuser.dat.LOG1
[2010.12.16 20:30:03 | 000,000,000 | -HS- | M] () -- C:\Users\Jana\ntuser.dat.LOG2
[2010.12.16 20:37:06 | 000,065,536 | -HS- | M] () -- C:\Users\Jana\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.12.16 20:37:05 | 000,524,288 | -HS- | M] () -- C:\Users\Jana\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.12.16 20:37:06 | 000,524,288 | -HS- | M] () -- C:\Users\Jana\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2011.03.23 20:12:56 | 000,065,536 | -HS- | M] () -- C:\Users\Jana\ntuser.dat{74bd4ef3-557c-11e0-a6b9-406186af320b}.TM.blf
[2011.03.23 20:12:56 | 000,524,288 | -HS- | M] () -- C:\Users\Jana\ntuser.dat{74bd4ef3-557c-11e0-a6b9-406186af320b}.TMContainer00000000000000000001.regtrans-ms
[2011.03.23 20:12:56 | 000,524,288 | -HS- | M] () -- C:\Users\Jana\ntuser.dat{74bd4ef3-557c-11e0-a6b9-406186af320b}.TMContainer00000000000000000002.regtrans-ms
[2010.12.16 20:30:03 | 000,000,020 | -HS- | M] () -- C:\Users\Jana\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---



Extras.txt:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 16.12.2012 20:09:37 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jana\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 72,16% Memory free
6,00 Gb Paging File | 4,99 Gb Available in Paging File | 83,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424,66 Gb Total Space | 332,48 Gb Free Space | 78,29% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 30,87 Gb Free Space | 77,19% Space Free | Partition Type: NTFS
 
Computer Name: JANA-PC | User Name: Jana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D6CE194-0645-4A63-836A-F91A40E390D5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0F7B411E-AC8B-470C-9C6D-48F34F4825E6}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{1CD79DF9-AC8B-4A0D-A297-E92156824FD9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1E1EC31C-EEDC-437D-B506-C16E3823A82A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{351F5236-E872-4D3F-932A-169E2E8586D1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3FB8ABF8-EC6F-4248-9C62-96B1006A159C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{423F9A24-F8B6-47A9-AFAD-B831C943044A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4914306A-230B-4106-A706-D8CB1DB7A217}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4DF1C278-CC14-4774-9751-7588F05BE392}" = lport=137 | protocol=17 | dir=in | app=system | 
"{50CD42F3-0EF8-4A6B-AE2F-7CA0EFB2D3A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5FCB4CA0-4234-4B05-8D98-451B081C133E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6121F529-688C-41FE-938B-B7550849903D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6143580E-3058-4523-9030-9DDE3802C068}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{68C52244-5C69-4F10-863F-99E97BF3238A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{767B55A6-230D-4A19-88B7-80B33A862EB1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{7B31E753-28D3-4761-9141-C6C05A4CA791}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8241324F-F441-4514-913B-1B67F89FEB61}" = lport=445 | protocol=6 | dir=in | app=system | 
"{947A350F-954F-4265-8CB9-AC957CF06DEE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9BC90078-1291-4C5A-8F01-21A0DDC37774}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AAA383F5-8D1A-457C-8C9F-AF79B7FEFAB9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B2F4212B-43C4-49FA-9520-857BF95F2C3A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B99AE337-76D4-47E9-B11A-F81D6BCB79A3}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CA194E91-D0D0-4297-9525-ADE3BE9B3FB5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DB0D51F8-0074-466E-90EC-834C47C5CB48}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{DB640436-E021-4F38-A740-AC3D8930CFA9}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2770F54A-1E69-423A-BE52-767927465819}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2DF59073-7682-464C-895D-750B61FC3FDF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3121CB5C-8167-45CB-A9A9-E5CEE6C7B533}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{327C36DF-86ED-4644-9DAC-F86264C4A99A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4561DB4B-9A31-4FE9-A835-F355E626F542}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{568D06AE-D575-4AC9-B8E9-684DD6D93E60}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{61E0FB1F-5983-4F5A-95E2-603D55A8F26A}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{6B3123D4-784B-485A-B21A-047A26F6F51A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6C059CCA-6CA1-45B9-B5C0-149D4A332E27}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{7025881C-7EF7-4B3C-86B3-2ADE4A707829}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7323CA0E-109D-4FA0-857E-02BCC68464C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{819845A6-F072-4D6C-96AE-D3529B124497}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{91D3F860-D7EE-4C38-B9F0-BA06B91CE6A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{934E815B-532D-4C81-A9BF-B37005F23E84}" = protocol=6 | dir=out | app=system | 
"{9C2AC083-BDBD-49CC-B63D-0D7B2F8D624D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A43DA7E3-2C8B-4FAA-A9F7-C259338A1081}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C20FF8B2-51E1-49D4-A98D-B904587D085B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{D402182D-AFCC-4740-947E-71ABCA6008E9}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{DAB5A0B8-C46F-4CBC-A02B-8412EA5BD114}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E1B98BA6-2EF8-4765-BA3F-AF966A255251}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E3E4ED30-0E1F-464A-8C64-433EFA0FBF06}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EC3B3B34-6C50-4321-AD2B-4261CD146125}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{F57CC324-E07C-4632-BC66-D9D260C93BB9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{9C518A45-73C5-4B07-A373-4BC20D3B40C3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{A0D79C77-5BAD-4F05-B533-7810473C0F91}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{1E0C7B42-CBC7-46FE-8C81-B38499D7A63D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{2EEAFDFE-82F4-4D09-A1EE-CD5E7082EB9D}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{040E8987-3C5C-EEE9-7C3C-1A25D5EFE21E}" = Catalyst Control Center Graphics Light
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{12A58E1A-7B5F-6CC8-A299-C9896DCD7982}" = CCC Help Italian
"{142C7D29-6031-806E-C3F5-9053594EF332}" = ATI Catalyst Install Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1BCE0E72-5BE9-150F-04B8-75C1C67E01EB}" = CCC Help Chinese Traditional
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{1FDDD2DF-4EDD-BDBB-483D-8DBF60DA5BAB}" = CCC Help Finnish
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{275C93C7-5FE4-3157-D289-AADD3E973B75}" = CCC Help Korean
"{28C40108-8E43-7BFB-C9DF-06C8E183323A}" = Catalyst Control Center Graphics Previews Common
"{2E03C934-17D0-D1F7-0631-8EB7DDB7B8D5}" = CCC Help Thai
"{2EA73859-A140-04D7-136C-6B29704CC796}" = CCC Help Danish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5E294C-A62C-3459-BAA0-B6AAD8E83460}" = CCC Help Swedish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{435AD583-AFB5-03A8-7F65-721327D6BB11}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F007121-E30C-09A3-E548-ED75161611E3}" = CCC Help Greek
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6438EBAC-5305-39A5-A93E-88CDFA6CE947}" = Google Chrome
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{656A4D8E-9DFA-813E-541E-C047B130D58F}" = Catalyst Control Center Core Implementation
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76690645-425D-59BF-6CA7-CBA3D68C159F}" = Catalyst Control Center Localization All
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF57B88-28DF-D7AA-A9A5-01D535C8023D}" = CCC Help Spanish
"{8B4C0BC1-67A3-6CA9-123B-992DCF14C5AF}" = Catalyst Control Center Graphics Full Existing
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DA00A19-9AB2-2724-36CD-5094EC6F4A45}" = Catalyst Control Center InstallProxy
"{8DBF1BC7-E29D-EF2A-3EAD-98D70C4F6C5B}" = ccc-core-static
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{923D47BD-3BE2-1B83-B9FD-9189FD4474AB}" = CCC Help Dutch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94DCFB3E-015B-C9B4-763B-D07329E89A6D}" = CCC Help Hungarian
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A39B0352-24A9-5D58-E272-91218BC8A51E}" = CCC Help Polish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9139E41-8969-54D1-AF85-D30E8DFF50FE}" = CCC Help Russian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BF3C0386-BADC-F3DF-25A5-435B10852B13}" = CCC Help French
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CBC9CF44-0F09-42EC-6BB0-44AC5C413BCE}" = CCC Help Turkish
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0A5043-8744-A076-9515-AD6B4421152B}" = Catalyst Control Center Graphics Previews Vista
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CFA1A443-F2D9-097D-4CE3-D965A2178B32}" = CCC Help Norwegian
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D776CF6B-93A2-DEFC-3B80-431CB59B3E76}" = CCC Help Czech
"{D7E49254-D6DD-0175-7409-F8DC8B5C1749}" = ccc-utility
"{DAAACF3B-7EFF-6A05-E2CF-2581F8B2B1B1}" = CCC Help Chinese Standard
"{DB3E28FF-969F-0C82-8C24-893823FCC203}" = CCC Help Japanese
"{DCE271F2-588E-F0B5-F0BE-7621BBAB1B6A}" = CCC Help German
"{DD70AAF2-66CA-7BDE-CF7D-AA814A8B939E}" = Catalyst Control Center Graphics Full New
"{DE656F94-4E2A-66AA-DEEA-07638647690D}" = CCC Help Portuguese
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer
"Ashampoo Snap_is1" = Ashampoo Snap
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"K11" = K11 - Kommissare im Einsatz
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Maniac Mansion Deluxe" = Maniac Mansion Deluxe
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RUNAWAY: A TWIST OF FATE (de)" = RUNAWAY: A TWIST OF FATE
"Schlag den Raab_is1" = Schlag den Raab
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veetle TV" = Veetle TV 0.9.18
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"Xvid_is1" = Xvid 1.1.3 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27.10.2011 10:43:54 | Computer Name = Jana-PC | Source = Application Hang | ID = 1002
Description = Programm RATOF.exe, Version 1.0.0.1 kann nicht mehr unter Windows 
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 794    Startzeit: 
01cc94b688a6a3fc    Endzeit: 11    Anwendungspfad: C:\Program Files\CRIMSON COW\RUNAWAY 
- A TWIST OF FATE\RATOF.exe    Berichts-ID:   
 
