| |
| |||||||
Log-Analyse und Auswertung: Fenster mit wssetup.exe Perion Ltd. geht nach dem Hochfahren auf und ich soll installieren ?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.06.2013, 20:20
| #1 |
 |  Fenster mit wssetup.exe Perion Ltd. geht nach dem Hochfahren auf und ich soll installieren ? Hallo, ich schließe das Fenster immer mit NEIN, aber es kommt nach jedem Neustart wieder. Bei meiner Google Suche, was es mit der wssetup.exe / Perion Ltd. auf sich hat, bin ich auf dieses Forum gestoßen und es wäre toll, wenn ihr mir helfen könntet. Wie beschrieben habe ich mir Debugger, OTL und GMER heruntergeladen und den PC scannen lassen. Ich hoffe, ich habe alles richtig gemacht poste hier die Ergebnisse ... OTL / EXTRAS / GMERtext 1000 Dank vorab für die freundliche Unterstützung. Gruß Mrs.Ju Code:
ATTFilter OTL logfile created on: 12.06.2013 19:46:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*** ***\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,87 Gb Available Physical Memory | 43,67% Memory free 4,00 Gb Paging File | 2,33 Gb Available in Paging File | 58,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 401,91 Gb Free Space | 86,31% Space Free | Partition Type: NTFS Drive D: | 186,31 Gb Total Space | 146,23 Gb Free Space | 78,49% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*** ***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\*** ***\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC) PRC - C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe (WebCake LLC) PRC - C:\Users\*** ***\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe (Google Inc.) PRC - C:\Windows\SysWOW64\jmdp\stij.exe () PRC - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe (Somoto) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\UPS\WSTD\WSTDMessaging.exe () PRC - C:\UPS\WSTD\UPSNA1Msgr.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard) ========== Modules (No Company Name) ========== MOD - C:\Users\*** ***\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\*** ***\AppData\Local\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll () MOD - C:\Users\*** ***\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll () MOD - C:\Users\*** ***\AppData\Local\Google\Chrome\Application\27.0.1453.110\libglesv2.dll () MOD - C:\Users\*** ***\AppData\Local\Google\Chrome\Application\27.0.1453.110\libegl.dll () MOD - C:\Users\*** ***\AppData\Local\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll () MOD - C:\Windows\SysWOW64\jmdp\stij.exe () MOD - C:\Windows\SysWOW64\jmdp\lmrn.dll () MOD - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe () MOD - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll () MOD - C:\Windows\SysWOW64\jmdp\sqlite3.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll () MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll () MOD - C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll () MOD - C:\UPS\WSTD\WSTDMessaging.exe () MOD - C:\UPS\WSTD\UPSNA1Msgr.exe () MOD - C:\UPS\WSTD\POLICYMGR\UPS.Components.NA1MessengerServer.dll () MOD - C:\UPS\WSTD\POLICYMGR\UPS.Components.PolicyHolder.dll () MOD - C:\UPS\WSTD\UPSResourceManager.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe () ========== Services (SafeList) ========== SRV:64bit: - (IBUpdaterService) -- C:\Windows\SysNative\dmwu.exe () SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (OKI OPHD DCS Loader) -- C:\Windows\SysNative\spool\drivers\x64\3\OPHDLDCS.EXE (Oki Data Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (BrowserDefendert) -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (OKI OPHD DCS Loader) -- C:\Windows\system32\spool\DRIVERS\x64\3\OPHDLDCS.EXE (Oki Data Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV - (AFS) -- C:\Windows\SysWow64\drivers\AFS.SYS (Oak Technology Inc.) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.26010003&st=12&q={searchTerms}&barid={C4A8DE4E-C1A2-4E76-9F4B-2382848E2C89} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1831812534-1513340123-4198793270-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=22CCE0CB4EB58C70 IE - HKU\S-1-5-21-1831812534-1513340123-4198793270-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=22CCE0CB4EB58C70 IE - HKU\S-1-5-21-1831812534-1513340123-4198793270-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1831812534-1513340123-4198793270-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1831812534-1513340123-4198793270-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 81 3A 7C 21 9B CC 01 [binary data] IE - HKU\S-1-5-21-1831812534-1513340123-4198793270-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1831812534-1513340123-4198793270-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-1831812534-1513340123-4198793270-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=113480&tt=010712_3&babsrc=SP_ss&mntrId=22ccb6ae000000000000e0cb4eb58c70 IE - HKU\S-1-5-21-1831812534-1513340123-4198793270-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-1831812534-1513340123-4198793270-1000\..\SearchScopes\{86456CA8-4477-49FB-A649-900FD117BDD4}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=F361C762-0E8E-4508-B8A9-267353163E58&apn_sauid=0738B553-CF2D-4B03-9126-0ED878A380CF IE - HKU\S-1-5-21-1831812534-1513340123-4198793270-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={728B8159-343C-4F2A-8C47-9C2A6B953731}&mid=90d0b3f1667b47d19097318208516583-e08792fb40a67ddf2917b889327e80048780d1c7&lang=de&ds=tt014&pr=sa&d=2011-12-27 09:53:48&v=8.0.0.34&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-1831812534-1513340123-4198793270-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.26010003&st=12&q={searchTerms}&barid={C4A8DE4E-C1A2-4E76-9F4B-2382848E2C89} IE - HKU\S-1-5-21-1831812534-1513340123-4198793270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*** ***\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*** ***\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) [2012.01.20 14:50:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.11.04 19:48:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011.11.14 13:18:54 | 000,002,273 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=22CCE0CB4EB58C70 CHR - Extension: No name found = C:\Users\*** ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: No name found = C:\Users\*** ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: No name found = C:\Users\*** ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0\ CHR - Extension: No name found = C:\Users\*** ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0\ CHR - Extension: No name found = C:\Users\*** ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: No name found = C:\Users\*** ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: No name found = C:\Users\*** ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: No name found = C:\Users\*** ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0\ CHR - Extension: No name found = C:\Users\*** ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0\ CHR - Extension: No name found = C:\Users\*** ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (WebCake LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKU\S-1-5-21-1831812534-1513340123-4198793270-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-1831812534-1513340123-4198793270-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NA1Messenger] C:\UPS\WSTD\UPSNA1Msgr.exe () O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1831812534-1513340123-4198793270-1000..\Run: [ChromeFrameHelper] C:\Users\*** ***\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe (Google Inc.) O4 - HKU\S-1-5-21-1831812534-1513340123-4198793270-1000..\Run: [SDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe (Somoto) O4 - HKU\S-1-5-21-1831812534-1513340123-4198793270-1000..\Run: [WebCake Desktop] C:\Users\*** ***\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.113 217.0.43.97 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F7698C4-D9DB-47BE-82BC-DD7E8C1C534C}: DhcpNameServer = 217.0.43.113 217.0.43.97 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.12 19:44:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*** ***\Desktop\OTL.exe [2013.06.12 19:20:23 | 000,000,000 | ---D | C] -- C:\Users\*** ***\AppData\Roaming\WebCake [2013.06.12 19:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebCake [2013.06.12 19:20:21 | 000,000,000 | ---D | C] -- C:\Users\*** ***\AppData\Roaming\Open It! - Zip Extractor Packages [2013.06.12 19:20:17 | 000,000,000 | ---D | C] -- C:\Users\*** ***\AppData\Roaming\DSite [2013.06.12 19:20:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013.06.12 19:03:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon [2013.06.12 19:03:13 | 000,000,000 | ---D | C] -- C:\Users\*** ***\AppData\Roaming\Systweak [2013.06.12 19:03:12 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe [2013.06.12 19:01:04 | 000,000,000 | ---D | C] -- C:\Users\*** ***\AppData\Local\Programs [2013.06.12 18:51:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.06.12 18:51:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.06.12 18:51:39 | 000,000,000 | ---D | C] -- C:\Users\*** ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender [2013.06.12 18:51:22 | 000,000,000 | ---D | C] -- C:\Users\*** ***\Local Settings [2013.06.12 18:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender [2013.06.12 18:51:08 | 000,000,000 | ---D | C] -- C:\Users\*** ***\AppData\Roaming\BabSolution [2013.06.12 18:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta [2013.06.12 18:51:04 | 000,000,000 | ---D | C] -- C:\Users\*** ***\AppData\Roaming\Delta [2013.06.12 18:50:44 | 000,000,000 | ---D | C] -- C:\Users\*** ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker [2013.06.12 18:50:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FilesFrog Update Checker [2013.06.12 16:44:05 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.06.12 16:44:04 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.06.12 16:44:03 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.06.12 16:44:03 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.06.12 16:44:03 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.06.12 16:44:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.06.12 16:44:03 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.06.12 16:44:03 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.06.12 16:44:03 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.06.12 16:44:02 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.06.12 16:44:02 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.06.12 16:44:01 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.06.12 16:44:01 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.06.12 16:44:01 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.06.12 16:44:00 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.06.12 07:05:07 