| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.12.2012, 14:16
| #1 |
 |  Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden! Hallo wurde von Windows Defender auf die Adware Win32/OpenCandy aufmerksam gemacht. Habe darauf hin einen Scan mit Malwarebytes durchgeführt und einen Eset Online Scan bei dem ein Threat gefunden wurde (HTML/Iframe.B.Gen virus) Könnt ihr mir helfen diese beiden Sachen zu entfernen? Hier der Malwarebytes Log Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.14.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Jana :: JANA-PC [Administrator] 14.12.2012 09:18:33 mbam-log-2012-12-14 (09-18-33).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 333611 Laufzeit: 1 Stunde(n), 40 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) und hier der ESET Scan Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=7ca51145c8de36468f85c8d5d7ded3e9
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-14 01:06:05
# local_time=2012-12-14 02:06:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 100 96942 101260849 88716 0
# compatibility_mode=5893 16776573 100 94 20705 107121556 0 0
# scanned=148821
# found=1
# cleaned=0
# scan_time=6433
C:\Users\Jana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CV9LCJIL\1market[1].htm HTML/Iframe.B.Gen virus (unable to clean) 342D4D7AD82762DAC1A764078539A69010DDDF6A I
|
|
14.12.2012, 14:30
| #2 |
| /// Malware-holic   | Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden! Hi
__________________und, bekommen wir auch noch das Ergebniss des Microsoft Scanners bitte? sollte in den Details zu finden sein
__________________ |
|
16.12.2012, 13:38
| #3 |
| | Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden! hey, hab nochmal nen neuen scan mit dem defender gemacht und habe nach längerer Suche folgende Logs gefunden, hoffe einer von den beiden hilft euch weiter.
__________________Code:
ATTFilter Protokollname: Microsoft-Windows-Windows Defender/Operational
Quelle: Microsoft-Windows-Windows Defender
Datum: 16.12.2012 13:19:10
Ereignis-ID: 1006
Aufgabenkategorie:Keine
Ebene: Warnung
Schlüsselwörter:
Benutzer: SYSTEM
Computer: Jana-PC
Beschreibung:
Bei der Windows Defender-Überprüfung wurde Spyware oder mögliche unerwünschte Software entdeckt.
Weitere Informationen finden Sie hier:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/OpenCandy&threatid=159633
Name:Adware:Win32/OpenCandy
ID:159633
Schweregrad:Mittel
Kategorie:Adware
Gefundener Pfad:containerfile:C:\Users\Jana\AppData\Roaming\OpenCandy\OpenCandy_1F6356C6D0F046AB93D0A3BD80DBF5A3\DLMgr3WrapperUniBlue.exe;containerfile:C:\Users\Jana\AppData\Roaming\OpenCandy\OpenCandy_4A7764BD9DAA4183B31359CD845F65F9\DLMgr_3_1.6.87.exe;containerfile:C:\Users\Jana\Downloads\cdbxp_setup_4.3.8.2474.exe;file:C:\Users\Jana\AppData\Roaming\OpenCandy\1F6356C6D0F046AB93D0A3BD80DBF5A3\registrybooster21.exe;file:C:\Users\Jana\AppData\Roaming\OpenCandy\1F6356C6D0F046AB93D0A3BD80DBF5A3\registrybooster21Wrapped.exe;file:C:\Users\Jana\AppData\Roaming\OpenCandy\OpenCandy_1F6356C6D0F046AB93D0A3BD80DBF5A3\DLMgr3WrapperUniBlue.exe;file:C:\Users\Jana\AppData\Roaming\OpenCandy\OpenCandy_1F6356C6D0F046AB93D0A3BD80DBF5A3\DLMgr3WrapperUniBlue.exe->(nsis-3-OCSetupHlp.dll);file:C:\Users\Jana\AppData\Roaming\OpenCandy\OpenCandy_4A7764BD9DAA4183B31359CD845F65F9\DLMgr_3_1.6.87.exe;file:C:\Users\Jana\AppData\Roaming\OpenCandy\OpenCandy_4A7764BD9DAA4183B31359CD845F65F9\DLMgr_3_1.6.87.exe->(nsis-3-OCSetupHlp.dll);file:C:\Users\Jana\AppD
Feststellungstyp:Konkret
Feststellungsquelle:System
Status:Unbekannt
Benutzer:NT-AUTORITÄT\SYSTEM
Prozessname:
Ereignis-XML:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Windows Defender" Guid="{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}" />
<EventID>1006</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-12-16T12:19:10.525413700Z" />
<EventRecordID>391</EventRecordID>
<Correlation />
<Execution ProcessID="5748" ThreadID="6032" />
<Channel>Microsoft-Windows-Windows Defender/Operational</Channel>
<Computer>Jana-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Product Name">%%827</Data>
<Data Name="Product Version">6.1.7600.16385</Data>
<Data Name="Detection ID">{D08D2695-4F13-4FA7-BF7B-553470E18FDF}</Data>
<Data Name="Detection Source Index">2</Data>
<Data Name="Detection Source">%%820</Data>
<Data Name="Unused">
</Data>
<Data Name="Process Name">
</Data>
<Data Name="Domain">NT-AUTORITÄT</Data>
<Data Name="User">SYSTEM</Data>
<Data Name="SID">S-1-5-18</Data>
<Data Name="Threat Name">Adware:Win32/OpenCandy</Data>
<Data Name="Threat ID">159633</Data>
<Data Name="Severity ID">2</Data>
<Data Name="Category ID">1</Data>
<Data Name="FWLink">hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/OpenCandy&threatid=159633</Data>
<Data Name="Path Found">containerfile:C:\Users\Jana\AppData\Roaming\OpenCandy\OpenCandy_1F6356C6D0F046AB93D0A3BD80DBF5A3\DLMgr3WrapperUniBlue.exe;containerfile:C:\Users\Jana\AppData\Roaming\OpenCandy\OpenCandy_4A7764BD9DAA4183B31359CD845F65F9\DLMgr_3_1.6.87.exe;containerfile:C:\Users\Jana\Downloads\cdbxp_setup_4.3.8.2474.exe;file:C:\Users\Jana\AppData\Roaming\OpenCandy\1F6356C6D0F046AB93D0A3BD80DBF5A3\registrybooster21.exe;file:C:\Users\Jana\AppData\Roaming\OpenCandy\1F6356C6D0F046AB93D0A3BD80DBF5A3\registrybooster21Wrapped.exe;file:C:\Users\Jana\AppData\Roaming\OpenCandy\OpenCandy_1F6356C6D0F046AB93D0A3BD80DBF5A3\DLMgr3WrapperUniBlue.exe;file:C:\Users\Jana\AppData\Roaming\OpenCandy\OpenCandy_1F6356C6D0F046AB93D0A3BD80DBF5A3\DLMgr3WrapperUniBlue.exe->(nsis-3-OCSetupHlp.dll);file:C:\Users\Jana\AppData\Roaming\OpenCandy\OpenCandy_4A7764BD9DAA4183B31359CD845F65F9\DLMgr_3_1.6.87.exe;file:C:\Users\Jana\AppData\Roaming\OpenCandy\OpenCandy_4A7764BD9DAA4183B31359CD845F65F9\DLMgr_3_1.6.87.exe->(nsis-3-OCSetupHlp.dll);file:C:\Users\Jana\AppD</Data>
<Data Name="Unused2">
</Data>
<Data Name="Unused3">
</Data>
<Data Name="Execution Status Index">0</Data>
<Data Name="Execution Status">%%812</Data>
<Data Name="Detection Type Index">0</Data>
<Data Name="Detection Type">%%822</Data>
<Data Name="Unused4">
</Data>
<Data Name="Unused5">
</Data>
<Data Name="Severity Name">Mittel</Data>
<Data Name="Category Name">Adware</Data>
</EventData>
</Event>
Zweiter Log: Code:
ATTFilter Protokollname: Microsoft-Windows-Windows Defender/Operational
Quelle: Microsoft-Windows-Windows Defender
Datum: 16.12.2012 13:19:10
Ereignis-ID: 1001
Aufgabenkategorie:Keine
Ebene: Informationen
Schlüsselwörter:
Benutzer: SYSTEM
Computer: Jana-PC
Beschreibung:
Die Windows Defender-Überprüfung wurde fertig gestellt.