Error - 27.10.2011 11:42:01 | Computer Name = Jana-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RATOF.exe, Version: 1.0.0.1, Zeitstempel:
 0x4ae04a08  Name des fehlerhaften Moduls: RATOF.exe, Version: 1.0.0.1, Zeitstempel:
 0x4ae04a08  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0005921c  ID des fehlerhaften Prozesses:
 0x12b0  Startzeit der fehlerhaften Anwendung: 0x01cc94b6e1d379a4  Pfad der fehlerhaften
 Anwendung: C:\Program Files\CRIMSON COW\RUNAWAY - A TWIST OF FATE\RATOF.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files\CRIMSON COW\RUNAWAY - A TWIST OF FATE\RATOF.exe
Berichtskennung:
 35ffac8b-00b2-11e1-8eaf-406186af320b
 
Error - 28.10.2011 11:49:09 | Computer Name = Jana-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddWin32ServiceFiles: Unable to back up image of service
 Google Software Updater since QueryServiceConfig API failed  System Error: Das System
 kann die angegebene Datei nicht finden.  .
 
Error - 13.11.2011 07:38:04 | Computer Name = Jana-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 9b0    Startzeit: 01cca1f89eb9994c    Endzeit: 16    Anwendungspfad: 
C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 20.11.2011 10:16:31 | Computer Name = Jana-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 115c    Startzeit: 01cca78e0c6d3a76    Endzeit: 20    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 15.12.2011 16:19:35 | Computer Name = Jana-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Das Zeitlimit für den Vorgang wurde erreicht.  
 
Error - 23.12.2011 08:07:35 | Computer Name = Jana-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 124c    Startzeit: 01ccc166211ad5a6    Endzeit: 30    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 24.12.2011 08:45:50 | Computer Name = Jana-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version:
 6.1.7600.16385, Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version:
 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0xc000000d
ID
 des fehlerhaften Prozesses: 0x3ec  Startzeit der fehlerhaften Anwendung: 0x01ccc239e992d52a
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 34d9709c-2e2d-11e1-a637-406186af320b
 
Error - 30.12.2011 11:32:41 | Computer Name = Jana-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet
 werden.  
 
Error - 04.01.2012 07:54:17 | Computer Name = Jana-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version:
 6.1.7600.16385, Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: SSCORE.DLL,
 Version: 6.1.7601.17514, Zeitstempel: 0x4ce795a6  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x00001513  ID des fehlerhaften Prozesses: 0x3f0  Startzeit der fehlerhaften Anwendung:
 0x01cccad78730633f  Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\SSCORE.DLL  Berichtskennung: d3db0d29-36ca-11e1-bc34-406186af320b
 
[ System Events ]
Error - 27.11.2012 17:25:41 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Aufgabenplanung" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 27.11.2012 17:25:41 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 27.11.2012 17:25:41 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Shellhardwareerkennung" wurde unerwartet beendet. Dies
 ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 27.11.2012 17:25:41 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1 
Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 27.11.2012 17:25:41 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000
 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 27.11.2012 17:26:41 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Server" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, 
ist fehlgeschlagen. Fehler:   %%1056
 
Error - 27.11.2012 17:27:41 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart 
des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:   %%1056
 
Error - 06.12.2012 07:28:40 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
Error - 06.12.2012 07:33:42 | Computer Name = Jana-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597
 (Definition 1.141.1048.0)
 
Error - 13.12.2012 06:19:37 | Computer Name = Jana-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597
 (Definition 1.141.1573.0)
 
 
< End of report >
         


Alt 16.12.2012, 19:35   #6
markusg
/// Malware-holic
 
Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden! - Standard

Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden!



Hi,
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
--> Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden!

Alt 16.12.2012, 19:42   #7
Bene4
 
Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden! - Standard

Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden!



TDSSKiller Log:

Code:
ATTFilter
 20:39:08.0392 4804  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:39:08.0548 4804  ============================================================
20:39:08.0548 4804  Current date / time: 2012/12/16 20:39:08.0548
20:39:08.0548 4804  SystemInfo:
20:39:08.0548 4804  
20:39:08.0564 4804  OS Version: 6.1.7601 ServicePack: 1.0
20:39:08.0564 4804  Product type: Workstation
20:39:08.0564 4804  ComputerName: JANA-PC
20:39:08.0564 4804  UserName: Jana
20:39:08.0564 4804  Windows directory: C:\Windows
20:39:08.0564 4804  System windows directory: C:\Windows
20:39:08.0564 4804  Processor architecture: Intel x86
20:39:08.0564 4804  Number of processors: 2
20:39:08.0564 4804  Page size: 0x1000
20:39:08.0564 4804  Boot type: Normal boot
20:39:08.0564 4804  ============================================================
20:39:09.0734 4804  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:39:09.0734 4804  ============================================================
20:39:09.0734 4804  \Device\Harddisk0\DR0:
20:39:09.0734 4804  MBR partitions:
20:39:09.0734 4804  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:39:09.0734 4804  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x35152000
20:39:09.0734 4804  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x35184800, BlocksNum 0x5000000
20:39:09.0734 4804  ============================================================
20:39:09.0765 4804  C: <-> \Device\Harddisk0\DR0\Partition2
20:39:09.0812 4804  D: <-> \Device\Harddisk0\DR0\Partition3
20:39:09.0812 4804  ============================================================
20:39:09.0812 4804  Initialize success
20:39:09.0812 4804  ============================================================
20:40:19.0591 5416  ============================================================
20:40:19.0591 5416  Scan started
20:40:19.0591 5416  Mode: Manual; SigCheck; TDLFS; 
20:40:19.0591 5416  ============================================================
20:40:21.0385 5416  ================ Scan system memory ========================
20:40:21.0385 5416  System memory - ok
20:40:21.0385 5416  ================ Scan services =============================
20:40:21.0541 5416  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:40:21.0634 5416  1394ohci - ok
20:40:21.0697 5416  [ E6F53D6C0DEA3D375362265E175CA638 ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
20:40:21.0728 5416  acedrv11 - ok
20:40:21.0759 5416  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:40:21.0775 5416  ACPI - ok
20:40:21.0822 5416  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:40:21.0884 5416  AcpiPmi - ok
20:40:21.0993 5416  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:40:22.0024 5416  AdobeARMservice - ok
20:40:22.0134 5416  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:40:22.0165 5416  AdobeFlashPlayerUpdateSvc - ok
20:40:22.0212 5416  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:40:22.0227 5416  adp94xx - ok
20:40:22.0243 5416  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:40:22.0258 5416  adpahci - ok
20:40:22.0274 5416  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:40:22.0290 5416  adpu320 - ok
20:40:22.0321 5416  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:40:22.0336 5416  AeLookupSvc - ok
20:40:22.0383 5416  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
20:40:22.0446 5416  AFD - ok
20:40:22.0492 5416  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
20:40:22.0524 5416  agp440 - ok
20:40:22.0586 5416  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
20:40:22.0617 5416  aic78xx - ok
20:40:22.0680 5416  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
20:40:22.0742 5416  ALG - ok
20:40:22.0820 5416  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:40:22.0851 5416  aliide - ok
20:40:22.0882 5416  [ 57470ED01EF69E113C10F5520D3F60A4 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:40:22.0945 5416  AMD External Events Utility - ok
20:40:22.0960 5416  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
20:40:22.0976 5416  amdagp - ok
20:40:23.0007 5416  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:40:23.0023 5416  amdide - ok
20:40:23.0054 5416  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:40:23.0085 5416  AmdK8 - ok
20:40:23.0241 5416  [ 10F568F7B5B0D3748259187168F56386 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:40:23.0382 5416  amdkmdag - ok
20:40:23.0491 5416  [ 0C3B556EE8DE7983A3C1BE6334926329 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
20:40:23.0569 5416  amdkmdap - ok
20:40:23.0740 5416  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:40:23.0787 5416  AmdPPM - ok
20:40:23.0818 5416  [ AF8E6573058C7B88651E76B4426F9E05 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
20:40:23.0834 5416  amdsata - ok
20:40:23.0865 5416  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:40:23.0881 5416  amdsbs - ok
20:40:23.0896 5416  [ 1FB960FB68C75AAE203C50D6B8004C16 ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
20:40:23.0912 5416  amdxata - ok
20:40:23.0974 5416  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:40:23.0990 5416  AntiVirSchedulerService - ok
20:40:24.0068 5416  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:40:24.0099 5416  AntiVirService - ok
20:40:24.0146 5416  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
20:40:24.0255 5416  AppID - ok
20:40:24.0286 5416  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:40:24.0333 5416  AppIDSvc - ok
20:40:24.0364 5416  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
20:40:24.0411 5416  Appinfo - ok
20:40:24.0442 5416  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:40:24.0458 5416  arc - ok
20:40:24.0474 5416  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:40:24.0489 5416  arcsas - ok
20:40:24.0520 5416  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:40:24.0598 5416  AsyncMac - ok
20:40:24.0661 5416  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
20:40:24.0692 5416  atapi - ok
20:40:24.0739 5416  [ 35207458C90F55C61247DE139A6A243A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
20:40:24.0754 5416  AtiHDAudioService - ok
20:40:24.0817 5416  [ 4FFE74E33BD9170950116F0CA46EAC89 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
20:40:24.0848 5416  AtiPcie - ok
20:40:24.0926 5416  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:40:25.0004 5416  AudioEndpointBuilder - ok
20:40:25.0035 5416  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
20:40:25.0066 5416  Audiosrv - ok
20:40:25.0144 5416  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
20:40:25.0176 5416  avgntflt - ok
20:40:25.0207 5416  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
20:40:25.0238 5416  avipbb - ok
20:40:25.0269 5416  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
20:40:25.0285 5416  avkmgr - ok
20:40:25.0332 5416  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:40:25.0378 5416  AxInstSV - ok
20:40:25.0410 5416  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
20:40:25.0441 5416  b06bdrv - ok
20:40:25.0472 5416  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
20:40:25.0503 5416  b57nd60x - ok
20:40:25.0534 5416  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:40:25.0566 5416  BDESVC - ok
20:40:25.0597 5416  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:40:25.0644 5416  Beep - ok
20:40:25.0722 5416  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
20:40:25.0768 5416  BFE - ok
20:40:25.0800 5416  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
20:40:25.0862 5416  BITS - ok
20:40:25.0878 5416  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:40:25.0909 5416  blbdrive - ok
20:40:25.0956 5416  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:40:26.0002 5416  bowser - ok
20:40:26.0018 5416  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:40:26.0096 5416  BrFiltLo - ok
20:40:26.0112 5416  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:40:26.0143 5416  BrFiltUp - ok
20:40:26.0190 5416  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
20:40:26.0236 5416  Browser - ok
20:40:26.0268 5416  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:40:26.0299 5416  Brserid - ok
20:40:26.0330 5416  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:40:26.0361 5416  BrSerWdm - ok
20:40:26.0392 5416  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:40:26.0408 5416  BrUsbMdm - ok
20:40:26.0439 5416  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:40:26.0486 5416  BrUsbSer - ok
20:40:26.0502 5416  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:40:26.0564 5416  BTHMODEM - ok
20:40:26.0595 5416  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
20:40:26.0626 5416  bthserv - ok
20:40:26.0658 5416  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:40:26.0704 5416  cdfs - ok
20:40:26.0767 5416  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
20:40:26.0798 5416  cdrom - ok
20:40:26.0845 5416  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:40:26.0907 5416  CertPropSvc - ok
20:40:26.0923 5416  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:40:26.0938 5416  circlass - ok
20:40:26.0970 5416  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
20:40:26.0985 5416  CLFS - ok
20:40:27.0048 5416  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:40:27.0063 5416  clr_optimization_v2.0.50727_32 - ok
20:40:27.0110 5416  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:40:27.0141 5416  clr_optimization_v4.0.30319_32 - ok
20:40:27.0172 5416  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:40:27.0172 5416  CmBatt - ok
20:40:27.0188 5416  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:40:27.0204 5416  cmdide - ok
20:40:27.0250 5416  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\Windows\system32\Drivers\cng.sys
20:40:27.0297 5416  CNG - ok
20:40:27.0328 5416  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:40:27.0328 5416  Compbatt - ok
20:40:27.0375 5416  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:40:27.0422 5416  CompositeBus - ok
20:40:27.0438 5416  COMSysApp - ok
20:40:27.0469 5416  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:40:27.0484 5416  crcdisk - ok
20:40:27.0531 5416  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:40:27.0562 5416  CryptSvc - ok
20:40:27.0656 5416  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:40:27.0687 5416  cvhsvc - ok
20:40:27.0734 5416  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:40:27.0781 5416  DcomLaunch - ok
20:40:27.0796 5416  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
20:40:27.0843 5416  defragsvc - ok
20:40:27.0906 5416  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:40:27.0968 5416  DfsC - ok
20:40:28.0015 5416  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:40:28.0062 5416  Dhcp - ok
20:40:28.0077 5416  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
20:40:28.0124 5416  discache - ok
20:40:28.0171 5416  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:40:28.0186 5416  Disk - ok
20:40:28.0218 5416  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:40:28.0249 5416  Dnscache - ok
20:40:28.0296 5416  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:40:28.0358 5416  dot3svc - ok
20:40:28.0405 5416  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
20:40:28.0467 5416  DPS - ok
20:40:28.0498 5416  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:40:28.0514 5416  drmkaud - ok
20:40:28.0561 5416  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:40:28.0592 5416  DXGKrnl - ok
20:40:28.0608 5416  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
20:40:28.0654 5416  EapHost - ok
20:40:28.0748 5416  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
20:40:28.0810 5416  ebdrv - ok
20:40:28.0857 5416  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
20:40:28.0920 5416  EFS - ok
20:40:29.0091 5416  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:40:29.0154 5416  ehRecvr - ok
20:40:29.0216 5416  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
20:40:29.0388 5416  ehSched - ok