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.06.12 07:05:07 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.06.12 07:05:05 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll [2013.06.12 07:05:05 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll [2013.06.12 07:04:58 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.06.12 07:04:54 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.06.12 07:04:54 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe [2013.06.12 07:04:54 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe [2013.06.12 07:04:53 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013.06.12 07:04:53 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll [2013.06.12 07:04:53 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll [2013.06.12 07:04:45 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.06.12 07:04:45 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.06.06 14:29:28 | 000,000,000 | ---D | C] -- C:\Users\*** ***\AppData\Roaming\Skype [2013.06.06 14:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2013.06.05 15:24:43 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2013.06.05 15:24:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2013.06.05 15:24:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2013.06.05 15:24:40 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2013.06.05 15:24:40 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys [2013.06.05 15:24:40 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2013.06.05 15:24:37 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.06.05 15:24:37 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.06.05 15:24:37 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2013.06.05 15:24:37 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2013.06.05 15:24:37 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2013.06.05 15:24:37 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2013.06.05 15:24:37 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2013.06.05 15:24:37 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.06.05 15:24:37 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2013.06.05 15:24:37 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.06.05 15:24:37 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2013.06.05 15:24:37 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2013.06.05 15:24:36 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2013.06.05 15:24:36 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2013.06.05 15:24:36 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2013.06.05 15:24:36 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2013.06.05 15:24:35 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2013.06.05 15:24:34 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.06.05 15:24:34 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.06.05 15:23:47 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2013.06.05 15:23:47 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2013.06.05 15:23:46 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2013.06.05 15:13:12 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.06.05 15:13:12 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.06.05 15:13:12 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.06.05 15:13:12 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.06.05 15:13:12 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.06.05 15:13:12 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.06.05 15:13:12 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.06.05 15:13:12 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.06.05 15:13:12 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.06.05 15:13:12 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.06.05 15:13:11 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.06.05 15:13:11 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.06.05 15:13:11 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.06.05 15:13:11 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.06.05 15:13:11 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.06.05 15:13:11 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.06.05 15:13:11 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.06.05 15:13:10 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.06.05 15:13:10 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.06.05 15:13:10 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.06.05 15:13:10 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.06.05 15:13:10 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.06.05 15:13:10 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.06.05 15:13:10 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.06.05 15:13:10 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.06.05 15:13:10 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.06.05 15:13:10 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.06.05 15:13:10 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.06.05 15:13:10 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.06.05 15:13:10 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.06.05 15:13:10 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.06.05 15:13:10 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.06.05 15:13:09 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.06.05 15:13:09 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.06.05 15:13:09 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.06.05 15:13:09 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.06.05 15:13:09 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.06.05 15:13:09 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.06.05 15:13:09 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.06.05 15:13:09 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.06.05 15:13:09 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.06.05 15:13:09 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.06.05 15:13:09 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.06.05 15:13:09 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.06.05 15:13:09 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.06.05 15:13:09 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.06.05 15:13:09 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.06.05 15:13:09 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.06.05 15:13:09 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.06.05 15:13:09 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.06.05 15:13:09 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.06.05 15:13:09 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.06.05 15:13:08 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.06.05 06:45:58 | 000,829,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll [2013.06.05 06:45:58 | 000,608,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp100.dll [2013.06.05 06:45:58 | 000,033,792 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll [2013.06.05 06:45:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\jmdp [2013.06.05 06:45:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ARFC [2013.06.05 06:45:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WNLT [2013.05.21 11:10:32 | 004,959,800 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxXtreme110.dll [2013.05.21 11:10:30 | 000,104,504 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxUISettingsN100.dll [2013.05.21 11:10:28 | 001,362,488 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxTool111.dll [2013.05.21 11:10:28 | 000,026,168 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxTPSW100.dll [2013.05.21 11:10:26 | 000,063,544 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxPXTree100.dll [2013.05.21 11:10:24 | 000,127,544 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxMail100.dll [2013.05.21 11:10:16 | 000,049,720 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LXCurr100.dll [2013.05.21 11:10:12 | 000,207,928 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxBasics100.dll [2013.05.21 11:10:12 | 000,068,152 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxCI12.dll [2013.05.20 21:14:44 | 000,049,720 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\FKStampPainter20.dll [2013.05.15 07:28:16 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.05.15 07:28:16 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.05.15 07:27:57 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.15 07:27:57 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.15 07:27:55 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.15 07:27:54 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.15 07:27:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013.05.14 19:52:10 | 000,000,000 | ---D | C] -- C:\Users\*** ***\Eigene Routen [2013.05.14 19:52:00 | 000,000,000 | ---D | C] -- C:\Users\*** ***\.hgt ========== Files - Modified Within 30 Days ========== [2013.06.12 19:44:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*** ***\Desktop\OTL.exe [2013.06.12 19:44:29 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.12 19:44:29 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.12 19:37:23 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.12 19:37:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.12 19:36:57 | 1609,965,568 | -HS- | M] () -- C:\hiberfil.sys [2013.06.12 19:34:32 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1831812534-1513340123-4198793270-1000UA.job [2013.06.12 19:20:18 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\DSite.job [2013.06.12 19:18:16 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.12 18:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.12 10:31:43 | 000,000,050 | ---- | M] () -- C:\Users\*** ***\AppData\Roaming\Opusbext.dat [2013.06.12 09:56:14 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.06.12 09:56:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.06.11 17:34:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1831812534-1513340123-4198793270-1000Core.job [2013.06.11 17:22:17 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET [2013.06.05 15:13:12 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.06.05 15:13:12 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.06.05 15:13:12 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.06.05 15:13:12 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.06.05 15:13:12 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.06.05 15:13:12 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.06.05 15:13:12 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.06.05 15:13:12 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.06.05 15:13:12 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.06.05 15:13:12 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.06.05 15:13:11 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.06.05 