Überprüfungs-ID:{50CF1AE1-6E80-44ED-8A57-C0269ED58911}
Überprüfungstyp:AntiSpyware
Überprüfungsparameter:Vollständiger Scan
Benutzer:Jana-PC\Jana
Überprüfungszeit:1:54:56
Ereignis-XML:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Windows Defender" Guid="{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}" />
<EventID>1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-12-16T12:19:10.525413700Z" />
<EventRecordID>392</EventRecordID>
<Correlation />
<Execution ProcessID="5748" ThreadID="6032" />
<Channel>Microsoft-Windows-Windows Defender/Operational</Channel>
<Computer>Jana-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Product Name">%%827</Data>
<Data Name="Product Version">6.1.7600.16385</Data>
<Data Name="Scan ID">{50CF1AE1-6E80-44ED-8A57-C0269ED58911}</Data>
<Data Name="Scan Type Index">2</Data>
<Data Name="Scan Type">%%801</Data>
<Data Name="Scan Parameters Index">2</Data>
<Data Name="Scan Parameters">%%805</Data>
<Data Name="Domain">Jana-PC</Data>
<Data Name="User">Jana</Data>
<Data Name="SID">S-1-5-21-708478002-281803654-409329748-1000</Data>
<Data Name="Scan Time Hours">1</Data>
<Data Name="Scan Time Minutes">54</Data>
<Data Name="Scan Time Seconds">56</Data>
</EventData>
</Event>
|
|
16.12.2012, 17:21
| #4 |
| /// Malware-holic | Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden! Hi, Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.12.2012, 20:28
| #5 |
| | Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden! OTL.txt : OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.12.2012 20:09:37 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jana\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 72,16% Memory free 6,00 Gb Paging File | 4,99 Gb Available in Paging File | 83,14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 424,66 Gb Total Space | 332,48 Gb Free Space | 78,29% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 30,87 Gb Free Space | 77,19% Space Free | Partition Type: NTFS Computer Name: JANA-PC | User Name: Jana | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.16 20:06:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jana\Downloads\OTL.exe PRC - [2012.12.13 11:28:33 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe PRC - [2012.10.04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.08.12 13:00:06 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.10 15:24:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.10 15:24:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.10 15:24:16 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.01.04 14:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE PRC - [2011.10.14 07:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe PRC - [2011.10.14 07:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe PRC - [2011.10.14 07:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe PRC - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.09.21 13:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.09.21 13:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2010.07.30 21:30:00 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.07.30 21:29:00 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010.07.19 12:59:02 | 002,482,176 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Programme\System Control Manager\MGSysCtrl.exe PRC - [2010.06.08 16:19:14 | 001,481,320 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2009.11.02 13:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.07.09 14:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Programme\System Control Manager\MSIService.exe PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2012.11.18 13:45:48 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll MOD - [2012.11.18 13:45:40 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll MOD - [2012.11.18 13:45:06 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012.11.18 13:44:57 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012.11.18 13:44:34 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012.11.18 13:44:29 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012.11.18 13:44:28 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012.11.18 13:44:11 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2010.11.13 01:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.11.13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.10.26 15:58:38 | 001,708,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3863.37734__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll MOD - [2010.10.26 15:58:38 | 000,380,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3863.37611__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010.10.26 15:58:38 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3863.37668__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010.10.26 15:58:38 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3863.37632__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010.10.26 15:58:38 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Dashboard\2.0.3863.37736__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Dashboard.dll MOD - [2010.10.26 15:58:38 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3863.37702__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2010.10.26 15:58:38 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.3863.37712__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.dll MOD - [2010.10.26 15:58:38 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3863.37669__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010.10.26 15:58:38 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3863.37683__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010.10.26 15:58:38 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3863.37619__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010.10.26 15:58:38 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3863.37663__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010.10.26 15:58:38 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3863.37704__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010.10.26 15:58:38 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3863.37668__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010.10.26 15:58:38 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossFireX.Graphics.Dashboard\2.0.3863.37728__90ba9c70f846762e\CLI.Aspect.CrossFireX.Graphics.Dashboard.dll MOD - [2010.10.26 15:58:38 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3863.37653__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2010.10.26 15:58:38 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3863.37701__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2010.10.26 15:58:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3863.37626__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010.10.26 15:58:38 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Runtime\2.0.3863.37712__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Runtime.dll MOD - [2010.10.26 15:58:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3863.37620__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2010.10.26 15:58:38 | 000,013,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Runtime\2.0.3863.37736__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Runtime.dll MOD - [2010.10.26 15:58:38 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3863.37734__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll MOD - [2010.10.26 15:58:37 | 001,298,432 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3863.37730__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll MOD - [2010.10.26 15:58:37 | 000,856,064 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3863.37656__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010.10.26 15:58:37 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3863.37633__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2010.10.26 15:58:37 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3863.37677__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010.10.26 15:58:37 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3863.37654__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010.10.26 15:58:37 | 000,376,832 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3863.37650__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2010.10.26 15:58:37 | 000,323,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3863.37662__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2010.10.26 15:58:37 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3863.37636__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2010.10.26 15:58:37 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010.10.26 15:58:37 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3863.37632__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010.10.26 15:58:37 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3863.37655__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010.10.26 15:58:37 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3863.37660__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2010.10.26 15:58:37 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3863.37654__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010.10.26 15:58:37 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3863.37655__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010.10.26 15:58:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3863.37660__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2010.10.26 15:58:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3863.37636__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2010.10.26 15:58:37 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3863.37662__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010.10.26 15:58:37 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3863.37600__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010.10.26 15:58:37 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3863.37602__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010.10.26 15:58:37 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3863.37605__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010.10.26 15:58:37 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010.10.26 15:58:37 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3863.37602__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010.10.26 15:58:37 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3863.37606__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010.10.26 15:58:37 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3863.37701__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010.10.26 15:58:37 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3863.37604__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010.10.26 15:58:37 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3863.37708__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2010.10.26 15:58:37 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3863.37610__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010.10.26 15:58:37 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3863.37606__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010.10.26 15:58:36 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3863.37604__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010.10.26 15:58:36 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3863.37601__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010.10.26 15:58:36 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3863.37646__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010.10.26 15:58:36 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3863.37683__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010.10.26 15:58:36 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3863.37668__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010.10.26 15:58:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3863.37629__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010.10.26 15:58:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3863.37654__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010.10.26 15:58:36 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3863.37620__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010.10.26 15:58:36 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010.10.26 15:58:36 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3863.37702__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010.10.26 15:58:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3863.37663__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010.10.26 15:58:36 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3863.37620__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010.10.26 15:58:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3863.37697__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010.10.26 15:58:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3863.37677__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2010.10.26 15:58:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3863.37620__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2010.10.26 15:58:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3863.37629__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010.10.26 15:58:36 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3863.37603__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010.10.26 15:58:36 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3863.37660__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2010.10.26 15:58:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3863.37603__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010.10.26 15:58:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3863.37610__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2010.10.26 15:58:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3863.37602__90ba9c70f846762e\APM.Foundation.dll MOD - [2010.10.26 15:58:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010.10.26 15:58:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.dll MOD - [2010.10.26 15:58:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010.10.26 15:58:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3863.37626__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010.10.26 15:58:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3863.37619__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010.10.26 15:58:36 | 000,012,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3863.37677__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll MOD - [2010.10.26 15:58:36 | 000,009,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3863.37703__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll MOD - [2010.10.26 15:58:36 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3863.37602__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010.10.26 15:58:36 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3863.37610__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010.10.26 15:58:36 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3863.37606__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010.10.26 15:58:36 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3863.37605__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010.10.26 15:58:35 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3863.37616__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010.10.26 15:58:35 | 000,741,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3863.37728__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll MOD - [2010.10.26 15:58:35 | 000,577,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3863.37692__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2010.10.26 15:58:35 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3863.37625__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010.10.26 15:58:35 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3863.37697__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010.10.26 15:58:35 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3863.37695__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010.10.26 15:58:35 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3863.37608__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010.10.26 15:58:35 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3863.37609__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010.10.26 15:58:35 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3863.37605__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010.10.26 15:58:35 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3863.37709__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010.10.26 15:58:35 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3863.37605__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010.10.26 15:58:35 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3863.37614__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010.10.26 15:58:35 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3863.37603__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010.10.26 15:58:35 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010.10.26 15:58:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3863.37604__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010.10.26 15:58:35 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3863.37697__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010.10.26 15:58:35 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3863.37625__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010.10.26 15:58:35 | 000,010,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3863.37615__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010.10.26 15:58:35 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3863.37631__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010.10.26 15:58:35 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3863.37608__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010.10.26 15:58:35 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3863.37606__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2010.10.26 15:58:34 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3863.37608__90ba9c70f846762e\APM.Server.dll MOD - [2010.10.26 15:58:34 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3863.37607__90ba9c70f846762e\AEM.Server.dll MOD - [2009.11.02 13:23:36 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 13:20:10 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll ========== Services (SafeList) ========== SRV - [2012.12.13 11:28:35 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.10 15:24:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.10 15:24:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.01.04 14:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc) SRV - [2011.10.14 07:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2011.10.14 07:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.09.22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 13:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.07.30 21:29:00 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.09 14:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Programme\System Control Manager\MSIService.exe -- (Micro Star SCM) SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012.05.10 15:24:18 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.10 15:24:18 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011.10.01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011.10.01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011.10.01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2011.09.16 15:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.09.01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI) DRV - [2010.08.16 05:41:00 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2010.07.30 23:40:00 | 005,552,640 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010.07.30 20:56:00 | 000,176,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.05.26 16:59:52 | 000,136,304 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2010.04.29 04:43:00 | 000,030,464 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2010.04.01 09:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2010.03.09 21:03:00 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2009.12.02 14:01:06 | 000,168,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2009.10.08 15:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.07.13 23:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programme\Crawler\Toolbar\ctbr.dll (Crawler.com) IE - HKCU\..