20:40:29.0434 5416  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:40:29.0450 5416  elxstor - ok
20:40:29.0481 5416  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:40:29.0512 5416  ErrDev - ok
20:40:29.0544 5416  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
20:40:29.0622 5416  EventSystem - ok
20:40:29.0653 5416  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
20:40:29.0700 5416  exfat - ok
20:40:29.0715 5416  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:40:29.0746 5416  fastfat - ok
20:40:29.0809 5416  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
20:40:29.0840 5416  Fax - ok
20:40:29.0871 5416  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:40:29.0887 5416  fdc - ok
20:40:29.0902 5416  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
20:40:29.0934 5416  fdPHost - ok
20:40:29.0949 5416  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
20:40:29.0996 5416  FDResPub - ok
20:40:30.0027 5416  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:40:30.0043 5416  FileInfo - ok
20:40:30.0058 5416  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:40:30.0090 5416  Filetrace - ok
20:40:30.0121 5416  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:40:30.0168 5416  flpydisk - ok
20:40:30.0199 5416  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:40:30.0199 5416  FltMgr - ok
20:40:30.0246 5416  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
20:40:30.0292 5416  FontCache - ok
20:40:30.0339 5416  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:40:30.0355 5416  FontCache3.0.0.0 - ok
20:40:30.0370 5416  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:40:30.0386 5416  FsDepends - ok
20:40:30.0402 5416  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:40:30.0417 5416  Fs_Rec - ok
20:40:30.0464 5416  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:40:30.0480 5416  fvevol - ok
20:40:30.0526 5416  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:40:30.0526 5416  gagp30kx - ok
20:40:30.0573 5416  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:40:30.0620 5416  gpsvc - ok
20:40:30.0682 5416  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
20:40:30.0714 5416  gupdate - ok
20:40:30.0760 5416  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
20:40:30.0776 5416  gupdatem - ok
20:40:30.0838 5416  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:40:30.0854 5416  gusvc - ok
20:40:30.0870 5416  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:40:30.0901 5416  hcw85cir - ok
20:40:30.0932 5416  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:40:30.0948 5416  HdAudAddService - ok
20:40:30.0979 5416  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:40:31.0010 5416  HDAudBus - ok
20:40:31.0026 5416  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:40:31.0057 5416  HidBatt - ok
20:40:31.0088 5416  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:40:31.0104 5416  HidBth - ok
20:40:31.0119 5416  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:40:31.0150 5416  HidIr - ok
20:40:31.0182 5416  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
20:40:31.0260 5416  hidserv - ok
20:40:31.0306 5416  [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:40:31.0322 5416  HidUsb - ok
20:40:31.0369 5416  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:40:31.0416 5416  hkmsvc - ok
20:40:31.0431 5416  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:40:31.0462 5416  HomeGroupListener - ok
20:40:31.0509 5416  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:40:31.0556 5416  HomeGroupProvider - ok
20:40:31.0587 5416  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:40:31.0603 5416  HpSAMD - ok
20:40:31.0665 5416  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:40:31.0696 5416  HTTP - ok
20:40:31.0728 5416  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:40:31.0728 5416  hwpolicy - ok
20:40:31.0759 5416  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:40:31.0806 5416  i8042prt - ok
20:40:31.0837 5416  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:40:31.0868 5416  iaStorV - ok
20:40:31.0930 5416  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:40:31.0977 5416  idsvc - ok
20:40:32.0008 5416  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:40:32.0024 5416  iirsp - ok
20:40:32.0086 5416  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
20:40:32.0133 5416  IKEEXT - ok
20:40:32.0258 5416  [ 5A4AAD2240CB8B50FFEAEDB2BF747ABD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:40:32.0320 5416  IntcAzAudAddService - ok
20:40:32.0352 5416  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:40:32.0383 5416  intelide - ok
20:40:32.0414 5416  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:40:32.0461 5416  intelppm - ok
20:40:32.0508 5416  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:40:32.0570 5416  IPBusEnum - ok
20:40:32.0617 5416  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:40:32.0664 5416  IpFilterDriver - ok
20:40:32.0710 5416  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:40:32.0742 5416  iphlpsvc - ok
20:40:32.0773 5416  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:40:32.0788 5416  IPMIDRV - ok
20:40:32.0820 5416  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:40:32.0851 5416  IPNAT - ok
20:40:32.0866 5416  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:40:32.0882 5416  IRENUM - ok
20:40:32.0913 5416  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:40:32.0929 5416  isapnp - ok
20:40:32.0960 5416  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:40:32.0976 5416  iScsiPrt - ok
20:40:33.0007 5416  [ 858CE8CCD0FA4845AEB1A9C89EC3A0F2 ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
20:40:33.0022 5416  JMCR - ok
20:40:33.0038 5416  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
20:40:33.0054 5416  kbdclass - ok
20:40:33.0100 5416  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
20:40:33.0116 5416  kbdhid - ok
20:40:33.0132 5416  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
20:40:33.0147 5416  KeyIso - ok
20:40:33.0178 5416  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:40:33.0194 5416  KSecDD - ok
20:40:33.0225 5416  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:40:33.0241 5416  KSecPkg - ok
20:40:33.0256 5416  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:40:33.0288 5416  KtmRm - ok
20:40:33.0319 5416  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:40:33.0366 5416  LanmanServer - ok
20:40:33.0381 5416  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:40:33.0428 5416  LanmanWorkstation - ok
20:40:33.0459 5416  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:40:33.0490 5416  lltdio - ok
20:40:33.0522 5416  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:40:33.0568 5416  lltdsvc - ok
20:40:33.0568 5416  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:40:33.0600 5416  lmhosts - ok
20:40:33.0631 5416  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:40:33.0631 5416  LSI_FC - ok
20:40:33.0662 5416  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:40:33.0678 5416  LSI_SAS - ok
20:40:33.0678 5416  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:40:33.0693 5416  LSI_SAS2 - ok
20:40:33.0724 5416  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:40:33.0724 5416  LSI_SCSI - ok
20:40:33.0756 5416  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
20:40:33.0787 5416  luafv - ok
20:40:33.0834 5416  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:40:33.0865 5416  Mcx2Svc - ok
20:40:33.0880 5416  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:40:33.0896 5416  megasas - ok
20:40:33.0943 5416  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:40:33.0958 5416  MegaSR - ok
20:40:34.0005 5416  [ 71C6748EE8DE938532057EF10B4B7E44 ] Micro Star SCM  C:\Program Files\System Control Manager\MSIService.exe
20:40:34.0021 5416  Micro Star SCM ( UnsignedFile.Multi.Generic ) - warning
20:40:34.0021 5416  Micro Star SCM - detected UnsignedFile.Multi.Generic (1)
20:40:34.0068 5416  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
20:40:34.0114 5416  MMCSS - ok
20:40:34.0146 5416  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
20:40:34.0177 5416  Modem - ok
20:40:34.0208 5416  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:40:34.0224 5416  monitor - ok
20:40:34.0270 5416  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:40:34.0302 5416  mouclass - ok
20:40:34.0333 5416  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:40:34.0364 5416  mouhid - ok
20:40:34.0411 5416  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:40:34.0442 5416  mountmgr - ok
20:40:34.0458 5416  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:40:34.0473 5416  mpio - ok
20:40:34.0614 5416  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:40:34.0707 5416  mpsdrv - ok
20:40:34.0770 5416  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:40:34.0863 5416  MpsSvc - ok
20:40:34.0910 5416  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:40:34.0941 5416  MRxDAV - ok
20:40:34.0988 5416  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:40:35.0035 5416  mrxsmb - ok
20:40:35.0066 5416  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:40:35.0113 5416  mrxsmb10 - ok
20:40:35.0144 5416  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:40:35.0175 5416  mrxsmb20 - ok
20:40:35.0222 5416  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
20:40:35.0238 5416  msahci - ok
20:40:35.0269 5416  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:40:35.0284 5416  msdsm - ok
20:40:35.0300 5416  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
20:40:35.0331 5416  MSDTC - ok
20:40:35.0362 5416  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:40:35.0394 5416  Msfs - ok
20:40:35.0409 5416  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:40:35.0456 5416  mshidkmdf - ok
20:40:35.0472 5416  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:40:35.0487 5416  msisadrv - ok
20:40:35.0518 5416  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:40:35.0550 5416  MSiSCSI - ok
20:40:35.0565 5416  msiserver - ok
20:40:35.0612 5416  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:40:35.0643 5416  MSKSSRV - ok
20:40:35.0659 5416  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:40:35.0690 5416  MSPCLOCK - ok
20:40:35.0706 5416  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:40:35.0768 5416  MSPQM - ok
20:40:35.0799 5416  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:40:35.0815 5416  MsRPC - ok
20:40:35.0862 5416  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:40:35.0877 5416  mssmbios - ok
20:40:35.0908 5416  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:40:35.0924 5416  MSTEE - ok
20:40:35.0940 5416  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:40:35.0971 5416  MTConfig - ok
20:40:35.0971 5416  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:40:35.0986 5416  Mup - ok
20:40:36.0033 5416  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
20:40:36.0080 5416  napagent - ok
20:40:36.0127 5416  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:40:36.0142 5416  NativeWifiP - ok
20:40:36.0205 5416  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:40:36.0236 5416  NDIS - ok
20:40:36.0267 5416  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:40:36.0298 5416  NdisCap - ok
20:40:36.0314 5416  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:40:36.0345 5416  NdisTapi - ok
20:40:36.0392 5416  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:40:36.0454 5416  Ndisuio - ok
20:40:36.0486 5416  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:40:36.0517 5416  NdisWan - ok
20:40:36.0532 5416  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:40:36.0564 5416  NDProxy - ok
20:40:36.0610 5416  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:40:36.0642 5416  NetBIOS - ok
20:40:36.0688 5416  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:40:36.0735 5416  NetBT - ok
20:40:36.0751 5416  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
20:40:36.0766 5416  Netlogon - ok
20:40:36.0798 5416  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