15:13:11 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.06.05 15:13:11 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.06.05 15:13:11 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.06.05 15:13:11 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.06.05 15:13:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.06.05 15:13:11 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.06.05 15:13:11 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.06.05 15:13:10 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.06.05 15:13:10 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.06.05 15:13:10 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.06.05 15:13:10 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.06.05 15:13:10 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.06.05 15:13:10 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.06.05 15:13:10 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.06.05 15:13:10 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.06.05 15:13:10 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.06.05 15:13:10 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.06.05 15:13:10 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.06.05 15:13:10 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.06.05 15:13:10 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.06.05 15:13:10 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.06.05 15:13:10 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.06.05 15:13:10 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.06.05 15:13:09 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.06.05 15:13:09 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.06.05 15:13:09 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.06.05 15:13:09 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.06.05 15:13:09 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.06.05 15:13:09 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.06.05 15:13:09 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.06.05 15:13:09 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.06.05 15:13:09 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.06.05 15:13:09 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.06.05 15:13:09 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.06.05 15:13:09 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.06.05 15:13:09 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.06.05 15:13:09 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.06.05 15:13:09 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.06.05 15:13:09 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.06.05 15:13:09 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.06.05 15:13:09 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.06.05 15:13:09 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.06.05 15:13:09 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.06.05 15:13:08 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.06.04 06:55:21 | 000,383,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.29 15:43:15 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.29 15:43:15 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.29 15:43:15 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.29 15:43:15 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.29 15:43:15 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.21 15:31:12 | 001,447,728 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe [2013.05.21 15:30:18 | 000,033,792 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll [2013.05.21 11:10:32 | 004,959,800 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxXtreme110.dll [2013.05.21 11:10:30 | 000,104,504 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxUISettingsN100.dll [2013.05.21 11:10:28 | 001,362,488 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxTool111.dll [2013.05.21 11:10:28 | 000,026,168 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxTPSW100.dll [2013.05.21 11:10:26 | 000,063,544 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxPXTree100.dll [2013.05.21 11:10:24 | 000,127,544 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxMail100.dll [2013.05.21 11:10:16 | 000,049,720 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LXCurr100.dll [2013.05.21 11:10:12 | 000,207,928 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxBasics100.dll [2013.05.21 11:10:12 | 000,068,152 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxCI12.dll [2013.05.20 21:14:44 | 000,049,720 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\FKStampPainter20.dll [2013.05.18 09:56:36 | 000,000,030 | ---- | M] () -- C:\Windows\Iedit.INI [2013.05.17 03:25:27 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.17 03:25:26 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.17 03:25:26 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.05.17 03:25:26 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.05.17 03:25:26 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.05.17 02:59:12 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.05.17 02:58:20 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.17 02:58:10 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.17 02:58:10 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.17 02:58:08 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.17 02:58:08 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.05.17 02:58:08 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.05.17 02:58:08 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.05.14 14:23:25 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.05.14 10:40:13 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe ========== Files Created - No Company Name ========== [2013.06.12 19:20:18 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\DSite.job [2013.06.05 15:13:10 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.06.05 15:13:09 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.06.05 06:45:58 | 001,447,728 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe [2013.05.14 11:09:52 | 000,013,030 | ---- | C] () -- C:\PDOXUSRS.NET [2013.03.21 16:29:42 | 000,207,928 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2013.03.21 16:29:42 | 000,138,808 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll [2013.03.21 16:29:42 | 000,074,808 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll [2013.03.21 16:29:40 | 000,319,032 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll [2013.01.21 12:41:08 | 000,103,832 | ---- | C] () -- C:\Users\*** ***\GoToAssistDownloadHelper.exe [2012.05.02 11:13:44 | 000,000,121 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.12.15 10:10:04 | 000,000,079 | ---- | C] () -- C:\Windows\GSSBProPlus.INI [2011.11.17 07:54:30 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit.INI [2011.11.14 12:28:58 | 000,000,050 | ---- | C] () -- C:\Users\*** ***\AppData\Roaming\Opusbext.dat [2011.11.12 16:19:56 | 000,000,042 | -H-- | C] () -- C:\Windows\SysWow64\_sbkzcu.dat [2011.11.05 13:59:52 | 000,004,008 | ---- | C] () -- C:\Windows\ULEAD32.INI [2011.11.04 20:18:40 | 000,000,160 | ---- | C] () -- C:\Windows\wstdUPSWSHIP.INI [2011.11.04 20:18:38 | 000,001,076 | ---- | C] () -- C:\Windows\ODBC.INI [2011.11.04 19:55:57 | 001,590,370 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.11.04 19:49:36 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.06.12 18:51:09 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\BabSolution [2012.07.10 19:20:59 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Babylon [2011.11.04 19:55:18 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Canneverbe Limited [2013.06.12 18:51:04 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Delta [2013.06.12 19:24:16 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\DesktopIconForAmazon [2013.06.12 19:20:17 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\DSite [2011.11.22 11:52:28 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\GlobalSCAPE [2012.05.24 14:10:40 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Lexware [2011.11.04 20:45:15 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Notepad++ [2013.06.12 19:20:21 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Open It! - Zip Extractor Packages [2012.06.16 14:57:03 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\OPHD [2011.11.29 18:21:03 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Ordner HP Share-to-Web [2011.11.04 19:49:53 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\pdfforge [2012.12.24 10:44:22 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\SQL Anywhere 12 [2013.06.12 19:25:19 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Systweak [2012.08.14 14:37:09 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\TeamViewer [2011.11.15 14:58:09 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\TuneUp Software [2011.11.05 14:06:53 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Ulead Systems [2013.06.12 19:20:36 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\WebCake ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.06.2013 19:46:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*** ***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,87 Gb Available Physical Memory | 43,67% Memory free
4,00 Gb Paging File | 2,33 Gb Available in Paging File | 58,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 401,91 Gb Free Space | 86,31% Space Free | Partition Type: NTFS
Drive D: | 186,31 Gb Total Space | 146,23 Gb Free Space | 78,49% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1831812534-1513340123-4198793270-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E65199B-22AA-4B51-96F3-A9D795229A63}" = lport=2869 | protocol=6 | dir=in | app=system |
"{184E1D88-4977-4E40-B7BC-946BB315FA59}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1D623761-40CF-4C29-9CDC-4A89E1247E76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{204A80DD-0B9B-4C70-AE00-DFA90D9040B2}" = lport=138 | protocol=17 | dir=in | app=system |
"{33BDD8CB-2F30-4E63-9AA6-A650683B53FB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{38355D3F-0B97-4699-A7AD-531C02567FF9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{40C6C4B7-19D7-4D59-9249-7BE2646925F9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{43CF6A48-4D78-4887-AE03-275E01B2634E}" = lport=3389 | protocol=6 | dir=in | app=system |
"{47B1561D-00E2-49E5-95FB-CF26071BA0F2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{65310333-99D3-463D-8DF3-0AD53B0A1DA9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7F6B24AF-83AD-412D-A017-6ED71678278E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{84254DDD-8969-4ECB-84BA-C72B5B65A8D3}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{86313D69-98A3-4031-9899-B9D4670C136D}" = lport=137 | protocol=17 | dir=in | app=system |