\SearchScopes,DefaultScope = {3B46B3D6-FE7D-43E6-8A6C-19F97C43CA37} IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60452 IE - HKCU\..\SearchScopes\{3B46B3D6-FE7D-43E6-8A6C-19F97C43CA37}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393DE411 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.210.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programme\Crawler\Toolbar\ctbr.dll (Crawler.com) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programme\Crawler\Toolbar\ctbr.dll (Crawler.com) O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programme\Crawler\Toolbar\ctbr.dll (Crawler.com) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [PCSpeedUp] C:\Program Files\PC Beschleunigen\PCSpeedUp.lnk () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{135951BA-ECD3-423F-BA85-ACB7B4E98D4E}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programme\Crawler\Toolbar\ctbr.dll (Crawler.com) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk - C:\Programme\Secunia\PSI\psi_tray.exe - (Secunia) MsConfig - StartUpReg: ICQ - hkey= - key= - File not found MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - StartUpReg: WinampAgent - hkey= - key= - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.12.14 14:20:15 | 000,000,000 | ---D | C] -- C:\Users\Jana\Desktop\Virenbekämpfung [2012.12.14 12:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.12.14 09:16:21 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\Malwarebytes [2012.12.14 09:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.14 09:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.14 09:16:08 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.12.14 09:16:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.12.13 11:35:41 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Local\WindowsUpdate [2012.12.13 11:30:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.12.13 11:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.12.10 22:26:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2012.12.09 16:00:58 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\OpenOffice.org [2012.12.09 16:00:30 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2012.12.09 15:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3 [2012.12.09 15:57:16 | 000,000,000 | ---D | C] -- C:\Users\Jana\Desktop\OpenOffice.org 3.4.1 (de) Installation Files [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.16 20:13:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.16 20:12:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.16 20:08:23 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.16 20:08:23 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.16 20:02:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.16 20:00:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.16 20:00:43 | 2415,316,992 | -HS- | M] () -- C:\hiberfil.sys [2012.12.13 11:33:30 | 000,317,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.13 11:19:25 | 000,002,252 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.12.13 11:10:07 | 000,000,816 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012.12.10 22:32:47 | 000,082,857 | ---- | M] () -- C:\Users\Jana\Desktop\Herzinsuffizienz.pdf [2012.12.10 22:31:54 | 000,224,848 | ---- | M] () -- C:\Users\Jana\Documents\referat.xps [2012.12.10 22:31:03 | 000,021,553 | ---- | M] () -- C:\Users\Jana\Desktop\Herzinsuffizienz.odt [2012.12.09 16:00:30 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.13 11:28:36 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.13 11:10:07 | 000,000,816 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012.12.10 22:32:45 | 000,082,857 | ---- | C] () -- C:\Users\Jana\Desktop\Herzinsuffizienz.pdf [2012.12.10 22:31:52 | 000,224,848 | ---- | C] () -- C:\Users\Jana\Documents\referat.xps [2012.12.09 19:33:46 | 000,021,553 | ---- | C] () -- C:\Users\Jana\Desktop\Herzinsuffizienz.odt [2012.12.09 16:00:30 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2011.10.09 18:56:42 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.10.09 18:56:42 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.10.01 12:11:34 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.08.10 15:34:14 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Ashampoo [2011.02.14 13:12:13 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\BullGuard [2010.12.18 15:37:39 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Canneverbe Limited [2010.12.18 15:47:03 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1 [2012.06.25 19:34:21 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\ICQ [2011.10.09 11:48:21 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\OpenCandy [2012.12.09 16:00:58 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\OpenOffice.org [2011.09.05 19:13:17 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\ProtectDISC [2012.12.09 21:34:55 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\SoftGrid Client [2011.02.14 13:12:13 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Software Inspection Library [2011.01.09 22:23:54 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\TP [2010.12.20 23:19:51 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.12.18 17:32:57 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2010.12.16 20:26:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.12.14 12:16:31 | 000,000,000 | R--D | M] -- C:\Program Files [2012.12.14 09:16:09 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.12.16 20:26:38 | 000,000,000 | -HSD | M] -- C:\Programme [2010.12.16 20:26:38 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.12.16 20:11:15 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.12.16 20:30:02 | 000,000,000 | R--D | M] -- C:\Users [2012.12.14 09:15:25 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] [2009.07.14 05:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2010.12.16 20:27:00 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2010.12.16 20:27:01 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012.12.13 11:28:36 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTORV.SYS > [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2010.07.30 21:30:00 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2012.12.16 20:13:10 | 002,097,152 | -HS- | M] () -- C:\Users\Jana\ntuser.dat [2012.12.16 20:13:10 | 000,262,144 | -HS- | M] () -- C:\Users\Jana\ntuser.dat.LOG1 [2010.12.16 20:30:03 | 000,000,000 | -HS- | M] () -- C:\Users\Jana\ntuser.dat.LOG2 [2010.12.16 20:37:06 | 000,065,536 | -HS- | M] () -- C:\Users\Jana\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010.12.16 20:37:05 | 000,524,288 | -HS- | M] () -- C:\Users\Jana\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010.12.16 20:37:06 | 000,524,288 | -HS- | M] () -- C:\Users\Jana\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2011.03.23 20:12:56 | 000,065,536 | -HS- | M] () -- C:\Users\Jana\ntuser.dat{74bd4ef3-557c-11e0-a6b9-406186af320b}.TM.blf [2011.03.23 20:12:56 | 000,524,288 | -HS- | M] () -- C:\Users\Jana\ntuser.dat{74bd4ef3-557c-11e0-a6b9-406186af320b}.TMContainer00000000000000000001.regtrans-ms [2011.03.23 20:12:56 | 000,524,288 | -HS- | M] () -- C:\Users\Jana\ntuser.dat{74bd4ef3-557c-11e0-a6b9-406186af320b}.TMContainer00000000000000000002.regtrans-ms [2010.12.16 20:30:03 | 000,000,020 | -HS- | M] () -- C:\Users\Jana\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > Extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.12.2012 20:09:37 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jana\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 72,16% Memory free
6,00 Gb Paging File | 4,99 Gb Available in Paging File | 83,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424,66 Gb Total Space | 332,48 Gb Free Space | 78,29% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 30,87 Gb Free Space | 77,19% Space Free | Partition Type: NTFS
Computer Name: JANA-PC | User Name: Jana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D6CE194-0645-4A63-836A-F91A40E390D5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0F7B411E-AC8B-470C-9C6D-48F34F4825E6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1CD79DF9-AC8B-4A0D-A297-E92156824FD9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1E1EC31C-EEDC-437D-B506-C16E3823A82A}" = rport=445 | protocol=6 | dir=out | app=system |
"{351F5236-E872-4D3F-932A-169E2E8586D1}" = rport=138 | protocol=17 | dir=out | app=system |
"{3FB8ABF8-EC6F-4248-9C62-96B1006A159C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{423F9A24-F8B6-47A9-AFAD-B831C943044A}" = lport=139 | protocol=6 | dir=in | app=system |
"{4914306A-230B-4106-A706-D8CB1DB7A217}" = rport=139 | protocol=6 | dir=out | app=system |
"{4DF1C278-CC14-4774-9751-7588F05BE392}" = lport=137 | protocol=17 | dir=in | app=system |
"{50CD42F3-0EF8-4A6B-AE2F-7CA0EFB2D3A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5FCB4CA0-4234-4B05-8D98-451B081C133E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6121F529-688C-41FE-938B-B7550849903D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6143580E-3058-4523-9030-9DDE3802C068}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{68C52244-5C69-4F10-863F-99E97BF3238A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{767B55A6-230D-4A19-88B7-80B33A862EB1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7B31E753-28D3-4761-9141-C6C05A4CA791}" = rport=137 | protocol=17 | dir=out | app=system |
"{8241324F-F441-4514-913B-1B67F89FEB61}" = lport=445 | protocol=6 | dir=in | app=system |
"{947A350F-954F-4265-8CB9-AC957CF06DEE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9BC90078-1291-4C5A-8F01-21A0DDC37774}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AAA383F5-8D1A-457C-8C9F-AF79B7FEFAB9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B2F4212B-43C4-49FA-9520-857BF95F2C3A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B99AE337-76D4-47E9-B11A-F81D6BCB79A3}" = lport=138 | protocol=17 | dir=in | app=system |
"{CA194E91-D0D0-4297-9525-ADE3BE9B3FB5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DB0D51F8-0074-466E-90EC-834C47C5CB48}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DB640436-E021-4F38-A740-AC3D8930CFA9}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2770F54A-1E69-423A-BE52-767927465819}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2DF59073-7682-464C-895D-750B61FC3FDF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3121CB5C-8167-45CB-A9A9-E5CEE6C7B533}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{327C36DF-86ED-4644-9DAC-F86264C4A99A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4561DB4B-9A31-4FE9-A835-F355E626F542}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{568D06AE-D575-4AC9-B8E9-684DD6D93E60}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{61E0FB1F-5983-4F5A-95E2-603D55A8F26A}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{6B3123D4-784B-485A-B21A-047A26F6F51A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6C059CCA-6CA1-45B9-B5C0-149D4A332E27}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{7025881C-7EF7-4B3C-86B3-2ADE4A707829}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7323CA0E-109D-4FA0-857E-02BCC68464C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{819845A6-F072-4D6C-96AE-D3529B124497}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{91D3F860-D7EE-4C38-B9F0-BA06B91CE6A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{934E815B-532D-4C81-A9BF-B37005F23E84}" = protocol=6 | dir=out | app=system |
"{9C2AC083-BDBD-49CC-B63D-0D7B2F8D624D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A43DA7E3-2C8B-4FAA-A9F7-C259338A1081}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C20FF8B2-51E1-49D4-A98D-B904587D085B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{D402182D-AFCC-4740-947E-71ABCA6008E9}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{DAB5A0B8-C46F-4CBC-A02B-8412EA5BD114}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E1B98BA6-2EF8-4765-BA3F-AF966A255251}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E3E4ED30-0E1F-464A-8C64-433EFA0FBF06}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC3B3B34-6C50-4321-AD2B-4261CD146125}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{F57CC324-E07C-4632-BC66-D9D260C93BB9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{9C518A45-73C5-4B07-A373-4BC20D3B40C3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A0D79C77-5BAD-4F05-B533-7810473C0F91}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{1E0C7B42-CBC7-46FE-8C81-B38499D7A63D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2EEAFDFE-82F4-4D09-A1EE-CD5E7082EB9D}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{040E8987-3C5C-EEE9-7C3C-1A25D5EFE21E}" = Catalyst Control Center Graphics Light
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{12A58E1A-7B5F-6CC8-A299-C9896DCD7982}" = CCC Help Italian
"{142C7D29-6031-806E-C3F5-9053594EF332}" = ATI Catalyst Install Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1BCE0E72-5BE9-150F-04B8-75C1C67E01EB}" = CCC Help Chinese Traditional
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{1FDDD2DF-4EDD-BDBB-483D-8DBF60DA5BAB}" = CCC Help Finnish
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{275C93C7-5FE4-3157-D289-AADD3E973B75}" = CCC Help Korean
"{28C40108-8E43-7BFB-C9DF-06C8E183323A}" = Catalyst Control Center Graphics Previews Common
"{2E03C934-17D0-D1F7-0631-8EB7DDB7B8D5}" = CCC Help Thai
"{2EA73859-A140-04D7-136C-6B29704CC796}" = CCC Help Danish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5E294C-A62C-3459-BAA0-B6AAD8E83460}" = CCC Help Swedish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{435AD583-AFB5-03A8-7F65-721327D6BB11}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F007121-E30C-09A3-E548-ED75161611E3}" = CCC Help Greek
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6438EBAC-5305-39A5-A93E-88CDFA6CE947}" = Google Chrome
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{656A4D8E-9DFA-813E-541E-C047B130D58F}" = Catalyst Control Center Core Implementation
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76690645-425D-59BF-6CA7-CBA3D68C159F}" = Catalyst Control Center Localization All
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF57B88-28DF-D7AA-A9A5-01D535C8023D}" = CCC Help Spanish
"{8B4C0BC1-67A3-6CA9-123B-992DCF14C5AF}" = Catalyst Control Center Graphics Full Existing
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DA00A19-9AB2-2724-36CD-5094EC6F4A45}" = Catalyst Control Center InstallProxy
"{8DBF1BC7-E29D-EF2A-3EAD-98D70C4F6C5B}" = ccc-core-static
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{923D47BD-3BE2-1B83-B9FD-9189FD4474AB}" = CCC Help Dutch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94DCFB3E-015B-C9B4-763B-D07329E89A6D}" = CCC Help Hungarian
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A39B0352-24A9-5D58-E272-91218BC8A51E}" = CCC Help Polish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9139E41-8969-54D1-AF85-D30E8DFF50FE}" = CCC Help Russian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BF3C0386-BADC-F3DF-25A5-435B10852B13}" = CCC Help French
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CBC9CF44-0F09-42EC-6BB0-44AC5C413BCE}" = CCC Help Turkish
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0A5043-8744-A076-9515-AD6B4421152B}" = Catalyst Control Center Graphics Previews Vista
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CFA1A443-F2D9-097D-4CE3-D965A2178B32}" = CCC Help Norwegian
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D776CF6B-93A2-DEFC-3B80-431CB59B3E76}" = CCC Help Czech
"{D7E49254-D6DD-0175-7409-F8DC8B5C1749}" = ccc-utility
"{DAAACF3B-7EFF-6A05-E2CF-2581F8B2B1B1}" = CCC Help Chinese Standard
"{DB3E28FF-969F-0C82-8C24-893823FCC203}" = CCC Help Japanese
"{DCE271F2-588E-F0B5-F0BE-7621BBAB1B6A}" = CCC Help German
"{DD70AAF2-66CA-7BDE-CF7D-AA814A8B939E}" = Catalyst Control Center Graphics Full New
"{DE656F94-4E2A-66AA-DEEA-07638647690D}" = CCC Help Portuguese
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer
"Ashampoo Snap_is1" = Ashampoo Snap
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"K11" = K11 - Kommissare im Einsatz
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Maniac Mansion Deluxe" = Maniac Mansion Deluxe
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RUNAWAY: A TWIST OF FATE (de)" = RUNAWAY: A TWIST OF FATE
"Schlag den Raab_is1" = Schlag den Raab
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veetle TV" = Veetle TV 0.9.18
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"Xvid_is1" = Xvid 1.1.3 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.10.2011 10:43:54 | Computer Name = Jana-PC | Source = Application Hang | ID = 1002
Description = Programm RATOF.exe, Version 1.0.0.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 794 Startzeit:
01cc94b688a6a3fc Endzeit: 11 Anwendungspfad: C:\Program Files\CRIMSON COW\RUNAWAY
- A TWIST OF FATE\RATOF.exe Berichts-ID:
Error - 27.10.2011 11:42:01 | Computer Name = Jana-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RATOF.exe, Version: 1.0.0.1, Zeitstempel:
0x4ae04a08 Name des fehlerhaften Moduls: RATOF.exe, Version: 1.0.0.1, Zeitstempel:
0x4ae04a08 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0005921c ID des fehlerhaften Prozesses:
0x12b0 Startzeit der fehlerhaften Anwendung: 0x01cc94b6e1d379a4 Pfad der fehlerhaften
Anwendung: C:\Program Files\CRIMSON COW\RUNAWAY - A TWIST OF FATE\RATOF.exe Pfad
des fehlerhaften Moduls: C:\Program Files\CRIMSON COW\RUNAWAY - A TWIST OF FATE\RATOF.exe
Berichtskennung:
35ffac8b-00b2-11e1-8eaf-406186af320b
Error - 28.10.2011 11:49:09 | Computer Name = Jana-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddWin32ServiceFiles: Unable to back up image of service
Google Software Updater since QueryServiceConfig API failed System Error: Das System
kann die angegebene Datei nicht finden. .