20:40:36.0844 5416  Netman - ok
20:40:36.0844 5416  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
20:40:36.0891 5416  netprofm - ok
20:40:36.0938 5416  [ 76B1157EF850830C5ECE61D3E591CA8B ] netr73          C:\Windows\system32\DRIVERS\netr73.sys
20:40:36.0969 5416  netr73 - ok
20:40:37.0001 5416  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:40:37.0032 5416  NetTcpPortSharing - ok
20:40:37.0063 5416  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:40:37.0063 5416  nfrd960 - ok
20:40:37.0110 5416  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:40:37.0157 5416  NlaSvc - ok
20:40:37.0219 5416  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:40:37.0250 5416  Npfs - ok
20:40:37.0281 5416  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
20:40:37.0313 5416  nsi - ok
20:40:37.0328 5416  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:40:37.0359 5416  nsiproxy - ok
20:40:37.0422 5416  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:40:37.0453 5416  Ntfs - ok
20:40:37.0484 5416  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
20:40:37.0500 5416  Null - ok
20:40:37.0547 5416  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:40:37.0562 5416  nvraid - ok
20:40:37.0593 5416  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:40:37.0609 5416  nvstor - ok
20:40:37.0640 5416  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:40:37.0656 5416  nv_agp - ok
20:40:37.0656 5416  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:40:37.0687 5416  ohci1394 - ok
20:40:37.0718 5416  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:40:37.0734 5416  ose - ok
20:40:37.0890 5416  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:40:38.0077 5416  osppsvc - ok
20:40:38.0108 5416  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:40:38.0139 5416  p2pimsvc - ok
20:40:38.0186 5416  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:40:38.0202 5416  p2psvc - ok
20:40:38.0217 5416  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:40:38.0233 5416  Parport - ok
20:40:38.0264 5416  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:40:38.0280 5416  partmgr - ok
20:40:38.0311 5416  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
20:40:38.0327 5416  Parvdm - ok
20:40:38.0358 5416  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:40:38.0373 5416  PcaSvc - ok
20:40:38.0389 5416  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
20:40:38.0389 5416  pci - ok
20:40:38.0420 5416  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
20:40:38.0436 5416  pciide - ok
20:40:38.0467 5416  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:40:38.0483 5416  pcmcia - ok
20:40:38.0514 5416  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
20:40:38.0545 5416  pcw - ok
20:40:38.0576 5416  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:40:38.0623 5416  PEAUTH - ok
20:40:38.0717 5416  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
20:40:38.0795 5416  pla - ok
20:40:38.0841 5416  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:40:38.0873 5416  PlugPlay - ok
20:40:38.0904 5416  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:40:38.0935 5416  PNRPAutoReg - ok
20:40:38.0966 5416  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:40:38.0982 5416  PNRPsvc - ok
20:40:39.0029 5416  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:40:39.0075 5416  PolicyAgent - ok
20:40:39.0122 5416  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
20:40:39.0153 5416  Power - ok
20:40:39.0185 5416  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:40:39.0216 5416  PptpMiniport - ok
20:40:39.0247 5416  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:40:39.0263 5416  Processor - ok
20:40:39.0294 5416  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
20:40:39.0341 5416  ProfSvc - ok
20:40:39.0356 5416  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:40:39.0372 5416  ProtectedStorage - ok
20:40:39.0419 5416  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:40:39.0450 5416  Psched - ok
20:40:39.0512 5416  [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
20:40:39.0543 5416  PSI - ok
20:40:39.0559 5416  [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2       c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
20:40:39.0575 5416  PSI_SVC_2 - ok
20:40:39.0637 5416  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:40:39.0668 5416  ql2300 - ok
20:40:39.0699 5416  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:40:39.0715 5416  ql40xx - ok
20:40:39.0824 5416  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
20:40:39.0887 5416  QWAVE - ok
20:40:39.0918 5416  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:40:39.0933 5416  QWAVEdrv - ok
20:40:39.0949 5416  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:40:39.0996 5416  RasAcd - ok
20:40:40.0027 5416  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:40:40.0058 5416  RasAgileVpn - ok
20:40:40.0089 5416  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
20:40:40.0121 5416  RasAuto - ok
20:40:40.0136 5416  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:40:40.0167 5416  Rasl2tp - ok
20:40:40.0214 5416  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
20:40:40.0245 5416  RasMan - ok
20:40:40.0277 5416  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:40:40.0308 5416  RasPppoe - ok
20:40:40.0323 5416  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:40:40.0355 5416  RasSstp - ok
20:40:40.0401 5416  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:40:40.0417 5416  rdbss - ok
20:40:40.0448 5416  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:40:40.0464 5416  rdpbus - ok
20:40:40.0495 5416  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:40:40.0557 5416  RDPCDD - ok
20:40:40.0589 5416  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:40:40.0635 5416  RDPENCDD - ok
20:40:40.0635 5416  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:40:40.0667 5416  RDPREFMP - ok
20:40:40.0713 5416  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:40:40.0760 5416  RdpVideoMiniport - ok
20:40:40.0791 5416  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:40:40.0838 5416  RDPWD - ok
20:40:40.0901 5416  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:40:40.0932 5416  rdyboost - ok
20:40:40.0963 5416  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:40:40.0994 5416  RemoteAccess - ok
20:40:41.0010 5416  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:40:41.0041 5416  RemoteRegistry - ok
20:40:41.0072 5416  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:40:41.0103 5416  RpcEptMapper - ok
20:40:41.0119 5416  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
20:40:41.0150 5416  RpcLocator - ok
20:40:41.0181 5416  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
20:40:41.0213 5416  RpcSs - ok
20:40:41.0259 5416  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:40:41.0306 5416  rspndr - ok
20:40:41.0337 5416  [ E38B785802C666782D2880738D01AC10 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
20:40:41.0353 5416  RTHDMIAzAudService - ok
20:40:41.0415 5416  [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
20:40:41.0462 5416  RTL8167 - ok
20:40:41.0509 5416  [ B5E9979FBB26FC059BD87A81F763D5DA ] rtl8192se       C:\Windows\system32\DRIVERS\rtl8192se.sys
20:40:41.0540 5416  rtl8192se - ok
20:40:41.0556 5416  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
20:40:41.0556 5416  SamSs - ok
20:40:41.0603 5416  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:40:41.0634 5416  sbp2port - ok
20:40:41.0665 5416  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:40:41.0696 5416  SCardSvr - ok
20:40:41.0712 5416  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:40:41.0743 5416  scfilter - ok
20:40:41.0790 5416  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
20:40:41.0852 5416  Schedule - ok
20:40:41.0868 5416  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:40:41.0899 5416  SCPolicySvc - ok
20:40:41.0946 5416  [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus           C:\Windows\system32\drivers\sdbus.sys
20:40:41.0993 5416  sdbus - ok
20:40:42.0024 5416  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:40:42.0071 5416  SDRSVC - ok
20:40:42.0102 5416  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:40:42.0149 5416  secdrv - ok
20:40:42.0180 5416  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
20:40:42.0227 5416  seclogon - ok
20:40:42.0320 5416  [ 5B66DB4877BBAC9F7493AA8D84421E49 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
20:40:42.0367 5416  Secunia PSI Agent - ok
20:40:42.0398 5416  [ 0E88FDF474F2CDD370A4A6CE77D018F0 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
20:40:42.0414 5416  Secunia Update Agent - ok
20:40:42.0429 5416  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
20:40:42.0476 5416  SENS - ok
20:40:42.0492 5416  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:40:42.0523 5416  SensrSvc - ok
20:40:42.0539 5416  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:40:42.0585 5416  Serenum - ok
20:40:42.0601 5416  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:40:42.0617 5416  Serial - ok
20:40:42.0648 5416  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:40:42.0663 5416  sermouse - ok
20:40:42.0710 5416  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:40:42.0741 5416  SessionEnv - ok
20:40:42.0788 5416  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:40:42.0819 5416  sffdisk - ok
20:40:42.0835 5416  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:40:42.0882 5416  sffp_mmc - ok
20:40:42.0897 5416  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:40:42.0913 5416  sffp_sd - ok
20:40:42.0944 5416  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:40:42.0960 5416  sfloppy - ok
20:40:43.0007 5416  [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
20:40:43.0022 5416  Sftfs - ok
20:40:43.0085 5416  [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist         C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
20:40:43.0116 5416  sftlist - ok
20:40:43.0163 5416  [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:40:43.0178 5416  Sftplay - ok
20:40:43.0209 5416  [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:40:43.0241 5416  Sftredir - ok
20:40:43.0256 5416  [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
20:40:43.0256 5416  Sftvol - ok
20:40:43.0303 5416  [ A5812F0281CA5081BF696626F9BF324D ] sftvsa          C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
20:40:43.0303 5416  sftvsa - ok
20:40:43.0334 5416  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:40:43.0397 5416  SharedAccess - ok
20:40:43.0428 5416  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:40:43.0506 5416  ShellHWDetection - ok
20:40:43.0553 5416  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
20:40:43.0568 5416  sisagp - ok
20:40:43.0599 5416  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:40:43.0615 5416  SiSRaid2 - ok
20:40:43.0646 5416  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:40:43.0646 5416  SiSRaid4 - ok
20:40:43.0693 5416  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:40:43.0724 5416  Smb - ok
20:40:43.0755 5416  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:40:43.0771 5416  SNMPTRAP - ok
20:40:43.0787 5416  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:40:43.0802 5416  spldr - ok
20:40:43.0849 5416  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
20:40:43.0880 5416  Spooler - ok
20:40:43.0989 5416  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
20:40:44.0114 5416  sppsvc - ok
20:40:44.0145 5416  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:40:44.0192 5416  sppuinotify - ok
20:40:44.0239 5416  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:40:44.0270 5416  srv - ok
20:40:44.0301 5416  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:40:44.0333 5416  srv2 - ok
20:40:44.0364 5416  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:40:44.0411 5416  srvnet - ok
20:40:44.0442 5416  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:40:44.0504 5416  SSDPSRV - ok