"{8D819C42-9159-480F-A82B-1A3E693F95EC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9214ABF1-BB7A-46D1-8595-9D9664B82703}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9967475D-6FA9-46E1-BCB5-D6FAE4ED575C}" = rport=445 | protocol=6 | dir=out | app=system |
"{A289D828-6F96-4FF4-9CCA-2790117D0085}" = rport=138 | protocol=17 | dir=out | app=system |
"{ADBA14AD-B945-4467-8005-D72FB5100EEB}" = lport=445 | protocol=6 | dir=in | app=system |
"{AE156639-4180-4B2F-8150-B59F9FB955AA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B1BE8006-E7BD-4E8E-9745-378EECC43502}" = rport=137 | protocol=17 | dir=out | app=system |
"{B2F26495-8DE0-46BF-90EB-D6B60AD29F66}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C2EB80D6-AC72-4C65-AA2F-F6DAA436BE91}" = lport=139 | protocol=6 | dir=in | app=system |
"{C2ED8E24-1E11-4E31-8AFE-A3FB37A6BA43}" = rport=139 | protocol=6 | dir=out | app=system |
"{CB8B040E-3579-4477-B76B-B789DDE9CFD5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D3BC31ED-2BFD-4F36-A118-9B68FA0ED72A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E35D370F-60F4-48B4-B60F-7058C9AA73A4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B0612F-BF7C-4D72-9E3C-DBC50C1AFD03}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{0828ED32-57BC-4E7B-BB23-811D1090A70F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0D51A730-61B1-4DEF-8633-C7E10C4BA752}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0FE89FCE-586F-4856-98C7-47F993FCFAF1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{12BA40B4-EEC1-4A1D-A9BB-20D8C7D23C8D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{15256A69-86EF-4EEE-91B0-970D26ECE05A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2F39219B-F4EE-420F-AD54-122D831DDF12}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{356FB8F3-C94E-40A3-8D67-51625E3D11B1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3A7BEB38-D793-44AE-8D22-FEFCD7D221EC}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{44610553-C6B6-40C6-A229-4D819AE5FAA5}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{4E79E6D9-4453-451C-ACFF-301963A4CB93}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{58E85AEA-DA83-4B8B-84A0-67B4675F085A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{61531546-3502-4B7B-982E-D42D20701AA8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{76BA1F43-7066-46F6-9F5E-12E435AAAE97}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{7BC6FFE8-25C6-4F78-90AD-3D7A14B59F4B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7BD5B8B1-A667-49BA-B217-02C6C6E8D4FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{840EA7F4-5D81-48E8-BE62-2755B101509D}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{886CA283-1CC8-404B-BDC7-95F4019587CD}" = protocol=17 | dir=in | app=c:\program files (x86)\sybase\sql anywhere 9\win32\dbeng9.exe |
"{8BBAD9B8-BAD6-492D-87DF-722C6996C2A7}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{8DE22B8E-CC21-4C21-A0DB-AB54065DF266}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8F349B75-7237-422C-ACEC-C8C534B8B497}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{992F933B-299E-4FE2-AB3D-9F8C8123A327}" = protocol=6 | dir=in | app=c:\program files (x86)\sybase\sql anywhere 9\win32\dbeng9.exe |
"{9DB69439-A713-47FA-AFBB-3D19A906C94E}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{ABB15B9B-91A6-4D49-A600-A37D4C4BBE2D}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{C07F9107-336E-44FD-9478-5412C9B7FE63}" = protocol=6 | dir=out | app=system |
"{C26BFBA5-C31A-42A4-9E2D-4C2B72B14076}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CFC9FEB6-57F4-4150-97CC-B758DF16920D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DCC04D3C-B6BE-4F18-8A96-5CA0A3CED861}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DCE88CFC-2B9B-41C0-B0CF-BF62F85E6547}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{E1EB6DF4-F88E-406A-B21C-CA48FB80F27E}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{E3BB4036-4E8E-41CD-9B62-8413AC582804}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{EEA3453B-C4AB-437F-8229-B32105E2A1F7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1CF057E-8680-4F2B-8D6C-64931C091E9C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0FC1E771-0FF6-4BBF-8F8D-697432945E84}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{5C25C975-4EC0-45B1-B7A9-E6C99D733C5D}C:\program files (x86)\netobjects\netobjects fusion 8\fusion.exe" = protocol=6 | dir=in | app=c:\program files (x86)\netobjects\netobjects fusion 8\fusion.exe |
"UDP Query User{41ACDCD6-F528-4A4D-A4DC-002EB208AA60}C:\program files (x86)\netobjects\netobjects fusion 8\fusion.exe" = protocol=17 | dir=in | app=c:\program files (x86)\netobjects\netobjects fusion 8\fusion.exe |
"UDP Query User{F55CED66-8E77-4A5B-A418-AEC5A2AF1F8E}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}" = WebCake 3.00
"{C92556F2-4950-48CF-ABA3-F0026B05BCE8}" = Microsoft SQL Server 2005 Backward compatibility
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6637-2606-7095-2085" = GLS UniConverter
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{008CAA3A-8BFA-42BB-B73A-19A1B542763F}" = Lexware Elster
"{0DDDE141-9696-4E33-AB82-EF398169D7E5}" = Ulead PhotoImpact XL
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserDefender
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2A033A00-FE0D-4609-B0E8-2C49CC494FC8}" = WorldShip
"{33035862-543C-4405-9CC6-08593CF2C25F}" = ReportServer
"{390160B4-D276-4A04-8002-8D3101A0D367}" = UPSICC
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56B59C2A-EFB8-44AC-88F5-3280171E4522}" = PolicyManager
"{57C75A9A-B032-46E9-A4AD-F760572066CA}" = Lexware anlagen scan 2010
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5AE59A84-B2F3-42CC-A246-5AF80F6EE770}" = Reconciler
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{68AF09E3-1167-4771-903C-CCCDCF7E171C}" = NRF
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DCEF2E6-2692-436E-843C-FBB09E808C5B}" = GS ShopBuilder Pro Plus 11
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{796ADAFF-7C5B-4CED-BA11-55A3644F1E0D}" = HP Photo and Imaging 2.2 - Scanjet 3970 Series
"{8AE7E507-BC49-4DF0-A236-26878691AB53}" = Lexware Info Service
"{8C5BD501-AD5D-4A75-9321-076509B438FC}" = WebHelp
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{949DBB22-2FB7-4de1-804C-23D495A988D8}" = CuteFTP 8 Home
"{95749C5B-BC37-41E3-8D39-EEF4C21A2825}" = CCC
"{95BFC573-7D09-46C9-B458-A75BA947FFCB}" = UPSVC2008MM
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5763105-D1D5-4862-A3FE-EC058F9AA73E}" = ICCHelp
"{A6BFA02C-520F-4A42-B388-6FF807464DD6}" = NetObjects Fusion 8
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Speicher-Disc
"{BC728F95-2D3F-4D05-9E1E-F2A3CEBF3FE8}" = FormsComponent
"{C23415D8-FE94-4F52-B5C4-0FFA2202C6D9}" = UPSVCMM
"{C30E30A6-0AB5-470A-AB67-D322938F5429}" = SupportUtility
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C9D43B38-34AD-4EC2-B696-46F42D49D174}" = MSIChecker
"{CF2962CB-E3E7-4AA5-B6CE-EE59A600ECBE}" = UnifiedPrinting
"{D44E7219-947E-4F1B-830E-66EF11ACC543}" = NA1Messenger
"{DB2C58E0-6284-4B48-97F2-22A980B6360B}" = System
"{E2E8C93B-9533-4C8C-9270-D98783BAC282}" = Lexware financial office premium 2013
"{E358CC1E-4953-4E27-ADEB-8B27D8BBC20E}" = UPSlinkHTTP
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EA9629DA-5715-48BA-B054-28169702B176}" = FOSS
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FF748561-FFFE-11D3-A06B-00E02939A7B1}" = dakota.ag
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"bi_uninstaller" = Bundled software uninstaller
"delta" = Delta toolbar
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"FilesFrog Update Checker" = FilesFrog Update Checker
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PROHYBRIDR" = 2007 Microsoft Office system
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"UPS WorldShip" = UPS WorldShip
"VLC media player" = VLC media player 1.1.11
"WNLT" = IB Updater Service
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1831812534-1513340123-4198793270-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Google Chrome Frame" = Google Chrome Frame
"Open It! - Zip Extractor Packages" = Open It! - Zip Extractor Packages
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 07.06.2013 01:27:04 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 08.06.2013 02:54:10 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 08.06.2013 06:18:42 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 10.06.2013 00:11:39 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 10.06.2013 06:18:52 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 10.0.9200.16576 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 12c0 Startzeit: 01ce65c20508d562 Endzeit: 0 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 10.06.2013 06:38:55 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 11.06.2013 01:18:50 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 12.06.2013 00:59:44 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 12.06.2013 10:37:49 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Iedit.exe, Version: 8.5.3.0, Zeitstempel:
0x40b1ac24 Name des fehlerhaften Moduls: ulibpng.dll, Version: 8.5.0.0, Zeitstempel:
0x3f4203d3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000365f ID des fehlerhaften Prozesses:
0x998 Startzeit der fehlerhaften Anwendung: 0x01ce677a643cf9c0 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact XL\Iedit.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact
XL\ulibpng.dll Berichtskennung: a735dba5-d36d-11e2-a031-e0cb4eb58c70
Error - 12.06.2013 12:44:58 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 12.06.2013 13:38:47 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 08.02.2013 06:11:34 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 29
seconds with 0 seconds of active time. This session ended with a crash.
Error - 08.02.2013 06:20:58 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 255
seconds with 180 seconds of active time. This session ended with a crash.
Error - 08.02.2013 09:32:15 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 997
seconds with 600 seconds of active time. This session ended with a crash.
Error - 08.02.2013 09:33:04 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 33
seconds with 0 seconds of active time. This session ended with a crash.
Error - 18.02.2013 06:09:34 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4004
seconds with 1320 seconds of active time. This session ended with a crash.
Error - 21.02.2013 11:34:41 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 27013
seconds with 6840 seconds of active time. This session ended with a crash.
Error - 21.03.2013 07:21:17 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 12644
seconds with 1680 seconds of active time. This session ended with a crash.