Error - 13.11.2011 07:38:04 | Computer Name = Jana-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 9b0 Startzeit: 01cca1f89eb9994c Endzeit: 16 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 20.11.2011 10:16:31 | Computer Name = Jana-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 115c Startzeit: 01cca78e0c6d3a76 Endzeit: 20 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 15.12.2011 16:19:35 | Computer Name = Jana-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Das Zeitlimit für den Vorgang wurde erreicht.
Error - 23.12.2011 08:07:35 | Computer Name = Jana-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 124c Startzeit: 01ccc166211ad5a6 Endzeit: 30 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 24.12.2011 08:45:50 | Computer Name = Jana-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version:
6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version:
0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xc000000d
ID
des fehlerhaften Prozesses: 0x3ec Startzeit der fehlerhaften Anwendung: 0x01ccc239e992d52a
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 34d9709c-2e2d-11e1-a637-406186af320b
Error - 30.12.2011 11:32:41 | Computer Name = Jana-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet
werden.
Error - 04.01.2012 07:54:17 | Computer Name = Jana-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version:
6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: SSCORE.DLL,
Version: 6.1.7601.17514, Zeitstempel: 0x4ce795a6 Ausnahmecode: 0xc0000005 Fehleroffset:
0x00001513 ID des fehlerhaften Prozesses: 0x3f0 Startzeit der fehlerhaften Anwendung:
0x01cccad78730633f Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\SSCORE.DLL Berichtskennung: d3db0d29-36ca-11e1-bc34-406186af320b
[ System Events ]
Error - 27.11.2012 17:25:41 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Aufgabenplanung" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 27.11.2012 17:25:41 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 27.11.2012 17:25:41 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Shellhardwareerkennung" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 27.11.2012 17:25:41 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1
Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 27.11.2012 17:25:41 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000
Millisekunden durchgeführt: Neustart des Diensts.
Error - 27.11.2012 17:26:41 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Server" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
Error - 27.11.2012 17:27:41 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart
des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056
Error - 06.12.2012 07:28:40 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error - 06.12.2012 07:33:42 | Computer Name = Jana-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597
(Definition 1.141.1048.0)
Error - 13.12.2012 06:19:37 | Computer Name = Jana-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597
(Definition 1.141.1573.0)
< End of report >
|
|
16.12.2012, 20:35
| #6 |
| /// Malware-holic | Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden! Hi, download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ --> Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden! |
|
16.12.2012, 20:42
| #7 |
| | Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden! TDSSKiller Log: Code:
ATTFilter 20:39:08.0392 4804 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:39:08.0548 4804 ============================================================
20:39:08.0548 4804 Current date / time: 2012/12/16 20:39:08.0548
20:39:08.0548 4804 SystemInfo:
20:39:08.0548 4804
20:39:08.0564 4804 OS Version: 6.1.7601 ServicePack: 1.0
20:39:08.0564 4804 Product type: Workstation
20:39:08.0564 4804 ComputerName: JANA-PC
20:39:08.0564 4804 UserName: Jana
20:39:08.0564 4804 Windows directory: C:\Windows
20:39:08.0564 4804 System windows directory: C:\Windows
20:39:08.0564 4804 Processor architecture: Intel x86
20:39:08.0564 4804 Number of processors: 2
20:39:08.0564 4804 Page size: 0x1000
20:39:08.0564 4804 Boot type: Normal boot
20:39:08.0564 4804 ============================================================
20:39:09.0734 4804 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:39:09.0734 4804 ============================================================
20:39:09.0734 4804 \Device\Harddisk0\DR0:
20:39:09.0734 4804 MBR partitions:
20:39:09.0734 4804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:39:09.0734 4804 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x35152000
20:39:09.0734 4804 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x35184800, BlocksNum 0x5000000
20:39:09.0734 4804 ============================================================
20:39:09.0765 4804 C: <-> \Device\Harddisk0\DR0\Partition2
20:39:09.0812 4804 D: <-> \Device\Harddisk0\DR0\Partition3
20:39:09.0812 4804 ============================================================
20:39:09.0812 4804 Initialize success
20:39:09.0812 4804 ============================================================
20:40:19.0591 5416 ============================================================
20:40:19.0591 5416 Scan started
20:40:19.0591 5416 Mode: Manual; SigCheck; TDLFS;
20:40:19.0591 5416 ============================================================
20:40:21.0385 5416 ================ Scan system memory ========================
20:40:21.0385 5416 System memory - ok
20:40:21.0385 5416 ================ Scan services =============================
20:40:21.0541 5416 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:40:21.0634 5416 1394ohci - ok
20:40:21.0697 5416 [ E6F53D6C0DEA3D375362265E175CA638 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
20:40:21.0728 5416 acedrv11 - ok
20:40:21.0759 5416 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:40:21.0775 5416 ACPI - ok
20:40:21.0822 5416 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:40:21.0884 5416 AcpiPmi - ok
20:40:21.0993 5416 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:40:22.0024 5416 AdobeARMservice - ok
20:40:22.0134 5416 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:40:22.0165 5416 AdobeFlashPlayerUpdateSvc - ok
20:40:22.0212 5416 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:40:22.0227 5416 adp94xx - ok
20:40:22.0243 5416 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:40:22.0258 5416 adpahci - ok
20:40:22.0274 5416 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:40:22.0290 5416 adpu320 - ok
20:40:22.0321 5416 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:40:22.0336 5416 AeLookupSvc - ok
20:40:22.0383 5416 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
20:40:22.0446 5416 AFD - ok
20:40:22.0492 5416 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
20:40:22.0524 5416 agp440 - ok
20:40:22.0586 5416 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
20:40:22.0617 5416 aic78xx - ok
20:40:22.0680 5416 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
20:40:22.0742 5416 ALG - ok
20:40:22.0820 5416 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
20:40:22.0851 5416 aliide - ok
20:40:22.0882 5416 [ 57470ED01EF69E113C10F5520D3F60A4 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:40:22.0945 5416 AMD External Events Utility - ok
20:40:22.0960 5416 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:40:22.0976 5416 amdagp - ok
20:40:23.0007 5416 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
20:40:23.0023 5416 amdide - ok
20:40:23.0054 5416 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:40:23.0085 5416 AmdK8 - ok
20:40:23.0241 5416 [ 10F568F7B5B0D3748259187168F56386 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:40:23.0382 5416 amdkmdag - ok
20:40:23.0491 5416 [ 0C3B556EE8DE7983A3C1BE6334926329 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:40:23.0569 5416 amdkmdap - ok
20:40:23.0740 5416 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:40:23.0787 5416 AmdPPM - ok
20:40:23.0818 5416 [ AF8E6573058C7B88651E76B4426F9E05 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
20:40:23.0834 5416 amdsata - ok
20:40:23.0865 5416 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:40:23.0881 5416 amdsbs - ok
20:40:23.0896 5416 [ 1FB960FB68C75AAE203C50D6B8004C16 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
20:40:23.0912 5416 amdxata - ok
20:40:23.0974 5416 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:40:23.0990 5416 AntiVirSchedulerService - ok
20:40:24.0068 5416 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:40:24.0099 5416 AntiVirService - ok
20:40:24.0146 5416 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
20:40:24.0255 5416 AppID - ok
20:40:24.0286 5416 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:40:24.0333 5416 AppIDSvc - ok
20:40:24.0364 5416 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
20:40:24.0411 5416 Appinfo - ok
20:40:24.0442 5416 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
20:40:24.0458 5416 arc - ok
20:40:24.0474 5416 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:40:24.0489 5416 arcsas - ok
20:40:24.0520 5416 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:40:24.0598 5416 AsyncMac - ok
20:40:24.0661 5416 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
20:40:24.0692 5416 atapi - ok
20:40:24.0739 5416 [ 35207458C90F55C61247DE139A6A243A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
20:40:24.0754 5416 AtiHDAudioService - ok
20:40:24.0817 5416 [ 4FFE74E33BD9170950116F0CA46EAC89 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
20:40:24.0848 5416 AtiPcie - ok
20:40:24.0926 5416 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:40:25.0004 5416 AudioEndpointBuilder - ok
20:40:25.0035 5416 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:40:25.0066 5416 Audiosrv - ok
20:40:25.0144 5416 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:40:25.0176 5416 avgntflt - ok
20:40:25.0207 5416 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:40:25.0238 5416 avipbb - ok
20:40:25.0269 5416 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
20:40:25.0285 5416 avkmgr - ok
20:40:25.0332 5416 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:40:25.0378 5416 AxInstSV - ok
20:40:25.0410 5416 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
20:40:25.0441 5416 b06bdrv - ok
20:40:25.0472 5416 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
20:40:25.0503 5416 b57nd60x - ok
20:40:25.0534 5416 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
20:40:25.0566 5416 BDESVC - ok
20:40:25.0597 5416 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
20:40:25.0644 5416 Beep - ok
20:40:25.0722 5416 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
20:40:25.0768 5416 BFE - ok
20:40:25.0800 5416 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
20:40:25.0862 5416 BITS - ok
20:40:25.0878 5416 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:40:25.0909 5416 blbdrive - ok
20:40:25.0956 5416 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:40:26.0002 5416 bowser - ok
20:40:26.0018 5416 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:40:26.0096 5416 BrFiltLo - ok
20:40:26.0112 5416 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:40:26.0143 5416 BrFiltUp - ok
20:40:26.0190 5416 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
20:40:26.0236 5416 Browser - ok
20:40:26.0268 5416 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:40:26.0299 5416 Brserid - ok
20:40:26.0330 5416 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:40:26.0361 5416 BrSerWdm - ok
20:40:26.0392 5416 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:40:26.0408 5416 BrUsbMdm - ok
20:40:26.0439 5416 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:40:26.0486 5416 BrUsbSer - ok
20:40:26.0502 5416 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:40:26.0564 5416 BTHMODEM - ok
20:40:26.0595 5416 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
20:40:26.0626 5416 bthserv - ok
20:40:26.0658 5416 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:40:26.0704 5416 cdfs - ok
20:40:26.0767 5416 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
20:40:26.0798 5416 cdrom - ok
20:40:26.0845 5416 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
20:40:26.0907 5416 CertPropSvc - ok
20:40:26.0923 5416 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:40:26.0938 5416 circlass - ok
20:40:26.0970 5416 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
20:40:26.0985 5416 CLFS - ok
20:40:27.0048 5416 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:40:27.0063 5416 clr_optimization_v2.0.50727_32 - ok
20:40:27.0110 5416 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:40:27.0141 5416 clr_optimization_v4.0.30319_32 - ok
20:40:27.0172 5416 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:40:27.0172 5416 CmBatt - ok
20:40:27.0188 5416 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:40:27.0204 5416 cmdide - ok
20:40:27.0250 5416 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
20:40:27.0297 5416 CNG - ok
20:40:27.0328 5416 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:40:27.0328 5416 Compbatt - ok
20:40:27.0375 5416 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:40:27.0422 5416 CompositeBus - ok
20:40:27.0438 5416 COMSysApp - ok
20:40:27.0469 5416 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:40:27.0484 5416 crcdisk - ok
20:40:27.0531 5416 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:40:27.0562 5416 CryptSvc - ok
20:40:27.0656 5416 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:40:27.0687 5416 cvhsvc - ok
20:40:27.0734 5416 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
20:40:27.0781 5416 DcomLaunch - ok
20:40:27.0796 5416 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
20:40:27.0843 5416 defragsvc - ok
20:40:27.0906 5416 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:40:27.0968 5416 DfsC - ok