20:40:44.0551 5416  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
20:40:44.0567 5416  ssmdrv - ok
20:40:44.0598 5416  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:40:44.0629 5416  SstpSvc - ok
20:40:44.0676 5416  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:40:44.0676 5416  stexstor - ok
20:40:44.0723 5416  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
20:40:44.0785 5416  StiSvc - ok
20:40:44.0816 5416  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:40:44.0816 5416  swenum - ok
20:40:44.0847 5416  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
20:40:44.0894 5416  swprv - ok
20:40:44.0925 5416  [ D7DC30B8B41E7A913C3FCCC0631E72EC ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
20:40:44.0941 5416  SynTP - ok
20:40:45.0003 5416  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
20:40:45.0050 5416  SysMain - ok
20:40:45.0097 5416  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:40:45.0159 5416  TabletInputService - ok
20:40:45.0191 5416  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:40:45.0206 5416  TapiSrv - ok
20:40:45.0237 5416  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
20:40:45.0269 5416  TBS - ok
20:40:45.0331 5416  [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:40:45.0378 5416  Tcpip - ok
20:40:45.0440 5416  [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:40:45.0471 5416  TCPIP6 - ok
20:40:45.0503 5416  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:40:45.0534 5416  tcpipreg - ok
20:40:45.0581 5416  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:40:45.0596 5416  TDPIPE - ok
20:40:45.0627 5416  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:40:45.0643 5416  TDTCP - ok
20:40:45.0690 5416  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:40:45.0752 5416  tdx - ok
20:40:45.0783 5416  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:40:45.0799 5416  TermDD - ok
20:40:45.0846 5416  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
20:40:45.0908 5416  TermService - ok
20:40:45.0939 5416  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
20:40:45.0971 5416  Themes - ok
20:40:46.0002 5416  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
20:40:46.0017 5416  THREADORDER - ok
20:40:46.0064 5416  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
20:40:46.0111 5416  TrkWks - ok
20:40:46.0158 5416  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:40:46.0205 5416  TrustedInstaller - ok
20:40:46.0236 5416  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:40:46.0267 5416  tssecsrv - ok
20:40:46.0298 5416  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:40:46.0314 5416  TsUsbFlt - ok
20:40:46.0376 5416  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:40:46.0439 5416  tunnel - ok
20:40:46.0454 5416  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:40:46.0470 5416  uagp35 - ok
20:40:46.0517 5416  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:40:46.0548 5416  udfs - ok
20:40:46.0579 5416  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:40:46.0610 5416  UI0Detect - ok
20:40:46.0641 5416  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:40:46.0657 5416  uliagpkx - ok
20:40:46.0688 5416  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
20:40:46.0704 5416  umbus - ok
20:40:46.0735 5416  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:40:46.0751 5416  UmPass - ok
20:40:46.0782 5416  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
20:40:46.0829 5416  upnphost - ok
20:40:46.0860 5416  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:40:46.0875 5416  usbccgp - ok
20:40:46.0922 5416  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:40:46.0953 5416  usbcir - ok
20:40:46.0969 5416  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:40:47.0000 5416  usbehci - ok
20:40:47.0016 5416  [ FB0E8B624D1F7E214EDB3D6E56B4EC88 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
20:40:47.0031 5416  usbfilter - ok
20:40:47.0063 5416  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:40:47.0094 5416  usbhub - ok
20:40:47.0125 5416  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
20:40:47.0156 5416  usbohci - ok
20:40:47.0187 5416  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:40:47.0187 5416  usbprint - ok
20:40:47.0219 5416  [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:40:47.0265 5416  USBSTOR - ok
20:40:47.0281 5416  [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
20:40:47.0312 5416  usbuhci - ok
20:40:47.0375 5416  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
20:40:47.0421 5416  usbvideo - ok
20:40:47.0453 5416  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
20:40:47.0468 5416  UxSms - ok
20:40:47.0484 5416  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
20:40:47.0499 5416  VaultSvc - ok
20:40:47.0515 5416  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:40:47.0531 5416  vdrvroot - ok
20:40:47.0593 5416  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
20:40:47.0640 5416  vds - ok
20:40:47.0671 5416  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:40:47.0702 5416  vga - ok
20:40:47.0718 5416  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:40:47.0749 5416  VgaSave - ok
20:40:47.0780 5416  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:40:47.0811 5416  vhdmp - ok
20:40:47.0843 5416  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
20:40:47.0858 5416  viaagp - ok
20:40:47.0874 5416  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
20:40:47.0905 5416  ViaC7 - ok
20:40:47.0905 5416  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
20:40:47.0921 5416  viaide - ok
20:40:47.0936 5416  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:40:47.0952 5416  volmgr - ok
20:40:47.0983 5416  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:40:47.0999 5416  volmgrx - ok
20:40:48.0014 5416  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:40:48.0030 5416  volsnap - ok
20:40:48.0061 5416  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:40:48.0077 5416  vsmraid - ok
20:40:48.0123 5416  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
20:40:48.0186 5416  VSS - ok
20:40:48.0217 5416  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:40:48.0233 5416  vwifibus - ok
20:40:48.0248 5416  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:40:48.0264 5416  vwififlt - ok
20:40:48.0279 5416  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
20:40:48.0342 5416  W32Time - ok
20:40:48.0357 5416  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:40:48.0373 5416  WacomPen - ok
20:40:48.0420 5416  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:40:48.0482 5416  WANARP - ok
20:40:48.0482 5416  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:40:48.0513 5416  Wanarpv6 - ok
20:40:48.0545 5416  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
20:40:48.0576 5416  wbengine - ok
20:40:48.0607 5416  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:40:48.0638 5416  WbioSrvc - ok
20:40:48.0669 5416  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:40:48.0701 5416  wcncsvc - ok
20:40:48.0732 5416  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:40:48.0732 5416  WcsPlugInService - ok
20:40:48.0763 5416  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:40:48.0763 5416  Wd - ok
20:40:48.0810 5416  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:40:48.0841 5416  Wdf01000 - ok
20:40:48.0857 5416  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:40:48.0888 5416  WdiServiceHost - ok
20:40:48.0888 5416  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:40:48.0919 5416  WdiSystemHost - ok
20:40:48.0950 5416  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
20:40:48.0981 5416  WebClient - ok
20:40:48.0997 5416  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:40:49.0028 5416  Wecsvc - ok
20:40:49.0044 5416  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:40:49.0075 5416  wercplsupport - ok
20:40:49.0106 5416  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:40:49.0137 5416  WerSvc - ok
20:40:49.0169 5416  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:40:49.0200 5416  WfpLwf - ok
20:40:49.0215 5416  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:40:49.0215 5416  WIMMount - ok
20:40:49.0262 5416  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
20:40:49.0293 5416  WinDefend - ok
20:40:49.0293 5416  WinHttpAutoProxySvc - ok
20:40:49.0356 5416  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:40:49.0418 5416  Winmgmt - ok
20:40:49.0481 5416  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
20:40:49.0543 5416  WinRM - ok
20:40:49.0590 5416  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:40:49.0621 5416  WinUsb - ok
20:40:49.0668 5416  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:40:49.0699 5416  Wlansvc - ok
20:40:49.0761 5416  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:40:49.0777 5416  wlcrasvc - ok
20:40:49.0871 5416  [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:40:49.0902 5416  wlidsvc - ok
20:40:49.0949 5416  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:40:49.0964 5416  WmiAcpi - ok
20:40:49.0995 5416  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:40:50.0027 5416  wmiApSrv - ok
20:40:50.0120 5416  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
20:40:50.0167 5416  WMPNetworkSvc - ok
20:40:50.0198 5416  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:40:50.0229 5416  WPCSvc - ok
20:40:50.0276 5416  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:40:50.0323 5416  WPDBusEnum - ok
20:40:50.0354 5416  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:40:50.0432 5416  ws2ifsl - ok
20:40:50.0448 5416  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
20:40:50.0479 5416  wscsvc - ok
20:40:50.0479 5416  WSearch - ok
20:40:50.0573 5416  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
20:40:50.0619 5416  wuauserv - ok
20:40:50.0651 5416  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:40:50.0666 5416  WudfPf - ok
20:40:50.0697 5416  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:40:50.0713 5416  WUDFRd - ok
20:40:50.0729 5416  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:40:50.0744 5416  wudfsvc - ok
20:40:50.0775 5416  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:40:50.0807 5416  WwanSvc - ok
20:40:50.0822 5416  ================ Scan global ===============================
20:40:50.0869 5416  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
20:40:50.0900 5416  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
20:40:50.0916 5416  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
20:40:50.0947 5416  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
20:40:50.0978 5416  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
20:40:50.0994 5416  [Global] - ok
20:40:50.0994 5416  ================ Scan MBR ==================================
20:40:51.0009 5416  [ 8A1C59E4DFEF87510470928550466632 ] \Device\Harddisk0\DR0
20:40:54.0239 5416  \Device\Harddisk0\DR0 - ok
20:40:54.0239 5416  ================ Scan VBR ==================================
20:40:54.0239 5416  [ 1732D7A3140A25274C725C9A24E4274D ] \Device\Harddisk0\DR0\Partition1
20:40:54.0239 5416  \Device\Harddisk0\DR0\Partition1 - ok
20:40:54.0270 5416  [ E5C1FF61EC9401CD73CD28840071555E ] \Device\Harddisk0\DR0\Partition2
20:40:54.0270 5416  \Device\Harddisk0\DR0\Partition2 - ok
20:40:54.0301 5416  [ 7656470482D2836BB1FEC5DECAF408DC ] \Device\Harddisk0\DR0\Partition3
20:40:54.0301 5416  \Device\Harddisk0\DR0\Partition3 - ok
20:40:54.0301 5416  ============================================================
20:40:54.0301 5416  Scan finished
20:40:54.0301 5416  ============================================================
20:40:54.0317 2188  Detected object count: 1
20:40:54.0317 2188  Actual detected object count: 1
20:41:06.0032 2188  Micro Star SCM ( UnsignedFile.Multi.Generic ) - skipped by user
20:41:06.0032 2188  Micro Star SCM ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 16.12.2012, 19:44   #8
markusg
/// Malware-holic
 
Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden! - Standard

Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden!



Hi,
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.12.2012, 20:19   #9
Bene4
 
Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden! - Standard

Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden!



Combofix log:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-12-14.01 - Jana 16.12.2012  20:55:40.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3071.2036 [GMT 1:00]
ausgeführt von:: c:\users\Jana\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-16 bis 2012-12-16  ))))))))))))))))))))))))))))))
.
.
2012-12-16 20:15 . 2012-12-16 20:15	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-16 19:04 . 2012-12-16 19:04	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9305EE1-34EC-46B1-B338-1332816CEA65}\offreg.dll
2012-12-14 11:16 . 2012-12-14 11:16	--------	d-----w-	c:\program files\ESET
2012-12-14 08:16 . 2012-12-14 08:16	--------	d-----w-	c:\users\Jana\AppData\Roaming\Malwarebytes
2012-12-14 08:16 . 2012-12-14 08:16	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-14 08:16 . 2012-12-14 08:17	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-12-14 08:16 . 2012-09-29 18:54	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-14 08:13 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9305EE1-34EC-46B1-B338-1332816CEA65}\mpengine.dll
2012-12-13 10:43 . 2012-08-23 14:10	12288	----a-w-	c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-12-13 10:41 . 2012-08-24 16:57	247808	----a-w-	c:\windows\system32\schannel.dll
2012-12-13 10:41 . 2012-08-24 17:05	136560	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-12-13 10:41 . 2012-08-24 17:02	369856	----a-w-	c:\windows\system32\drivers\cng.sys
2012-12-13 10:41 . 2012-08-24 16:57	220160	----a-w-	c:\windows\system32\ncrypt.dll
2012-12-13 10:41 . 2012-08-24 16:56	1039360	----a-w-	c:\windows\system32\lsasrv.dll
2012-12-13 10:41 . 2012-05-04 09:59	514560	----a-w-	c:\windows\system32\qdvd.dll
2012-12-13 10:35 . 2012-12-13 10:35	--------	d-----w-	c:\users\Jana\AppData\Local\WindowsUpdate
2012-12-13 10:30 . 2012-12-13 10:30	--------	d-----w-	c:\program files\Common Files\Java
2012-12-13 10:29 . 2012-12-13 10:29	477168	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-12-13 10:29 . 2012-12-13 10:29	--------	d-----w-	c:\program files\Java
2012-12-13 10:17 . 2012-11-22 02:56	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-12-13 10:16 . 2012-11-02 05:11	376832	----a-w-	c:\windows\system32\dpnet.dll
2012-12-13 10:16 . 2012-11-05 20:32	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-13 10:16 . 2012-11-05 20:32	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-13 10:16 . 2012-11-09 04:42	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-10 21:26 . 2012-12-10 21:26	--------	d--h--w-	c:\programdata\CanonBJ
2012-12-10 21:26 . 2009-07-14 01:15	71168	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\CNBPP4.DLL
2012-12-09 15:00 . 2012-12-09 15:00	--------	d-----w-	c:\users\Jana\AppData\Roaming\OpenOffice.org
2012-12-09 14:58 . 2012-12-09 14:58	--------	d-----w-	c:\program files\OpenOffice.org 3
2012-11-28 21:03 . 2012-11-28 21:03	--------	d-----w-	c:\users\Default\AppData\Local\Google
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 10:29 . 2010-10-26 12:59	473072	----a-w-	c:\windows\system32\deployJava1.dll
2012-12-13 10:28 . 2012-05-23 19:39	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-13 10:28 . 2011-12-29 12:15	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-16 07:39 . 2012-11-27 21:33	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-09 17:40 . 2012-11-16 13:39	44032	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-16 13:39	193536	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-10-03 16:58 . 2012-11-16 13:39	1293680	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42 . 2012-11-16 13:39	242176	----a-w-	c:\windows\system32\nlasvc.dll
2012-10-03 16:42 . 2012-11-16 13:39	52224	----a-w-	c:\windows\system32\nlaapi.dll
2012-10-03 16:42 . 2012-11-16 13:39	175104	----a-w-	c:\windows\system32\netcorehc.dll
2012-10-03 16:42 . 2012-11-16 13:39	18944	----a-w-	c:\windows\system32\netevent.dll
2012-10-03 16:42 . 2012-11-16 13:39	156672	----a-w-	c:\windows\system32\ncsi.dll
2012-10-03 16:40 . 2012-11-16 13:39	499712	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21 . 2012-11-16 13:39	35328	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2012-09-25 22:47 . 2012-11-16 13:39	78336	----a-w-	c:\windows\system32\synceng.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSpeedUp"="c:\program files\PC Beschleunigen\PCSpeedUp.lnk" [2011-10-09 2389]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-16 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-30 102400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2010-07-19 2482176]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-08 9267816]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-06-08 1481320]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-12 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-12-16 19:27	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 netr73;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr73.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 31934381
*Deregistered* - 31934381
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup	REG_MULTI_SZ   	GPSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-13 10:28]
.
2012-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-16 19:26]
.
2012-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-16 19:26]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
IE: Crawler Search - tbr:iemenu
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-BsScanner
MSConfigStartUp-ICQ - c:\program files\ICQ7.2\ICQ.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-16  21:17:30
ComboFix-quarantined-files.txt  2012-12-16 20:17
.
Vor Suchlauf: 4 Verzeichnis(se), 357.489.201.152 Bytes frei
Nach Suchlauf: 7 Verzeichnis(se), 357.949.947.904 Bytes frei
.
- - End Of File - - 2D2BCBCF3CB9613123810F3CE35822E9
         
--- --- ---

Alt 16.12.2012, 20:22   #10
markusg
/// Malware-holic
 
Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden! - Standard

Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden!



lade den CCleaner standard:
CCleaner Download - CCleaner 3.25.1872
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.12.2012, 20:35   #11
Bene4
 
Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden! - Standard

Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden!



Code:
ATTFilter
 Adobe AIR	Adobe Systems Incorporated	22.05.2012		2.7.1.19610 unbekannt
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	12.12.2012	6,00MB	10.3.183.43 notwendig	
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	12.12.2012	6,00MB	11.5.502.135 notwendig
Adobe Reader X (10.1.4) - Deutsch	Adobe Systems Incorporated	14.08.2012	169,0MB	10.1.4 notwendig
ALDI SÜD Mah Jong		15.12.2010		unnötig
Ashampoo Burning Studio	ashampoo GmbH & Co. KG	26.10.2010	130,5MB	9.23.0 unnötig
Ashampoo Photo Commander	ashampoo GmbH & Co. KG	26.10.2010	115,3MB	8.3.2 unnötig
Ashampoo Photo Optimizer	ashampoo GmbH & Co. KG	26.10.2010	37,1MB	3.12.0 unnötig
Ashampoo Snap	ashampoo GmbH & Co. KG	26.10.2010	29,8MB	3.4.1 unnötig
ATI Catalyst Install Manager	ATI Technologies, Inc.	25.10.2010	16,5MB	3.0.774.0 unbekannt
Avira Free Antivirus	Avira	13.11.2012	109,0MB	12.1.9.1236 notwendig
CCleaner	Piriform	07.04.2011		3.05 notwendig
CDBurnerXP	CDBurnerXP	17.12.2010	11,6MB	4.3.8.2474 unnötig
Cisco EAP-FAST Module	Cisco Systems, Inc.	26.10.2010	1,15MB	2.2.14 unbekannt
Cisco LEAP Module	Cisco Systems, Inc.	26.10.2010	0,48MB	1.0.19 unbekannt
Cisco PEAP Module	Cisco Systems, Inc.	26.10.2010	0,90MB	1.1.6 unbekannt
CorelDRAW Essentials 4	Corel Corporation	15.12.2010		unbekannt
CorelDRAW Essentials 4 - Windows Shell Extension	Corel Corporation	15.12.2010	2,93MB	unbekannt
Crawler Toolbar with Web Security Guard	Crawler, LLC	18.12.2010		unbekannt
CyberLink LabelPrint	CyberLink Corp.	26.10.2010	143,4MB	2.5.2602 unbekannt
CyberLink Power2Go	CyberLink Corp.	26.10.2010	104,8MB	6.1.3602c unbekannt
CyberLink PowerDVD Copy	CyberLink Corp.	26.10.2010	30,8MB	1.5.1306 unbekannt
CyberLink YouCam	CyberLink Corp.	26.10.2010	132,1MB	3.0.2626 unbekannt
Die Sims 2		03.03.2012		unnötig
Die Sims 2: Nightlife		06.03.2012	unnötig	
ESET Online Scanner v3		13.12.2012	notwendig	
Google Chrome	Google, Inc.	12.12.2012	30,7MB	65.61.49249 unnötig
Google Toolbar for Internet Explorer	Google Inc.	02.10.2012		7.4.3230.2052 unnötig
ICQ7.5	ICQ	23.07.2011		7.5 unnötig
Java(TM) 6 Update 37	Oracle	12.12.2012	97,9MB	6.0.370 unbekannt
JMicron Flash Media Controller Driver	JMicron Technology Corp.	15.12.2010		1.0.45.0 unbekannt
K11 - Kommissare im Einsatz	Sproing Interactive GmbH	26.12.2010		1.0 unnötig
Malwarebytes Anti-Malware Version 1.65.1.1000	Malwarebytes Corporation	13.12.2012	19,4MB	1.65.1.1000 notwendig
Maniac Mansion Deluxe		14.10.2012		unbekannt
Medion Home Cinema	CyberLink Corp.	26.10.2010	36,4MB	8.0.1505 unnötig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	25.10.2010	38,8MB	4.0.30319 notwendig
Microsoft Office 2010	Microsoft Corporation	25.10.2010	6,31MB	14.0.4763.1000 notwendig
Microsoft Office Klick-und-Los 2010	Microsoft Corporation	18.12.2010		14.0.4763.1000 unbekannt
Microsoft Office Starter 2010 - Deutsch	Microsoft Corporation	08.01.2011		14.0.4763.1000 unbekannt
Microsoft PowerPoint Viewer	Microsoft Corporation	12.12.2012	227MB	14.0.6029.1000 notwendig
Microsoft Silverlight	Microsoft Corporation	11.05.2012	199,9MB	4.1.10329.0 unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	26.10.2010	1,70MB	3.1.0000 unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	25.10.2010	0,25MB	8.0.50727.4053 unbekannt
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	19.06.2011	0,29MB	8.0.56336 unbekannt
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	26.04.2011	0,58MB	9.0.30729.5570 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	26.10.2010	0,23MB	9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	25.10.2010	0,58MB	9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	19.06.2011	0,59MB	9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	25.04.2012	16,5MB	10.0.40219 unbekannt
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	25.10.2010	1,35MB	4.20.9876.0 unbekannt
MSXML 4.0 SP3 Parser	Microsoft Corporation	12.12.2012	1,48MB	4.30.2100.0 unbekannt
MSXML 4.0 SP3 Parser (KB2721691)	Microsoft Corporation	13.12.2012	1,53MB	4.30.2114.0 unbekannt
NVIDIA PhysX	NVIDIA Corporation	26.12.2010	119,9MB	9.09.0203 unbekannt
OpenOffice.org 3.4.1	Apache Software Foundation	08.12.2012	332MB	3.41.9593 notwendig
PlayReady PC Runtime x86	Microsoft Corporation	15.12.2010	1,65MB	1.3.0 unbekannt
ProtectDisc Driver, Version 11	ProtectDisc Software GmbH	04.09.2011		11.0.0.14 unbekannt
Realtek Ethernet Controller Driver For Windows 7	Realtek	26.10.2010		7.18.322.2010 unbekannt
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	15.12.2010		6.0.1.6132 unbekannt
REALTEK Wireless LAN Driver	REALTEK Semiconductor Corp.	26.10.2010		1.00.0148 unbekannt
RUNAWAY: A TWIST OF FATE	CRIMSON COW	24.10.2011		1.0 unnötig
Schlag den Raab	bitComposer Games GmbH	04.09.2011	679MB	unnötig
Secunia PSI (2.0.0.4003)	Secunia	22.05.2012	3,47MB	2.0.0.4003 notwendig
Synaptics Pointing Device Driver	Synaptics Incorporated	26.10.2010	46,4MB	15.0.18.0 unbekannt
System Control Manager	Micro-Star International Co., Ltd.	26.10.2010		2.210.0719.M007.01 unbekannt
Uniblue RegistryBooster	Uniblue Systems Ltd	17.12.2010	16,8MB	unbekannt
Veetle TV 0.9.18	Veetle, Inc	14.02.2011		0.9.18 unnötig
Winamp	Nullsoft, Inc	12.12.2012		5.63 notwendig
Winamp Erkennungs-Plug-in	Nullsoft, Inc	17.12.2010	63,00KB	1.0.0.1 unbekannt
Windows Live Essentials	Microsoft Corporation	27.10.2010		15.4.3502.0922 unbekannt
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	26.10.2010	5,58MB	15.4.5722.2 unbekannt
Windows Media Encoder 9 Series		26.10.2010	unbekannt	
Xvid 1.1.3 final uninstall	Xvid team (Koepi)	08.10.2011		1.1 unbekannt
         