Error - 10.04.2013 05:46:31 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 202
seconds with 180 seconds of active time. This session ended with a crash.
Error - 23.04.2013 04:10:46 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1957
seconds with 480 seconds of active time. This session ended with a crash.
Error - 08.05.2013 05:42:12 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 643
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 11.06.2013 13:59:35 | Computer Name = *** | Source = DCOM | ID = 10010
Description =
Error - 12.06.2013 00:58:07 | Computer Name = *** | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFS
Error - 12.06.2013 01:00:09 | Computer Name = *** | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 12.06.2013 01:00:09 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 12.06.2013 12:43:34 | Computer Name = *** | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFS
Error - 12.06.2013 12:45:39 | Computer Name = *** | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 12.06.2013 12:45:39 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 12.06.2013 13:37:24 | Computer Name = *** | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFS
Error - 12.06.2013 13:39:26 | Computer Name = *** | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 12.06.2013 13:39:26 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-12 20:48:28
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD502HJ rev.1AJ100E4 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***G~1\AppData\Local\Temp\ugddypow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[744] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007645cfca 5 bytes JMP 0000000175464970
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ce1465 2 bytes [CE, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ce14bb 2 bytes [CE, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1744] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007645cfca 5 bytes JMP 0000000175464970
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[1812] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007645cfca 5 bytes JMP 0000000175464970
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ce1465 2 bytes [CE, 75]
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ce14bb 2 bytes [CE, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1208] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007645cfca 5 bytes JMP 0000000175464970
.text C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe[2300] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007645cfca 5 bytes JMP 0000000175464970
.text C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ce1465 2 bytes [CE, 75]
.text C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ce14bb 2 bytes [CE, 75]
.text ... * 2
.text C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[2520] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007645cfca 5 bytes JMP 0000000175464970
.text C:\Windows\SysWOW64\jmdp\stij.exe[1284] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007645cfca 5 bytes JMP 0000000175464970
.text C:\Windows\SysWOW64\jmdp\stij.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ce1465 2 bytes [CE, 75]
.text C:\Windows\SysWOW64\jmdp\stij.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ce14bb 2 bytes [CE, 75]
.text ... * 2
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[3196] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007645cfca 5 bytes JMP 0000000175464970
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[3196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ce1465 2 bytes [CE, 75]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe[3196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ce14bb 2 bytes [CE, 75]
.text ... * 2
.text C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe[3216] C:\Windows\syswow64\user32.DLL!DialogBoxParamW 000000007645cfca 5 bytes JMP 0000000175464970
.text C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ce1465 2 bytes [CE, 75]
.text C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ce14bb 2 bytes [CE, 75]
.text ... * 2
.text C:\Users\*****\AppData\Roaming\WebCake\WebCakeDesktop.exe[3224] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007645cfca 5 bytes JMP 0000000175464970
.text C:\UPS\WSTD\UPSNA1Msgr.exe[3296] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007645cfca 5 bytes JMP 0000000175464970
.text C:\UPS\WSTD\UPSNA1Msgr.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ce1465 2 bytes [CE, 75]
.text C:\UPS\WSTD\UPSNA1Msgr.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ce14bb 2 bytes [CE, 75]
.text ... * 2
.text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3380] C:\Windows\syswow64\user32.DLL!DialogBoxParamW 000000007645cfca 5 bytes JMP 0000000175464970
.text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ce1465 2 bytes [CE, 75]
.text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ce14bb 2 bytes [CE, 75]
.text ... * 2
.text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[3420] C:\Windows\syswow64\user32.DLL!DialogBoxParamW 000000007645cfca 5 bytes JMP 0000000175464970
.text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[3420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ce1465 2 bytes [CE, 75]
.text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[3420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ce14bb 2 bytes [CE, 75]
.text ... * 2
.text C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ce1465 2 bytes [CE, 75]
.text C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ce14bb 2 bytes [CE, 75]
.text ... * 2
.text C:\UPS\WSTD\WSTDMessaging.exe[3580] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007645cfca 5 bytes JMP 0000000175464970
.text C:\UPS\WSTD\WSTDMessaging.exe[3580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ce1465 2 bytes [CE, 75]
.text C:\UPS\WSTD\WSTDMessaging.exe[3580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ce14bb 2 bytes [CE, 75]
.text ... * 2
.text C:\Users\*****\Downloads\gmer_2.1.19163.exe[3960] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007645cfca 5 bytes JMP 0000000175464970
.text C:\Users\*****\Downloads\gmer_2.1.19163.exe[3960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ce1465 2 bytes [CE, 75]
.text C:\Users\*****\Downloads\gmer_2.1.19163.exe[3960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ce14bb 2 bytes [CE, 75]
.text ... * 2
---- EOF - GMER 2.1 ----
Geändert von Mrs.Ju (12.06.2013 um 20:30 Uhr) |
|
12.06.2013, 20:22
| #2 |
| /// Malware-holic   | Fenster mit wssetup.exe Perion Ltd. geht nach dem Hochfahren auf und ich soll installieren ? Hi,
__________________Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
12.06.2013, 20:32
| #3 |
| | Fenster mit wssetup.exe Perion Ltd. geht nach dem Hochfahren auf und ich soll installieren ? Hallo, das ging aber schnell ... :-)
__________________hier der Inhalt TDSS Code:
ATTFilter 21:27:08.0900 4588 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:27:09.0046 4588 ============================================================
21:27:09.0046 4588 Current date / time: 2013/06/12 21:27:09.0046
21:27:09.0046 4588 SystemInfo:
21:27:09.0046 4588
21:27:09.0046 4588 OS Version: 6.1.7601 ServicePack: 1.0
21:27:09.0046 4588 Product type: Workstation
21:27:09.0046 4588 ComputerName: JUTTA
21:27:09.0047 4588 UserName: Jutta Groß
21:27:09.0047 4588 Windows directory: C:\Windows
21:27:09.0047 4588 System windows directory: C:\Windows
21:27:09.0047 4588 Running under WOW64
21:27:09.0047 4588 Processor architecture: Intel x64
21:27:09.0047 4588 Number of processors: 2
21:27:09.0047 4588 Page size: 0x1000
21:27:09.0047 4588 Boot type: Normal boot
21:27:09.0047 4588 ============================================================
21:27:11.0463 4588 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
21:27:17.0484 4588 Drive \Device\Harddisk1\DR1 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:27:17.0633 4588 ============================================================
21:27:17.0633 4588 \Device\Harddisk0\DR0:
21:27:17.0648 4588 MBR partitions:
21:27:17.0648 4588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:27:17.0648 4588 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
21:27:17.0648 4588 \Device\Harddisk1\DR1:
21:27:17.0709 4588 MBR partitions:
21:27:17.0709 4588 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1749E000
21:27:17.0709 4588 ============================================================
21:27:17.0730 4588 C: <-> \Device\Harddisk0\DR0\Partition2
21:27:17.0730 4588 D: <-> \Device\Harddisk1\DR1\Partition1
21:27:17.0787 4588 ============================================================
21:27:17.0787 4588 Initialize success
21:27:17.0787 4588 ============================================================
21:28:36.0198 5016 ============================================================
21:28:36.0198 5016 Scan started
21:28:36.0198 5016 Mode: Manual; SigCheck; TDLFS;
21:28:36.0198 5016 ============================================================
21:28:36.0732 5016 ================ Scan system memory ========================
21:28:36.0732 5016 System memory - ok
21:28:36.0733 5016 ================ Scan services =============================
21:28:36.0874 5016 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:28:37.0022 5016 1394ohci - ok
21:28:37.0041 5016 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:28:37.0058 5016 ACPI - ok
21:28:37.0068 5016 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:28:37.0125 5016 AcpiPmi - ok
21:28:37.0232 5016 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:28:37.0254 5016 AdobeARMservice - ok
21:28:37.0360 5016 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:28:37.0382 5016 AdobeFlashPlayerUpdateSvc - ok