20:40:28.0015 5416 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:40:28.0062 5416 Dhcp - ok
20:40:28.0077 5416 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
20:40:28.0124 5416 discache - ok
20:40:28.0171 5416 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:40:28.0186 5416 Disk - ok
20:40:28.0218 5416 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:40:28.0249 5416 Dnscache - ok
20:40:28.0296 5416 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
20:40:28.0358 5416 dot3svc - ok
20:40:28.0405 5416 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
20:40:28.0467 5416 DPS - ok
20:40:28.0498 5416 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:40:28.0514 5416 drmkaud - ok
20:40:28.0561 5416 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:40:28.0592 5416 DXGKrnl - ok
20:40:28.0608 5416 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
20:40:28.0654 5416 EapHost - ok
20:40:28.0748 5416 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
20:40:28.0810 5416 ebdrv - ok
20:40:28.0857 5416 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
20:40:28.0920 5416 EFS - ok
20:40:29.0091 5416 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:40:29.0154 5416 ehRecvr - ok
20:40:29.0216 5416 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
20:40:29.0388 5416 ehSched - ok
20:40:29.0434 5416 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:40:29.0450 5416 elxstor - ok
20:40:29.0481 5416 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:40:29.0512 5416 ErrDev - ok
20:40:29.0544 5416 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
20:40:29.0622 5416 EventSystem - ok
20:40:29.0653 5416 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
20:40:29.0700 5416 exfat - ok
20:40:29.0715 5416 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:40:29.0746 5416 fastfat - ok
20:40:29.0809 5416 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
20:40:29.0840 5416 Fax - ok
20:40:29.0871 5416 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:40:29.0887 5416 fdc - ok
20:40:29.0902 5416 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
20:40:29.0934 5416 fdPHost - ok
20:40:29.0949 5416 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
20:40:29.0996 5416 FDResPub - ok
20:40:30.0027 5416 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:40:30.0043 5416 FileInfo - ok
20:40:30.0058 5416 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:40:30.0090 5416 Filetrace - ok
20:40:30.0121 5416 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:40:30.0168 5416 flpydisk - ok
20:40:30.0199 5416 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:40:30.0199 5416 FltMgr - ok
20:40:30.0246 5416 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
20:40:30.0292 5416 FontCache - ok
20:40:30.0339 5416 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:40:30.0355 5416 FontCache3.0.0.0 - ok
20:40:30.0370 5416 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:40:30.0386 5416 FsDepends - ok
20:40:30.0402 5416 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:40:30.0417 5416 Fs_Rec - ok
20:40:30.0464 5416 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:40:30.0480 5416 fvevol - ok
20:40:30.0526 5416 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:40:30.0526 5416 gagp30kx - ok
20:40:30.0573 5416 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
20:40:30.0620 5416 gpsvc - ok
20:40:30.0682 5416 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:40:30.0714 5416 gupdate - ok
20:40:30.0760 5416 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:40:30.0776 5416 gupdatem - ok
20:40:30.0838 5416 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:40:30.0854 5416 gusvc - ok
20:40:30.0870 5416 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:40:30.0901 5416 hcw85cir - ok
20:40:30.0932 5416 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:40:30.0948 5416 HdAudAddService - ok
20:40:30.0979 5416 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:40:31.0010 5416 HDAudBus - ok
20:40:31.0026 5416 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:40:31.0057 5416 HidBatt - ok
20:40:31.0088 5416 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:40:31.0104 5416 HidBth - ok
20:40:31.0119 5416 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:40:31.0150 5416 HidIr - ok
20:40:31.0182 5416 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
20:40:31.0260 5416 hidserv - ok
20:40:31.0306 5416 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:40:31.0322 5416 HidUsb - ok
20:40:31.0369 5416 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:40:31.0416 5416 hkmsvc - ok
20:40:31.0431 5416 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:40:31.0462 5416 HomeGroupListener - ok
20:40:31.0509 5416 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:40:31.0556 5416 HomeGroupProvider - ok
20:40:31.0587 5416 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:40:31.0603 5416 HpSAMD - ok
20:40:31.0665 5416 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:40:31.0696 5416 HTTP - ok
20:40:31.0728 5416 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:40:31.0728 5416 hwpolicy - ok
20:40:31.0759 5416 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:40:31.0806 5416 i8042prt - ok
20:40:31.0837 5416 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:40:31.0868 5416 iaStorV - ok
20:40:31.0930 5416 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:40:31.0977 5416 idsvc - ok
20:40:32.0008 5416 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:40:32.0024 5416 iirsp - ok
20:40:32.0086 5416 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
20:40:32.0133 5416 IKEEXT - ok
20:40:32.0258 5416 [ 5A4AAD2240CB8B50FFEAEDB2BF747ABD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:40:32.0320 5416 IntcAzAudAddService - ok
20:40:32.0352 5416 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
20:40:32.0383 5416 intelide - ok
20:40:32.0414 5416 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:40:32.0461 5416 intelppm - ok
20:40:32.0508 5416 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:40:32.0570 5416 IPBusEnum - ok
20:40:32.0617 5416 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:40:32.0664 5416 IpFilterDriver - ok
20:40:32.0710 5416 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:40:32.0742 5416 iphlpsvc - ok
20:40:32.0773 5416 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:40:32.0788 5416 IPMIDRV - ok
20:40:32.0820 5416 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:40:32.0851 5416 IPNAT - ok
20:40:32.0866 5416 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:40:32.0882 5416 IRENUM - ok
20:40:32.0913 5416 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:40:32.0929 5416 isapnp - ok
20:40:32.0960 5416 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:40:32.0976 5416 iScsiPrt - ok
20:40:33.0007 5416 [ 858CE8CCD0FA4845AEB1A9C89EC3A0F2 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
20:40:33.0022 5416 JMCR - ok
20:40:33.0038 5416 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
20:40:33.0054 5416 kbdclass - ok
20:40:33.0100 5416 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:40:33.0116 5416 kbdhid - ok
20:40:33.0132 5416 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
20:40:33.0147 5416 KeyIso - ok
20:40:33.0178 5416 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:40:33.0194 5416 KSecDD - ok
20:40:33.0225 5416 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:40:33.0241 5416 KSecPkg - ok
20:40:33.0256 5416 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
20:40:33.0288 5416 KtmRm - ok
20:40:33.0319 5416 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
20:40:33.0366 5416 LanmanServer - ok
20:40:33.0381 5416 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:40:33.0428 5416 LanmanWorkstation - ok
20:40:33.0459 5416 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:40:33.0490 5416 lltdio - ok
20:40:33.0522 5416 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:40:33.0568 5416 lltdsvc - ok
20:40:33.0568 5416 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
20:40:33.0600 5416 lmhosts - ok
20:40:33.0631 5416 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:40:33.0631 5416 LSI_FC - ok
20:40:33.0662 5416 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:40:33.0678 5416 LSI_SAS - ok
20:40:33.0678 5416 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:40:33.0693 5416 LSI_SAS2 - ok
20:40:33.0724 5416 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:40:33.0724 5416 LSI_SCSI - ok
20:40:33.0756 5416 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
20:40:33.0787 5416 luafv - ok
20:40:33.0834 5416 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:40:33.0865 5416 Mcx2Svc - ok
20:40:33.0880 5416 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:40:33.0896 5416 megasas - ok
20:40:33.0943 5416 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:40:33.0958 5416 MegaSR - ok
20:40:34.0005 5416 [ 71C6748EE8DE938532057EF10B4B7E44 ] Micro Star SCM C:\Program Files\System Control Manager\MSIService.exe
20:40:34.0021 5416 Micro Star SCM ( UnsignedFile.Multi.Generic ) - warning
20:40:34.0021 5416 Micro Star SCM - detected UnsignedFile.Multi.Generic (1)
20:40:34.0068 5416 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
20:40:34.0114 5416 MMCSS - ok
20:40:34.0146 5416 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
20:40:34.0177 5416 Modem - ok
20:40:34.0208 5416 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:40:34.0224 5416 monitor - ok
20:40:34.0270 5416 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:40:34.0302 5416 mouclass - ok
20:40:34.0333 5416 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:40:34.0364 5416 mouhid - ok
20:40:34.0411 5416 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:40:34.0442 5416 mountmgr - ok
20:40:34.0458 5416 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
20:40:34.0473 5416 mpio - ok
20:40:34.0614 5416 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:40:34.0707 5416 mpsdrv - ok
20:40:34.0770 5416 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:40:34.0863 5416 MpsSvc - ok
20:40:34.0910 5416 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:40:34.0941 5416 MRxDAV - ok
20:40:34.0988 5416 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:40:35.0035 5416 mrxsmb - ok
20:40:35.0066 5416 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:40:35.0113 5416 mrxsmb10 - ok
20:40:35.0144 5416 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:40:35.0175 5416 mrxsmb20 - ok
20:40:35.0222 5416 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
20:40:35.0238 5416 msahci - ok
20:40:35.0269 5416 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:40:35.0284 5416 msdsm - ok
20:40:35.0300 5416 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
20:40:35.0331 5416 MSDTC - ok
20:40:35.0362 5416 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:40:35.0394 5416 Msfs - ok
20:40:35.0409 5416 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:40:35.0456 5416 mshidkmdf - ok
20:40:35.0472 5416 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:40:35.0487 5416 msisadrv - ok
20:40:35.0518 5416 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:40:35.0550 5416 MSiSCSI - ok
20:40:35.0565 5416 msiserver - ok
20:40:35.0612 5416 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:40:35.0643 5416 MSKSSRV - ok
20:40:35.0659 5416 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:40:35.0690 5416 MSPCLOCK - ok
20:40:35.0706 5416 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:40:35.0768 5416 MSPQM - ok
20:40:35.0799 5416 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:40:35.0815 5416 MsRPC - ok
20:40:35.0862 5416 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:40:35.0877 5416 mssmbios - ok
20:40:35.0908 5416 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:40:35.0924 5416 MSTEE - ok
20:40:35.0940 5416 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:40:35.0971 5416 MTConfig - ok
20:40:35.0971 5416 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
20:40:35.0986 5416 Mup - ok
20:40:36.0033 5416 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
20:40:36.0080 5416 napagent - ok
20:40:36.0127 5416 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:40:36.0142 5416 NativeWifiP - ok
20:40:36.0205 5416 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:40:36.0236 5416 NDIS - ok
20:40:36.0267 5416 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:40:36.0298 5416 NdisCap - ok
20:40:36.0314 5416 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:40:36.0345 5416 NdisTapi - ok
20:40:36.0392 5416 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:40:36.0454 5416 Ndisuio - ok
20:40:36.0486 5416 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:40:36.0517 5416 NdisWan - ok
20:40:36.0532 5416 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:40:36.0564 5416 NDProxy - ok
20:40:36.0610 5416 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:40:36.0642 5416 NetBIOS - ok
20:40:36.0688 5416 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:40:36.0735 5416 NetBT - ok
20:40:36.0751 5416 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
20:40:36.0766 5416 Netlogon - ok
20:40:36.0798 5416 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
20:40:36.0844 5416 Netman - ok
20:40:36.0844 5416 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
20:40:36.0891 5416 netprofm - ok
20:40:36.0938 5416 [ 76B1157EF850830C5ECE61D3E591CA8B ] netr73 C:\Windows\system32\DRIVERS\netr73.sys
20:40:36.0969 5416 netr73 - ok
20:40:37.0001 5416 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:40:37.0032 5416 NetTcpPortSharing - ok
20:40:37.0063 5416 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:40:37.0063 5416 nfrd960 - ok
20:40:37.0110 5416 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
20:40:37.0157 5416 NlaSvc - ok
20:40:37.0219 5416 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:40:37.0250 5416 Npfs - ok