Alt 16.12.2012, 20:40   #12
markusg
/// Malware-holic
 
Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden! - Standard

Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden!



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
ALDI
Ashampoo : alle
CDBurnerXP
CorelDRAW : alle
Crawler
CyberLink : alle
Die Sims : beide
ESET : bei Bedarf instalieren.
Google : beide
ICQ7.5
Java
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
K11
Maniac
Medion
RUNAWAY:
Schlag den Raab
Uniblue : finger weg von Registry tools, das Löschen dort, bringt nichts, und ist nur in sältenen Fällen nötig. es ist aber Gefährlich in der Registry rumzuspielen.
Veetle
Windows Live : alle, von dir nicht verwendeten.

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.12.2012, 21:49   #13
Bene4
 
Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden! - Standard

Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden!



Code:
ATTFilter
 # AdwCleaner v2.101 - Datei am 16/12/2012 um 22:47:32 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Jana - JANA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jana\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Program Files\ICQ6Toolbar
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Jana\AppData\Local\OpenCandy
Ordner Gefunden : C:\Users\Jana\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Schlüssel Gefunden : HKU\S-1-5-21-708478002-281803654-409329748-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gefunden : HKU\S-1-5-21-708478002-281803654-409329748-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.icq.com/
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

-\\ Google Chrome v23.0.1271.97

Datei : C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1924 octets] - [16/12/2012 22:47:32]

########## EOF - C:\AdwCleaner[R1].txt - [1984 octets] ##########
         
mein internet explorer browser funktioniert nicht mehr richtig, ist das normal? musste jetzt über chrome online

Alt 17.12.2012, 10:15   #14
markusg
/// Malware-holic
 
Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden! - Standard

Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden!



hi



  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige
    jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die
    Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Starte neu.
Teste, wie der PC läuft, und Programme, wie zb Browser.
Teile mir mit, welche Probleme es gibt, falls es noch welche geben sollte.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.12.2012, 11:09   #15
Bene4
 
Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden! - Standard

Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden!



Code:
ATTFilter
 # AdwCleaner v2.101 - Datei am 17/12/2012 um 11:53:41 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Jana - JANA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jana\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Jana\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\Jana\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Google Chrome v23.0.1271.97

Datei : C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2053 octets] - [16/12/2012 22:47:32]
AdwCleaner[S1].txt - [1617 octets] - [17/12/2012 11:53:41]

########## EOF - C:\AdwCleaner[S1].txt - [1677 octets] ##########
         
Der Internet Explorer läuft bei Seiten wie Facebook und Youtube nicht korrekt, die Seiten bauen sich nicht komplett auf und es dauert ziemlich lange und bei facebook tut sich nach einiger Zeit gar nichts mehr.
Chrome läuft dagegen einwandfrei und so schnell wie immer.

Kannst du mir sonst nen anderen Browser empfehlen? von chrome halte ich nämlich nich viel und iexplorer ist zu unsicher hab ich gehört.
Andere Programme wie Openoffice arbeiten korrekt.

Antwort

Themen zu Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden!
administrator, adware, anti-malware, appdata, autostart, code, dateien, defender, downloader, entfernen, escan, eset, explorer, files, html/iframe.b.gen, malwarebytes, microsoft, online, onlinescan, scan, service, speicher, version, virus, win, windows



Ähnliche Themen: Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden!


  1. Windows Vista Home Premium Service Pack 2 Win32/Bundled.Toolbar.Google.D und Variante von Win32/OpenCandy.C mit eset online scanner gefunden
    Log-Analyse und Auswertung - 16.10.2015 (9)
  2. Win 8.1 = Trojan.Generic.12552373, Win32.Adware.OpenCandy.C, Win32.Application.SysTwak.J
    Plagegeister aller Art und deren Bekämpfung - 13.09.2015 (12)
  3. GData meldet Win32.Adware.OpenCandy.C
    Log-Analyse und Auswertung - 25.12.2014 (5)
  4. Möglicherweise Win32:Evo-gen & HTML:Iframe-inf
    Plagegeister aller Art und deren Bekämpfung - 19.08.2014 (14)
  5. Windows 7 - WIN32.Application.lincury.B (EngineB) & PUP.Optional.OpenCandy gefunden
    Log-Analyse und Auswertung - 18.07.2014 (20)
  6. Not-a-Virus: Adware.win32.cydoor von Kaspersky auf externer Festplatte gefunden
    Plagegeister aller Art und deren Bekämpfung - 22.01.2014 (3)
  7. Adware/win32/opencandy
    Log-Analyse und Auswertung - 07.01.2013 (7)
  8. HTML/Iframe.aho
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (13)
  9. 'HTML/IFrame.aho' [virus] in Datei C:\Users\Nana\AppData\Local\Mozilla\Firefox\Profiles\twl50o4s.de
    Plagegeister aller Art und deren Bekämpfung - 03.08.2012 (9)
  10. html/iframe.b.gen virus BKA trojaner
    Plagegeister aller Art und deren Bekämpfung - 14.06.2012 (13)
  11. Win32:Trojan-gen, Win32:Rootkit-gen, Win32:Adware-gen gefunden!
    Log-Analyse und Auswertung - 14.07.2008 (1)
  12. HTML/IFrame.ktf' [virus]
    Mülltonne - 14.07.2008 (0)
  13. HTML/IFrame.aaa.100
    Mülltonne - 17.01.2008 (0)
  14. Antivir Update funktioniert nicht (HTML/IFrame.Age.tih & HEUR/Exploit.HTML gefunden)
    Plagegeister aller Art und deren Bekämpfung - 05.12.2007 (1)
  15. iframe Virus schreibt sich in index.html Seiten
    Plagegeister aller Art und deren Bekämpfung - 09.08.2007 (2)
  16. iframe Virus schreibt sich in index.html Seiten
    Plagegeister aller Art und deren Bekämpfung - 05.05.2007 (12)
  17. NOD32 hat Win32/Adware.UCmore und Win32/ServU-Daemon auf E: gefunden!
    Plagegeister aller Art und deren Bekämpfung - 18.04.2006 (7)

Zum Thema Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden! - Hallo wurde von Windows Defender auf die Adware Win32/OpenCandy aufmerksam gemacht. Habe darauf hin einen Scan mit Malwarebytes durchgeführt und einen Eset Online Scan bei dem ein Threat gefunden wurde - Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden!...
Archiv
Du betrachtest: Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.