21:28:37.0416 5016 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:28:37.0435 5016 adp94xx - ok
21:28:37.0451 5016 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:28:37.0468 5016 adpahci - ok
21:28:37.0486 5016 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:28:37.0501 5016 adpu320 - ok
21:28:37.0524 5016 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:28:37.0644 5016 AeLookupSvc - ok
21:28:37.0677 5016 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:28:37.0748 5016 AFD - ok
21:28:37.0753 5016 AFS - ok
21:28:37.0778 5016 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:28:37.0791 5016 agp440 - ok
21:28:37.0805 5016 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:28:37.0840 5016 ALG - ok
21:28:37.0853 5016 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:28:37.0865 5016 aliide - ok
21:28:37.0879 5016 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:28:37.0892 5016 amdide - ok
21:28:37.0903 5016 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:28:37.0924 5016 AmdK8 - ok
21:28:37.0940 5016 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
21:28:37.0982 5016 AmdPPM - ok
21:28:38.0010 5016 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:28:38.0032 5016 amdsata - ok
21:28:38.0045 5016 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:28:38.0070 5016 amdsbs - ok
21:28:38.0083 5016 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:28:38.0097 5016 amdxata - ok
21:28:38.0112 5016 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:28:38.0217 5016 AppID - ok
21:28:38.0241 5016 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:28:38.0306 5016 AppIDSvc - ok
21:28:38.0329 5016 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
21:28:38.0396 5016 Appinfo - ok
21:28:38.0419 5016 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
21:28:38.0486 5016 AppMgmt - ok
21:28:38.0500 5016 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
21:28:38.0516 5016 arc - ok
21:28:38.0526 5016 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:28:38.0553 5016 arcsas - ok
21:28:38.0699 5016 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:28:38.0756 5016 aspnet_state - ok
21:28:38.0770 5016 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:28:38.0824 5016 AsyncMac - ok
21:28:38.0840 5016 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:28:38.0851 5016 atapi - ok
21:28:38.0873 5016 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:28:38.0916 5016 AudioEndpointBuilder - ok
21:28:38.0925 5016 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:28:38.0967 5016 AudioSrv - ok
21:28:38.0982 5016 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:28:39.0054 5016 AxInstSV - ok
21:28:39.0092 5016 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:28:39.0154 5016 b06bdrv - ok
21:28:39.0165 5016 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:28:39.0204 5016 b57nd60a - ok
21:28:39.0228 5016 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:28:39.0283 5016 BDESVC - ok
21:28:39.0296 5016 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:28:39.0362 5016 Beep - ok
21:28:39.0382 5016 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:28:39.0428 5016 BFE - ok
21:28:39.0469 5016 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:28:39.0530 5016 BITS - ok
21:28:39.0542 5016 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:28:39.0563 5016 blbdrive - ok
21:28:39.0577 5016 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:28:39.0616 5016 bowser - ok
21:28:39.0627 5016 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:28:39.0676 5016 BrFiltLo - ok
21:28:39.0685 5016 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:28:39.0703 5016 BrFiltUp - ok
21:28:39.0734 5016 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:28:39.0803 5016 Browser - ok
21:28:39.0936 5016 [ 013A330F16B1CECBDE5CB6F921689523 ] BrowserDefendert C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
21:28:39.0993 5016 BrowserDefendert - ok
21:28:40.0013 5016 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:28:40.0061 5016 Brserid - ok
21:28:40.0065 5016 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:28:40.0089 5016 BrSerWdm - ok
21:28:40.0093 5016 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:28:40.0112 5016 BrUsbMdm - ok
21:28:40.0116 5016 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:28:40.0139 5016 BrUsbSer - ok
21:28:40.0152 5016 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:28:40.0173 5016 BTHMODEM - ok
21:28:40.0194 5016 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:28:40.0225 5016 bthserv - ok
21:28:40.0240 5016 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:28:40.0291 5016 cdfs - ok
21:28:40.0303 5016 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:28:40.0333 5016 cdrom - ok
21:28:40.0349 5016 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:28:40.0388 5016 CertPropSvc - ok
21:28:40.0401 5016 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
21:28:40.0429 5016 circlass - ok
21:28:40.0445 5016 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:28:40.0462 5016 CLFS - ok
21:28:40.0497 5016 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:28:40.0509 5016 clr_optimization_v2.0.50727_32 - ok
21:28:40.0539 5016 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:28:40.0552 5016 clr_optimization_v2.0.50727_64 - ok
21:28:40.0590 5016 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:28:40.0747 5016 clr_optimization_v4.0.30319_32 - ok
21:28:40.0765 5016 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:28:40.0806 5016 clr_optimization_v4.0.30319_64 - ok
21:28:40.0811 5016 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
21:28:40.0849 5016 CmBatt - ok
21:28:40.0862 5016 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:28:40.0874 5016 cmdide - ok
21:28:40.0906 5016 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
21:28:40.0965 5016 CNG - ok
21:28:40.0993 5016 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
21:28:41.0005 5016 Compbatt - ok
21:28:41.0012 5016 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
21:28:41.0036 5016 CompositeBus - ok
21:28:41.0039 5016 COMSysApp - ok
21:28:41.0050 5016 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:28:41.0063 5016 crcdisk - ok
21:28:41.0122 5016 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:28:41.0271 5016 CryptSvc - ok
21:28:41.0305 5016 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
21:28:41.0365 5016 CSC - ok
21:28:41.0389 5016 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
21:28:41.0427 5016 CscService - ok
21:28:41.0456 5016 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:28:41.0502 5016 DcomLaunch - ok
21:28:41.0522 5016 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:28:41.0556 5016 defragsvc - ok
21:28:41.0565 5016 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:28:41.0608 5016 DfsC - ok
21:28:41.0628 5016 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:28:41.0687 5016 Dhcp - ok
21:28:41.0703 5016 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:28:41.0740 5016 discache - ok
21:28:41.0759 5016 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
21:28:41.0771 5016 Disk - ok
21:28:41.0794 5016 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
21:28:41.0847 5016 dmvsc - ok
21:28:41.0868 5016 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:28:41.0920 5016 Dnscache - ok
21:28:41.0935 5016 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:28:41.0986 5016 dot3svc - ok
21:28:42.0014 5016 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:28:42.0050 5016 DPS - ok
21:28:42.0064 5016 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:28:42.0089 5016 drmkaud - ok
21:28:42.0131 5016 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:28:42.0158 5016 DXGKrnl - ok
21:28:42.0173 5016 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:28:42.0216 5016 EapHost - ok
21:28:42.0277 5016 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:28:42.0361 5016 ebdrv - ok
21:28:42.0391 5016 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:28:42.0448 5016 EFS - ok
21:28:42.0523 5016 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:28:42.0598 5016 ehRecvr - ok
21:28:42.0616 5016 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:28:42.0666 5016 ehSched - ok
21:28:42.0688 5016 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:28:42.0709 5016 elxstor - ok
21:28:42.0723 5016 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:28:42.0742 5016 ErrDev - ok
21:28:42.0768 5016 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:28:42.0809 5016 EventSystem - ok
21:28:42.0822 5016 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:28:42.0855 5016 exfat - ok
21:28:42.0880 5016 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:28:42.0924 5016 fastfat - ok
21:28:42.0943 5016 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:28:42.0995 5016 Fax - ok
21:28:43.0008 5016 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:28:43.0026 5016 fdc - ok
21:28:43.0038 5016 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:28:43.0081 5016 fdPHost - ok
21:28:43.0091 5016 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:28:43.0128 5016 FDResPub - ok
21:28:43.0145 5016 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:28:43.0158 5016 FileInfo - ok
21:28:43.0164 5016 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:28:43.0201 5016 Filetrace - ok
21:28:43.0223 5016 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:28:43.0236 5016 flpydisk - ok
21:28:43.0250 5016 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:28:43.0266 5016 FltMgr - ok
21:28:43.0323 5016 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
21:28:43.0406 5016 FontCache - ok