20:40:37.0281 5416 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
20:40:37.0313 5416 nsi - ok
20:40:37.0328 5416 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:40:37.0359 5416 nsiproxy - ok
20:40:37.0422 5416 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:40:37.0453 5416 Ntfs - ok
20:40:37.0484 5416 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
20:40:37.0500 5416 Null - ok
20:40:37.0547 5416 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:40:37.0562 5416 nvraid - ok
20:40:37.0593 5416 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:40:37.0609 5416 nvstor - ok
20:40:37.0640 5416 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:40:37.0656 5416 nv_agp - ok
20:40:37.0656 5416 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:40:37.0687 5416 ohci1394 - ok
20:40:37.0718 5416 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:40:37.0734 5416 ose - ok
20:40:37.0890 5416 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:40:38.0077 5416 osppsvc - ok
20:40:38.0108 5416 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:40:38.0139 5416 p2pimsvc - ok
20:40:38.0186 5416 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
20:40:38.0202 5416 p2psvc - ok
20:40:38.0217 5416 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:40:38.0233 5416 Parport - ok
20:40:38.0264 5416 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:40:38.0280 5416 partmgr - ok
20:40:38.0311 5416 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
20:40:38.0327 5416 Parvdm - ok
20:40:38.0358 5416 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:40:38.0373 5416 PcaSvc - ok
20:40:38.0389 5416 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
20:40:38.0389 5416 pci - ok
20:40:38.0420 5416 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
20:40:38.0436 5416 pciide - ok
20:40:38.0467 5416 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:40:38.0483 5416 pcmcia - ok
20:40:38.0514 5416 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
20:40:38.0545 5416 pcw - ok
20:40:38.0576 5416 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:40:38.0623 5416 PEAUTH - ok
20:40:38.0717 5416 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
20:40:38.0795 5416 pla - ok
20:40:38.0841 5416 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:40:38.0873 5416 PlugPlay - ok
20:40:38.0904 5416 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:40:38.0935 5416 PNRPAutoReg - ok
20:40:38.0966 5416 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:40:38.0982 5416 PNRPsvc - ok
20:40:39.0029 5416 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:40:39.0075 5416 PolicyAgent - ok
20:40:39.0122 5416 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
20:40:39.0153 5416 Power - ok
20:40:39.0185 5416 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:40:39.0216 5416 PptpMiniport - ok
20:40:39.0247 5416 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:40:39.0263 5416 Processor - ok
20:40:39.0294 5416 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
20:40:39.0341 5416 ProfSvc - ok
20:40:39.0356 5416 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:40:39.0372 5416 ProtectedStorage - ok
20:40:39.0419 5416 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:40:39.0450 5416 Psched - ok
20:40:39.0512 5416 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
20:40:39.0543 5416 PSI - ok
20:40:39.0559 5416 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
20:40:39.0575 5416 PSI_SVC_2 - ok
20:40:39.0637 5416 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:40:39.0668 5416 ql2300 - ok
20:40:39.0699 5416 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:40:39.0715 5416 ql40xx - ok
20:40:39.0824 5416 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
20:40:39.0887 5416 QWAVE - ok
20:40:39.0918 5416 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:40:39.0933 5416 QWAVEdrv - ok
20:40:39.0949 5416 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:40:39.0996 5416 RasAcd - ok
20:40:40.0027 5416 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:40:40.0058 5416 RasAgileVpn - ok
20:40:40.0089 5416 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
20:40:40.0121 5416 RasAuto - ok
20:40:40.0136 5416 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:40:40.0167 5416 Rasl2tp - ok
20:40:40.0214 5416 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
20:40:40.0245 5416 RasMan - ok
20:40:40.0277 5416 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:40:40.0308 5416 RasPppoe - ok
20:40:40.0323 5416 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:40:40.0355 5416 RasSstp - ok
20:40:40.0401 5416 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:40:40.0417 5416 rdbss - ok
20:40:40.0448 5416 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:40:40.0464 5416 rdpbus - ok
20:40:40.0495 5416 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:40:40.0557 5416 RDPCDD - ok
20:40:40.0589 5416 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:40:40.0635 5416 RDPENCDD - ok
20:40:40.0635 5416 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:40:40.0667 5416 RDPREFMP - ok
20:40:40.0713 5416 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:40:40.0760 5416 RdpVideoMiniport - ok
20:40:40.0791 5416 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:40:40.0838 5416 RDPWD - ok
20:40:40.0901 5416 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:40:40.0932 5416 rdyboost - ok
20:40:40.0963 5416 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
20:40:40.0994 5416 RemoteAccess - ok
20:40:41.0010 5416 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:40:41.0041 5416 RemoteRegistry - ok
20:40:41.0072 5416 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:40:41.0103 5416 RpcEptMapper - ok
20:40:41.0119 5416 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
20:40:41.0150 5416 RpcLocator - ok
20:40:41.0181 5416 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
20:40:41.0213 5416 RpcSs - ok
20:40:41.0259 5416 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:40:41.0306 5416 rspndr - ok
20:40:41.0337 5416 [ E38B785802C666782D2880738D01AC10 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
20:40:41.0353 5416 RTHDMIAzAudService - ok
20:40:41.0415 5416 [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
20:40:41.0462 5416 RTL8167 - ok
20:40:41.0509 5416 [ B5E9979FBB26FC059BD87A81F763D5DA ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
20:40:41.0540 5416 rtl8192se - ok
20:40:41.0556 5416 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
20:40:41.0556 5416 SamSs - ok
20:40:41.0603 5416 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:40:41.0634 5416 sbp2port - ok
20:40:41.0665 5416 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:40:41.0696 5416 SCardSvr - ok
20:40:41.0712 5416 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:40:41.0743 5416 scfilter - ok
20:40:41.0790 5416 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
20:40:41.0852 5416 Schedule - ok
20:40:41.0868 5416 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:40:41.0899 5416 SCPolicySvc - ok
20:40:41.0946 5416 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
20:40:41.0993 5416 sdbus - ok
20:40:42.0024 5416 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:40:42.0071 5416 SDRSVC - ok
20:40:42.0102 5416 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:40:42.0149 5416 secdrv - ok
20:40:42.0180 5416 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
20:40:42.0227 5416 seclogon - ok
20:40:42.0320 5416 [ 5B66DB4877BBAC9F7493AA8D84421E49 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
20:40:42.0367 5416 Secunia PSI Agent - ok
20:40:42.0398 5416 [ 0E88FDF474F2CDD370A4A6CE77D018F0 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
20:40:42.0414 5416 Secunia Update Agent - ok
20:40:42.0429 5416 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
20:40:42.0476 5416 SENS - ok
20:40:42.0492 5416 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:40:42.0523 5416 SensrSvc - ok
20:40:42.0539 5416 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:40:42.0585 5416 Serenum - ok
20:40:42.0601 5416 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:40:42.0617 5416 Serial - ok
20:40:42.0648 5416 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:40:42.0663 5416 sermouse - ok
20:40:42.0710 5416 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
20:40:42.0741 5416 SessionEnv - ok
20:40:42.0788 5416 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:40:42.0819 5416 sffdisk - ok
20:40:42.0835 5416 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:40:42.0882 5416 sffp_mmc - ok
20:40:42.0897 5416 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:40:42.0913 5416 sffp_sd - ok
20:40:42.0944 5416 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:40:42.0960 5416 sfloppy - ok
20:40:43.0007 5416 [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
20:40:43.0022 5416 Sftfs - ok
20:40:43.0085 5416 [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
20:40:43.0116 5416 sftlist - ok
20:40:43.0163 5416 [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:40:43.0178 5416 Sftplay - ok
20:40:43.0209 5416 [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:40:43.0241 5416 Sftredir - ok
20:40:43.0256 5416 [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
20:40:43.0256 5416 Sftvol - ok
20:40:43.0303 5416 [ A5812F0281CA5081BF696626F9BF324D ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
20:40:43.0303 5416 sftvsa - ok
20:40:43.0334 5416 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:40:43.0397 5416 SharedAccess - ok
20:40:43.0428 5416 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:40:43.0506 5416 ShellHWDetection - ok
20:40:43.0553 5416 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:40:43.0568 5416 sisagp - ok
20:40:43.0599 5416 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:40:43.0615 5416 SiSRaid2 - ok
20:40:43.0646 5416 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:40:43.0646 5416 SiSRaid4 - ok
20:40:43.0693 5416 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:40:43.0724 5416 Smb - ok
20:40:43.0755 5416 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:40:43.0771 5416 SNMPTRAP - ok
20:40:43.0787 5416 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
20:40:43.0802 5416 spldr - ok
20:40:43.0849 5416 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
20:40:43.0880 5416 Spooler - ok
20:40:43.0989 5416 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
20:40:44.0114 5416 sppsvc - ok
20:40:44.0145 5416 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:40:44.0192 5416 sppuinotify - ok
20:40:44.0239 5416 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:40:44.0270 5416 srv - ok
20:40:44.0301 5416 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:40:44.0333 5416 srv2 - ok
20:40:44.0364 5416 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:40:44.0411 5416 srvnet - ok
20:40:44.0442 5416 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:40:44.0504 5416 SSDPSRV - ok
20:40:44.0551 5416 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
20:40:44.0567 5416 ssmdrv - ok
20:40:44.0598 5416 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:40:44.0629 5416 SstpSvc - ok
20:40:44.0676 5416 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:40:44.0676 5416 stexstor - ok
20:40:44.0723 5416 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
20:40:44.0785 5416 StiSvc - ok
20:40:44.0816 5416 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
20:40:44.0816 5416 swenum - ok
20:40:44.0847 5416 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
20:40:44.0894 5416 swprv - ok
20:40:44.0925 5416 [ D7DC30B8B41E7A913C3FCCC0631E72EC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:40:44.0941 5416 SynTP - ok
20:40:45.0003 5416 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
20:40:45.0050 5416 SysMain - ok
20:40:45.0097 5416 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:40:45.0159 5416 TabletInputService - ok
20:40:45.0191 5416 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
20:40:45.0206 5416 TapiSrv - ok
20:40:45.0237 5416 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
20:40:45.0269 5416 TBS - ok
20:40:45.0331 5416 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:40:45.0378 5416 Tcpip - ok
20:40:45.0440 5416 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:40:45.0471 5416 TCPIP6 - ok
20:40:45.0503 5416 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:40:45.0534 5416 tcpipreg - ok
20:40:45.0581 5416 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:40:45.0596 5416 TDPIPE - ok
20:40:45.0627 5416 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:40:45.0643 5416 TDTCP - ok
20:40:45.0690 5416 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:40:45.0752 5416 tdx - ok
20:40:45.0783 5416 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:40:45.0799 5416 TermDD - ok
20:40:45.0846 5416 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
20:40:45.0908 5416 TermService - ok
20:40:45.0939 5416 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
20:40:45.0971 5416 Themes - ok
20:40:46.0002 5416 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
20:40:46.0017 5416 THREADORDER - ok
20:40:46.0064 5416 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
20:40:46.0111 5416 TrkWks - ok
20:40:46.0158 5416 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:40:46.0205 5416 TrustedInstaller - ok
20:40:46.0236 5416 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:40:46.0267 5416 tssecsrv - ok
20:40:46.0298 5416 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:40:46.0314 5416 TsUsbFlt - ok
20:40:46.0376 5416 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:40:46.0439 5416 tunnel - ok
20:40:46.0454 5416 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:40:46.0470 5416 uagp35 - ok