21:28:43.0454 5016 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:28:43.0473 5016 FontCache3.0.0.0 - ok
21:28:43.0484 5016 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:28:43.0498 5016 FsDepends - ok
21:28:43.0518 5016 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:28:43.0530 5016 Fs_Rec - ok
21:28:43.0562 5016 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:28:43.0603 5016 fvevol - ok
21:28:43.0622 5016 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:28:43.0634 5016 gagp30kx - ok
21:28:43.0673 5016 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:28:43.0720 5016 gpsvc - ok
21:28:43.0856 5016 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:28:43.0875 5016 gupdate - ok
21:28:43.0906 5016 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:28:43.0922 5016 gupdatem - ok
21:28:43.0972 5016 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:28:43.0993 5016 gusvc - ok
21:28:44.0007 5016 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:28:44.0054 5016 hcw85cir - ok
21:28:44.0078 5016 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:28:44.0114 5016 HdAudAddService - ok
21:28:44.0130 5016 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:28:44.0154 5016 HDAudBus - ok
21:28:44.0164 5016 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:28:44.0194 5016 HidBatt - ok
21:28:44.0202 5016 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:28:44.0229 5016 HidBth - ok
21:28:44.0251 5016 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
21:28:44.0266 5016 HidIr - ok
21:28:44.0285 5016 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:28:44.0317 5016 hidserv - ok
21:28:44.0326 5016 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:28:44.0339 5016 HidUsb - ok
21:28:44.0357 5016 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:28:44.0395 5016 hkmsvc - ok
21:28:44.0414 5016 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:28:44.0449 5016 HomeGroupListener - ok
21:28:44.0471 5016 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:28:44.0497 5016 HomeGroupProvider - ok
21:28:44.0509 5016 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:28:44.0522 5016 HpSAMD - ok
21:28:44.0547 5016 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:28:44.0599 5016 HTTP - ok
21:28:44.0612 5016 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:28:44.0625 5016 hwpolicy - ok
21:28:44.0633 5016 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:28:44.0646 5016 i8042prt - ok
21:28:44.0669 5016 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:28:44.0687 5016 iaStorV - ok
21:28:44.0776 5016 [ C58305AC412A2DE95D461072E0AF5AAF ] IBUpdaterService C:\Windows\system32\dmwu.exe
21:28:44.0839 5016 IBUpdaterService - ok
21:28:44.0889 5016 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:28:44.0913 5016 idsvc - ok
21:28:44.0930 5016 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:28:44.0943 5016 iirsp - ok
21:28:44.0975 5016 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:28:45.0020 5016 IKEEXT - ok
21:28:45.0031 5016 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:28:45.0043 5016 intelide - ok
21:28:45.0051 5016 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:28:45.0075 5016 intelppm - ok
21:28:45.0085 5016 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:28:45.0126 5016 IPBusEnum - ok
21:28:45.0139 5016 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:28:45.0174 5016 IpFilterDriver - ok
21:28:45.0208 5016 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:28:45.0278 5016 iphlpsvc - ok
21:28:45.0289 5016 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:28:45.0307 5016 IPMIDRV - ok
21:28:45.0322 5016 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:28:45.0360 5016 IPNAT - ok
21:28:45.0373 5016 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:28:45.0402 5016 IRENUM - ok
21:28:45.0412 5016 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:28:45.0425 5016 isapnp - ok
21:28:45.0449 5016 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:28:45.0466 5016 iScsiPrt - ok
21:28:45.0479 5016 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:28:45.0491 5016 kbdclass - ok
21:28:45.0501 5016 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:28:45.0514 5016 kbdhid - ok
21:28:45.0529 5016 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:28:45.0541 5016 KeyIso - ok
21:28:45.0557 5016 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:28:45.0571 5016 KSecDD - ok
21:28:45.0599 5016 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:28:45.0613 5016 KSecPkg - ok
21:28:45.0627 5016 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:28:45.0671 5016 ksthunk - ok
21:28:45.0694 5016 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:28:45.0738 5016 KtmRm - ok
21:28:45.0764 5016 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:28:45.0810 5016 LanmanServer - ok
21:28:45.0825 5016 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:28:45.0857 5016 LanmanWorkstation - ok
21:28:45.0870 5016 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:28:45.0910 5016 lltdio - ok
21:28:45.0933 5016 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:28:46.0010 5016 lltdsvc - ok
21:28:46.0027 5016 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:28:46.0064 5016 lmhosts - ok
21:28:46.0083 5016 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:28:46.0097 5016 LSI_FC - ok
21:28:46.0123 5016 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:28:46.0137 5016 LSI_SAS - ok
21:28:46.0147 5016 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:28:46.0159 5016 LSI_SAS2 - ok
21:28:46.0177 5016 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:28:46.0190 5016 LSI_SCSI - ok
21:28:46.0202 5016 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:28:46.0245 5016 luafv - ok
21:28:46.0263 5016 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:28:46.0285 5016 Mcx2Svc - ok
21:28:46.0377 5016 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
21:28:46.0402 5016 MDM ( UnsignedFile.Multi.Generic ) - warning
21:28:46.0402 5016 MDM - detected UnsignedFile.Multi.Generic (1)
21:28:46.0420 5016 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
21:28:46.0441 5016 megasas - ok
21:28:46.0458 5016 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:28:46.0474 5016 MegaSR - ok
21:28:46.0495 5016 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:28:46.0555 5016 MMCSS - ok
21:28:46.0571 5016 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:28:46.0609 5016 Modem - ok
21:28:46.0635 5016 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:28:46.0660 5016 monitor - ok
21:28:46.0694 5016 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:28:46.0713 5016 mouclass - ok
21:28:46.0730 5016 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:28:46.0754 5016 mouhid - ok
21:28:46.0772 5016 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:28:46.0785 5016 mountmgr - ok
21:28:46.0817 5016 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
21:28:46.0846 5016 MpFilter - ok
21:28:46.0859 5016 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:28:46.0873 5016 mpio - ok
21:28:46.0889 5016 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:28:46.0920 5016 mpsdrv - ok
21:28:46.0938 5016 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:28:46.0990 5016 MpsSvc - ok
21:28:47.0018 5016 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:28:47.0076 5016 MRxDAV - ok
21:28:47.0107 5016 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:28:47.0146 5016 mrxsmb - ok
21:28:47.0161 5016 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:28:47.0190 5016 mrxsmb10 - ok
21:28:47.0206 5016 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:28:47.0220 5016 mrxsmb20 - ok
21:28:47.0234 5016 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:28:47.0247 5016 msahci - ok
21:28:47.0267 5016 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:28:47.0284 5016 msdsm - ok
21:28:47.0300 5016 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:28:47.0321 5016 MSDTC - ok
21:28:47.0337 5016 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:28:47.0374 5016 Msfs - ok
21:28:47.0388 5016 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:28:47.0429 5016 mshidkmdf - ok
21:28:47.0444 5016 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:28:47.0456 5016 msisadrv - ok
21:28:47.0487 5016 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:28:47.0527 5016 MSiSCSI - ok
21:28:47.0531 5016 msiserver - ok
21:28:47.0540 5016 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:28:47.0583 5016 MSKSSRV - ok
21:28:47.0653 5016 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:28:47.0676 5016 MsMpSvc - ok
21:28:47.0693 5016 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:28:47.0729 5016 MSPCLOCK - ok
21:28:47.0740 5016 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:28:47.0774 5016 MSPQM - ok
21:28:47.0799 5016 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:28:47.0816 5016 MsRPC - ok
21:28:47.0834 5016 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:28:47.0845 5016 mssmbios - ok
21:28:47.0858 5016 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:28:47.0888 5016 MSTEE - ok
21:28:47.0896 5016 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:28:47.0946 5016 MTConfig - ok
21:28:47.0965 5016 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
21:28:47.0981 5016 MTsensor - ok
21:28:47.0992 5016 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:28:48.0005 5016 Mup - ok
21:28:48.0036 5016 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:28:48.0081 5016 napagent - ok
21:28:48.0099 5016 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:28:48.0132 5016 NativeWifiP - ok
21:28:48.0168 5016 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:28:48.0223 5016 NDIS - ok