20:40:46.0517 5416 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:40:46.0548 5416 udfs - ok
20:40:46.0579 5416 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:40:46.0610 5416 UI0Detect - ok
20:40:46.0641 5416 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:40:46.0657 5416 uliagpkx - ok
20:40:46.0688 5416 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
20:40:46.0704 5416 umbus - ok
20:40:46.0735 5416 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:40:46.0751 5416 UmPass - ok
20:40:46.0782 5416 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
20:40:46.0829 5416 upnphost - ok
20:40:46.0860 5416 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:40:46.0875 5416 usbccgp - ok
20:40:46.0922 5416 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:40:46.0953 5416 usbcir - ok
20:40:46.0969 5416 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:40:47.0000 5416 usbehci - ok
20:40:47.0016 5416 [ FB0E8B624D1F7E214EDB3D6E56B4EC88 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
20:40:47.0031 5416 usbfilter - ok
20:40:47.0063 5416 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:40:47.0094 5416 usbhub - ok
20:40:47.0125 5416 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:40:47.0156 5416 usbohci - ok
20:40:47.0187 5416 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:40:47.0187 5416 usbprint - ok
20:40:47.0219 5416 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:40:47.0265 5416 USBSTOR - ok
20:40:47.0281 5416 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:40:47.0312 5416 usbuhci - ok
20:40:47.0375 5416 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:40:47.0421 5416 usbvideo - ok
20:40:47.0453 5416 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
20:40:47.0468 5416 UxSms - ok
20:40:47.0484 5416 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
20:40:47.0499 5416 VaultSvc - ok
20:40:47.0515 5416 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:40:47.0531 5416 vdrvroot - ok
20:40:47.0593 5416 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
20:40:47.0640 5416 vds - ok
20:40:47.0671 5416 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:40:47.0702 5416 vga - ok
20:40:47.0718 5416 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:40:47.0749 5416 VgaSave - ok
20:40:47.0780 5416 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:40:47.0811 5416 vhdmp - ok
20:40:47.0843 5416 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:40:47.0858 5416 viaagp - ok
20:40:47.0874 5416 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
20:40:47.0905 5416 ViaC7 - ok
20:40:47.0905 5416 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
20:40:47.0921 5416 viaide - ok
20:40:47.0936 5416 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:40:47.0952 5416 volmgr - ok
20:40:47.0983 5416 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:40:47.0999 5416 volmgrx - ok
20:40:48.0014 5416 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:40:48.0030 5416 volsnap - ok
20:40:48.0061 5416 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:40:48.0077 5416 vsmraid - ok
20:40:48.0123 5416 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
20:40:48.0186 5416 VSS - ok
20:40:48.0217 5416 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:40:48.0233 5416 vwifibus - ok
20:40:48.0248 5416 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:40:48.0264 5416 vwififlt - ok
20:40:48.0279 5416 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
20:40:48.0342 5416 W32Time - ok
20:40:48.0357 5416 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:40:48.0373 5416 WacomPen - ok
20:40:48.0420 5416 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:40:48.0482 5416 WANARP - ok
20:40:48.0482 5416 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:40:48.0513 5416 Wanarpv6 - ok
20:40:48.0545 5416 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
20:40:48.0576 5416 wbengine - ok
20:40:48.0607 5416 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:40:48.0638 5416 WbioSrvc - ok
20:40:48.0669 5416 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:40:48.0701 5416 wcncsvc - ok
20:40:48.0732 5416 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:40:48.0732 5416 WcsPlugInService - ok
20:40:48.0763 5416 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:40:48.0763 5416 Wd - ok
20:40:48.0810 5416 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:40:48.0841 5416 Wdf01000 - ok
20:40:48.0857 5416 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:40:48.0888 5416 WdiServiceHost - ok
20:40:48.0888 5416 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:40:48.0919 5416 WdiSystemHost - ok
20:40:48.0950 5416 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
20:40:48.0981 5416 WebClient - ok
20:40:48.0997 5416 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:40:49.0028 5416 Wecsvc - ok
20:40:49.0044 5416 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:40:49.0075 5416 wercplsupport - ok
20:40:49.0106 5416 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
20:40:49.0137 5416 WerSvc - ok
20:40:49.0169 5416 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:40:49.0200 5416 WfpLwf - ok
20:40:49.0215 5416 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:40:49.0215 5416 WIMMount - ok
20:40:49.0262 5416 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:40:49.0293 5416 WinDefend - ok
20:40:49.0293 5416 WinHttpAutoProxySvc - ok
20:40:49.0356 5416 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:40:49.0418 5416 Winmgmt - ok
20:40:49.0481 5416 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
20:40:49.0543 5416 WinRM - ok
20:40:49.0590 5416 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:40:49.0621 5416 WinUsb - ok
20:40:49.0668 5416 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:40:49.0699 5416 Wlansvc - ok
20:40:49.0761 5416 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:40:49.0777 5416 wlcrasvc - ok
20:40:49.0871 5416 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:40:49.0902 5416 wlidsvc - ok
20:40:49.0949 5416 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:40:49.0964 5416 WmiAcpi - ok
20:40:49.0995 5416 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:40:50.0027 5416 wmiApSrv - ok
20:40:50.0120 5416 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:40:50.0167 5416 WMPNetworkSvc - ok
20:40:50.0198 5416 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:40:50.0229 5416 WPCSvc - ok
20:40:50.0276 5416 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:40:50.0323 5416 WPDBusEnum - ok
20:40:50.0354 5416 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:40:50.0432 5416 ws2ifsl - ok
20:40:50.0448 5416 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
20:40:50.0479 5416 wscsvc - ok
20:40:50.0479 5416 WSearch - ok
20:40:50.0573 5416 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
20:40:50.0619 5416 wuauserv - ok
20:40:50.0651 5416 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:40:50.0666 5416 WudfPf - ok
20:40:50.0697 5416 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:40:50.0713 5416 WUDFRd - ok
20:40:50.0729 5416 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:40:50.0744 5416 wudfsvc - ok
20:40:50.0775 5416 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
20:40:50.0807 5416 WwanSvc - ok
20:40:50.0822 5416 ================ Scan global ===============================
20:40:50.0869 5416 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
20:40:50.0900 5416 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
20:40:50.0916 5416 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
20:40:50.0947 5416 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
20:40:50.0978 5416 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
20:40:50.0994 5416 [Global] - ok
20:40:50.0994 5416 ================ Scan MBR ==================================
20:40:51.0009 5416 [ 8A1C59E4DFEF87510470928550466632 ] \Device\Harddisk0\DR0
20:40:54.0239 5416 \Device\Harddisk0\DR0 - ok
20:40:54.0239 5416 ================ Scan VBR ==================================
20:40:54.0239 5416 [ 1732D7A3140A25274C725C9A24E4274D ] \Device\Harddisk0\DR0\Partition1
20:40:54.0239 5416 \Device\Harddisk0\DR0\Partition1 - ok
20:40:54.0270 5416 [ E5C1FF61EC9401CD73CD28840071555E ] \Device\Harddisk0\DR0\Partition2
20:40:54.0270 5416 \Device\Harddisk0\DR0\Partition2 - ok
20:40:54.0301 5416 [ 7656470482D2836BB1FEC5DECAF408DC ] \Device\Harddisk0\DR0\Partition3
20:40:54.0301 5416 \Device\Harddisk0\DR0\Partition3 - ok
20:40:54.0301 5416 ============================================================
20:40:54.0301 5416 Scan finished
20:40:54.0301 5416 ============================================================
20:40:54.0317 2188 Detected object count: 1
20:40:54.0317 2188 Actual detected object count: 1
20:41:06.0032 2188 Micro Star SCM ( UnsignedFile.Multi.Generic ) - skipped by user
20:41:06.0032 2188 Micro Star SCM ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
16.12.2012, 20:44
| #8 | |
| /// Malware-holic | Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden! Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.12.2012, 21:19
| #9 |
| | Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden! Combofix log: Combofix Logfile: Code:
ATTFilter ComboFix 12-12-14.01 - Jana 16.12.2012 20:55:40.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3071.2036 [GMT 1:00]
ausgeführt von:: c:\users\Jana\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-16 bis 2012-12-16 ))))))))))))))))))))))))))))))
.
.
2012-12-16 20:15 . 2012-12-16 20:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-16 19:04 . 2012-12-16 19:04 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9305EE1-34EC-46B1-B338-1332816CEA65}\offreg.dll
2012-12-14 11:16 . 2012-12-14 11:16 -------- d-----w- c:\program files\ESET
2012-12-14 08:16 . 2012-12-14 08:16 -------- d-----w- c:\users\Jana\AppData\Roaming\Malwarebytes
2012-12-14 08:16 . 2012-12-14 08:16 -------- d-----w- c:\programdata\Malwarebytes
2012-12-14 08:16 . 2012-12-14 08:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-14 08:16 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-14 08:13 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9305EE1-34EC-46B1-B338-1332816CEA65}\mpengine.dll
2012-12-13 10:43 . 2012-08-23 14:10 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-12-13 10:41 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2012-12-13 10:41 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-12-13 10:41 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2012-12-13 10:41 . 2012-08-24 16:57 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-12-13 10:41 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2012-12-13 10:41 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-12-13 10:35 . 2012-12-13 10:35 -------- d-----w- c:\users\Jana\AppData\Local\WindowsUpdate
2012-12-13 10:30 . 2012-12-13 10:30 -------- d-----w- c:\program files\Common Files\Java
2012-12-13 10:29 . 2012-12-13 10:29 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-13 10:29 . 2012-12-13 10:29 -------- d-----w- c:\program files\Java
2012-12-13 10:17 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-12-13 10:16 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 10:16 . 2012-11-05 20:32 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-13 10:16 . 2012-11-05 20:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-13 10:16 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-10 21:26 . 2012-12-10 21:26 -------- d--h--w- c:\programdata\CanonBJ
2012-12-10 21:26 . 2009-07-14 01:15 71168 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNBPP4.DLL
2012-12-09 15:00 . 2012-12-09 15:00 -------- d-----w- c:\users\Jana\AppData\Roaming\OpenOffice.org
2012-12-09 14:58 . 2012-12-09 14:58 -------- d-----w- c:\program files\OpenOffice.org 3
2012-11-28 21:03 . 2012-11-28 21:03 -------- d-----w- c:\users\Default\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 10:29 . 2010-10-26 12:59 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-13 10:28 . 2012-05-23 19:39 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-13 10:28 . 2011-12-29 12:15 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-16 07:39 . 2012-11-27 21:33 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 17:40 . 2012-11-16 13:39 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-16 13:39 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-03 16:58 . 2012-11-16 13:39 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42 . 2012-11-16 13:39 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 16:42 . 2012-11-16 13:39 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 16:42 . 2012-11-16 13:39 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 16:42 . 2012-11-16 13:39 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 16:42 . 2012-11-16 13:39 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 16:40 . 2012-11-16 13:39 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21 . 2012-11-16 13:39 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-25 22:47 . 2012-11-16 13:39 78336 ----a-w- c:\windows\system32\synceng.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSpeedUp"="c:\program files\PC Beschleunigen\PCSpeedUp.lnk" [2011-10-09 2389]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-16 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-30 102400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2010-07-19 2482176]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-08 9267816]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-06-08 1481320]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-12 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-12-16 19:27 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 netr73;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr73.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 31934381
*Deregistered* - 31934381
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-13 10:28]
.
2012-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-16 19:26]
.
2012-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-16 19:26]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
IE: Crawler Search - tbr:iemenu
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-BsScanner
MSConfigStartUp-ICQ - c:\program files\ICQ7.2\ICQ.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-16 21:17:30
ComboFix-quarantined-files.txt 2012-12-16 20:17
.
Vor Suchlauf: 4 Verzeichnis(se), 357.489.201.152 Bytes frei
Nach Suchlauf: 7 Verzeichnis(se), 357.949.947.904 Bytes frei
.
- - End Of File - - 2D2BCBCF3CB9613123810F3CE35822E9
|
|
16.12.2012, 21:22
| #10 |
| /// Malware-holic | Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden! lade den CCleaner standard: CCleaner Download - CCleaner 3.25.1872 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.12.2012, 21:35
| #11 |
| | Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden!Code:
ATTFilter Adobe AIR Adobe Systems Incorporated 22.05.2012 2.7.1.19610 unbekannt Adobe Flash Player 10 Plugin Adobe Systems Incorporated 12.12.2012 6,00MB 10.3.183.43 notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 12.12.2012 6,00MB 11.5.502.135 notwendig Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 14.08.2012 169,0MB 10.1.4 notwendig ALDI SÜD Mah Jong 15.12.2010 unnötig Ashampoo Burning Studio ashampoo GmbH & Co. KG 26.10.2010 130,5MB 9.23.0 unnötig Ashampoo Photo Commander ashampoo GmbH & Co. KG 26.10.2010 115,3MB 8.3.2 unnötig Ashampoo Photo Optimizer ashampoo GmbH & Co. KG 26.10.2010 37,1MB 3.12.0 unnötig Ashampoo Snap ashampoo GmbH & Co. KG 26.10.2010 29,8MB 3.4.1 unnötig ATI Catalyst Install Manager ATI Technologies, Inc. 25.10.2010 16,5MB 3.0.774.0 unbekannt Avira Free Antivirus Avira 13.11.2012 109,0MB 12.1.9.1236 notwendig CCleaner Piriform 07.04.2011 3.05 notwendig CDBurnerXP CDBurnerXP 17.12.2010 11,6MB 4.3.8.2474 unnötig Cisco EAP-FAST Module Cisco Systems, Inc. 26.10.2010 1,15MB 2.2.14 unbekannt Cisco LEAP Module Cisco Systems, Inc. 26.10.2010 0,48MB 1.0.19 unbekannt Cisco PEAP Module Cisco Systems, Inc. 26.10.2010 0,90MB 1.1.6 unbekannt CorelDRAW Essentials 4 Corel Corporation 15.12.2010 unbekannt CorelDRAW Essentials 4 - Windows Shell Extension Corel Corporation 15.12.2010 2,93MB unbekannt Crawler Toolbar with Web Security Guard Crawler, LLC 18.12.2010 unbekannt CyberLink LabelPrint CyberLink Corp. 26.10.2010 143,4MB 2.5.2602 unbekannt CyberLink Power2Go CyberLink Corp. 26.10.2010 104,8MB 6.1.3602c unbekannt CyberLink PowerDVD Copy CyberLink Corp. 26.10.2010 30,8MB 1.5.1306 unbekannt CyberLink YouCam CyberLink Corp. 26.10.2010 132,1MB 3.0.2626 unbekannt Die Sims 2 03.03.2012 unnötig Die Sims 2: Nightlife 06.03.2012 unnötig ESET Online Scanner v3 13.12.2012 notwendig Google Chrome Google, Inc. 12.12.2012 30,7MB 65.61.49249 unnötig Google Toolbar for Internet Explorer Google Inc. 02.10.2012 7.4.3230.2052 unnötig ICQ7.5 ICQ 23.07.2011 7.5 unnötig Java(TM) 6 Update 37 Oracle 12.12.2012 97,9MB 6.0.370 unbekannt JMicron Flash Media Controller Driver JMicron Technology Corp. 15.12.2010 1.0.45.0 unbekannt K11 - Kommissare im Einsatz Sproing Interactive GmbH 26.12.2010 1.0 unnötig Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 13.12.2012 19,4MB 1.65.1.1000 notwendig Maniac Mansion Deluxe 14.10.2012 unbekannt Medion Home Cinema CyberLink Corp. 26.10.2010 36,4MB 8.0.1505 unnötig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.10.2010 38,8MB 4.0.30319 notwendig Microsoft Office 2010 Microsoft Corporation 25.10.2010 6,31MB 14.0.4763.1000 notwendig Microsoft Office Klick-und-Los 2010 Microsoft Corporation 18.12.2010 14.0.4763.1000 unbekannt Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 08.01.2011 14.0.4763.1000 unbekannt Microsoft PowerPoint Viewer Microsoft Corporation 12.12.2012 227MB 14.0.6029.1000 notwendig Microsoft Silverlight Microsoft Corporation 11.05.2012 199,9MB 4.1.10329.0 unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 26.10.2010 1,70MB 3.1.0000 unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 25.10.2010 0,25MB 8.0.50727.4053 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 19.06.2011 0,29MB 8.0.56336 unbekannt Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 26.04.2011 0,58MB 9.0.30729.5570 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 26.10.2010 0,23MB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 25.10.2010 0,58MB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 19.06.2011 0,59MB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 25.04.2012 16,5MB 10.0.40219 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25.10.2010 1,35MB 4.20.9876.0 unbekannt MSXML 4.0 SP3 Parser Microsoft Corporation 12.12.2012 1,48MB 4.30.2100.0 unbekannt MSXML 4.0 SP3 Parser (KB2721691) Microsoft Corporation 13.12.2012 1,53MB 4.30.2114.0 unbekannt NVIDIA PhysX NVIDIA Corporation 26.12.2010 119,9MB 9.09.0203 unbekannt OpenOffice.org 3.4.1 Apache Software Foundation 08.12.2012 332MB 3.41.9593 notwendig PlayReady PC Runtime x86 Microsoft Corporation 15.12.2010 1,65MB 1.3.0 unbekannt ProtectDisc Driver, Version 11 ProtectDisc Software GmbH 04.09.2011 11.0.0.14 unbekannt Realtek Ethernet Controller Driver For Windows 7 Realtek 26.10.2010 7.18.322.2010 unbekannt Realtek High Definition Audio Driver Realtek Semiconductor Corp. 15.12.2010 6.0.1.6132 unbekannt REALTEK Wireless LAN Driver REALTEK Semiconductor Corp. 26.10.2010 1.00.0148 unbekannt RUNAWAY: A TWIST OF FATE CRIMSON COW 24.10.2011 1.0 unnötig Schlag den Raab bitComposer Games GmbH 04.09.2011 679MB unnötig Secunia PSI (2.0.0.4003) Secunia 22.05.2012 3,47MB 2.0.0.4003 notwendig Synaptics Pointing Device Driver Synaptics Incorporated 26.10.2010 46,4MB 15.0.18.0 unbekannt System Control Manager Micro-Star International Co., Ltd. 26.10.2010 2.210.0719.M007.01 unbekannt Uniblue RegistryBooster Uniblue Systems Ltd 17.12.2010 16,8MB unbekannt Veetle TV 0.9.18 Veetle, Inc 14.02.2011 0.9.18 unnötig Winamp Nullsoft, Inc 12.12.2012 5.63 notwendig Winamp Erkennungs-Plug-in Nullsoft, Inc 17.12.2010 63,00KB 1.0.0.1 unbekannt Windows Live Essentials Microsoft Corporation 27.10.2010 15.4.3502.0922 unbekannt Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 26.10.2010 5,58MB 15.4.5722.2 unbekannt Windows Media Encoder 9 Series 26.10.2010 unbekannt Xvid 1.1.3 final uninstall Xvid team (Koepi) 08.10.2011 1.1 unbekannt |
|
16.12.2012, 21:40
| #12 |
| /// Malware-holic | Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden! deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: ALDI Ashampoo : alle CDBurnerXP CorelDRAW : alle Crawler CyberLink : alle Die Sims : beide ESET : bei Bedarf instalieren. Google : beide ICQ7.5 Java downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: K11 Maniac Medion RUNAWAY: Schlag den Raab Uniblue : finger weg von Registry tools, das Löschen dort, bringt nichts, und ist nur in sältenen Fällen nötig. es ist aber Gefährlich in der Registry rumzuspielen. Veetle Windows Live : alle, von dir nicht verwendeten. Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.12.2012, 22:49
| #13 |
| | Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden!Code:
ATTFilter # AdwCleaner v2.101 - Datei am 16/12/2012 um 22:47:32 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Jana - JANA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jana\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Program Files\ICQ6Toolbar
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Jana\AppData\Local\OpenCandy
Ordner Gefunden : C:\Users\Jana\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Schlüssel Gefunden : HKU\S-1-5-21-708478002-281803654-409329748-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gefunden : HKU\S-1-5-21-708478002-281803654-409329748-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.icq.com/
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
-\\ Google Chrome v23.0.1271.97
Datei : C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1924 octets] - [16/12/2012 22:47:32]
########## EOF - C:\AdwCleaner[R1].txt - [1984 octets] ##########
|
|
17.12.2012, 11:15
| #14 |
| /// Malware-holic | Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden! hi
Starte neu. Teste, wie der PC läuft, und Programme, wie zb Browser. Teile mir mit, welche Probleme es gibt, falls es noch welche geben sollte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.12.2012, 12:09
| #15 |
| | Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden!Code:
ATTFilter # AdwCleaner v2.101 - Datei am 17/12/2012 um 11:53:41 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Jana - JANA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jana\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Jana\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\Jana\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Google Chrome v23.0.1271.97
Datei : C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [2053 octets] - [16/12/2012 22:47:32]
AdwCleaner[S1].txt - [1617 octets] - [17/12/2012 11:53:41]
########## EOF - C:\AdwCleaner[S1].txt - [1677 octets] ##########
Chrome läuft dagegen einwandfrei und so schnell wie immer. Kannst du mir sonst nen anderen Browser empfehlen? von chrome halte ich nämlich nich viel und iexplorer ist zu unsicher hab ich gehört. Andere Programme wie Openoffice arbeiten korrekt. |
|
| Themen zu Adware Win32/ OpenCandy und HTML/Iframe.B.Gen virus gefunden! |
| administrator, adware, anti-malware, appdata, autostart, code, dateien, defender, downloader, entfernen, escan, eset, explorer, files, html/iframe.b.gen, malwarebytes, microsoft, online, onlinescan, scan, service, speicher, version, virus, win, windows |
Linear-Darstellung