21:28:48.0238 5016 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:28:48.0269 5016 NdisCap - ok
21:28:48.0276 5016 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:28:48.0306 5016 NdisTapi - ok
21:28:48.0322 5016 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:28:48.0388 5016 Ndisuio - ok
21:28:48.0401 5016 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:28:48.0444 5016 NdisWan - ok
21:28:48.0454 5016 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:28:48.0492 5016 NDProxy - ok
21:28:48.0503 5016 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:28:48.0541 5016 NetBIOS - ok
21:28:48.0564 5016 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:28:48.0596 5016 NetBT - ok
21:28:48.0609 5016 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:28:48.0621 5016 Netlogon - ok
21:28:48.0653 5016 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:28:48.0717 5016 Netman - ok
21:28:48.0760 5016 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:28:48.0792 5016 NetMsmqActivator - ok
21:28:48.0797 5016 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:28:48.0808 5016 NetPipeActivator - ok
21:28:48.0823 5016 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:28:48.0867 5016 netprofm - ok
21:28:48.0876 5016 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:28:48.0887 5016 NetTcpActivator - ok
21:28:48.0891 5016 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:28:48.0902 5016 NetTcpPortSharing - ok
21:28:48.0913 5016 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:28:48.0926 5016 nfrd960 - ok
21:28:48.0957 5016 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:28:48.0972 5016 NisDrv - ok
21:28:49.0001 5016 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
21:28:49.0021 5016 NisSrv - ok
21:28:49.0035 5016 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:28:49.0060 5016 NlaSvc - ok
21:28:49.0081 5016 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:28:49.0111 5016 Npfs - ok
21:28:49.0133 5016 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:28:49.0174 5016 nsi - ok
21:28:49.0189 5016 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:28:49.0229 5016 nsiproxy - ok
21:28:49.0287 5016 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:28:49.0330 5016 Ntfs - ok
21:28:49.0353 5016 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:28:49.0391 5016 Null - ok
21:28:49.0571 5016 [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:28:49.0784 5016 nvlddmkm - ok
21:28:49.0804 5016 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:28:49.0819 5016 nvraid - ok
21:28:49.0828 5016 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:28:49.0842 5016 nvstor - ok
21:28:49.0878 5016 [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc C:\Windows\system32\nvvsvc.exe
21:28:49.0917 5016 nvsvc - ok
21:28:49.0977 5016 [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:28:50.0012 5016 nvUpdatusService - ok
21:28:50.0026 5016 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:28:50.0039 5016 nv_agp - ok
21:28:50.0090 5016 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:28:50.0117 5016 odserv - ok
21:28:50.0137 5016 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:28:50.0161 5016 ohci1394 - ok
21:28:50.0211 5016 [ 9F7F6036149A1333018545283B7FF09E ] OKI OPHD DCS Loader C:\Windows\system32\spool\DRIVERS\x64\3\OPHDLDCS.EXE
21:28:50.0227 5016 OKI OPHD DCS Loader ( UnsignedFile.Multi.Generic ) - warning
21:28:50.0227 5016 OKI OPHD DCS Loader - detected UnsignedFile.Multi.Generic (1)
21:28:50.0245 5016 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:28:50.0266 5016 ose - ok
21:28:50.0302 5016 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:28:50.0381 5016 p2pimsvc - ok
21:28:50.0414 5016 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:28:50.0443 5016 p2psvc - ok
21:28:50.0458 5016 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:28:50.0482 5016 Parport - ok
21:28:50.0509 5016 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:28:50.0522 5016 partmgr - ok
21:28:50.0531 5016 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:28:50.0550 5016 PcaSvc - ok
21:28:50.0567 5016 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:28:50.0582 5016 pci - ok
21:28:50.0598 5016 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:28:50.0610 5016 pciide - ok
21:28:50.0623 5016 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:28:50.0638 5016 pcmcia - ok
21:28:50.0654 5016 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:28:50.0666 5016 pcw - ok
21:28:50.0721 5016 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:28:50.0772 5016 PEAUTH - ok
21:28:50.0814 5016 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:28:50.0862 5016 PeerDistSvc - ok
21:28:50.0912 5016 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:28:50.0960 5016 PerfHost - ok
21:28:51.0009 5016 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:28:51.0076 5016 pla - ok
21:28:51.0107 5016 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:28:51.0169 5016 PlugPlay - ok
21:28:51.0179 5016 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:28:51.0203 5016 PNRPAutoReg - ok
21:28:51.0220 5016 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:28:51.0235 5016 PNRPsvc - ok
21:28:51.0262 5016 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:28:51.0304 5016 PolicyAgent - ok
21:28:51.0337 5016 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:28:51.0387 5016 Power - ok
21:28:51.0403 5016 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:28:51.0444 5016 PptpMiniport - ok
21:28:51.0453 5016 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
21:28:51.0481 5016 Processor - ok
21:28:51.0512 5016 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:28:51.0553 5016 ProfSvc - ok
21:28:51.0564 5016 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:28:51.0577 5016 ProtectedStorage - ok
21:28:51.0586 5016 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:28:51.0623 5016 Psched - ok
21:28:51.0660 5016 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:28:51.0696 5016 ql2300 - ok
21:28:51.0708 5016 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:28:51.0723 5016 ql40xx - ok
21:28:51.0753 5016 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:28:51.0773 5016 QWAVE - ok
21:28:51.0784 5016 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:28:51.0801 5016 QWAVEdrv - ok
21:28:51.0812 5016 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:28:51.0842 5016 RasAcd - ok
21:28:51.0866 5016 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:28:51.0907 5016 RasAgileVpn - ok
21:28:51.0920 5016 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:28:51.0961 5016 RasAuto - ok
21:28:51.0974 5016 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:28:52.0006 5016 Rasl2tp - ok
21:28:52.0023 5016 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:28:52.0064 5016 RasMan - ok
21:28:52.0079 5016 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:28:52.0120 5016 RasPppoe - ok
21:28:52.0137 5016 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:28:52.0168 5016 RasSstp - ok
21:28:52.0181 5016 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:28:52.0219 5016 rdbss - ok
21:28:52.0235 5016 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:28:52.0263 5016 rdpbus - ok
21:28:52.0279 5016 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:28:52.0315 5016 RDPCDD - ok
21:28:52.0341 5016 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:28:52.0372 5016 RDPDR - ok
21:28:52.0382 5016 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:28:52.0419 5016 RDPENCDD - ok
21:28:52.0430 5016 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:28:52.0460 5016 RDPREFMP - ok
21:28:52.0587 5016 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:28:52.0651 5016 RdpVideoMiniport - ok
21:28:52.0687 5016 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:28:52.0718 5016 RDPWD - ok
21:28:52.0733 5016 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:28:52.0748 5016 rdyboost - ok
21:28:52.0779 5016 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:28:52.0816 5016 RemoteAccess - ok
21:28:52.0843 5016 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:28:52.0883 5016 RemoteRegistry - ok
21:28:52.0900 5016 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:28:52.0932 5016 RpcEptMapper - ok
21:28:52.0939 5016 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:28:52.0959 5016 RpcLocator - ok
21:28:52.0972 5016 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:28:53.0007 5016 RpcSs - ok
21:28:53.0017 5016 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:28:53.0058 5016 rspndr - ok
21:28:53.0086 5016 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:28:53.0105 5016 RTL8167 - ok
21:28:53.0124 5016 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:28:53.0144 5016 s3cap - ok
21:28:53.0154 5016 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:28:53.0166 5016 SamSs - ok
21:28:53.0181 5016 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:28:53.0194 5016 sbp2port - ok
21:28:53.0216 5016 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:28:53.0263 5016 SCardSvr - ok
21:28:53.0288 5016 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:28:53.0326 5016 scfilter - ok
21:28:53.0351 5016 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:28:53.0406 5016 Schedule - ok
21:28:53.0429 5016 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:28:53.0460 5016 SCPolicySvc - ok
21:28:53.0480 5016 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:28:53.0520 5016 SDRSVC - ok
21:28:53.0536 5016 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:28:53.0577 5016 secdrv - ok
21:28:53.0589 5016 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:28:53.0643 5016 seclogon - ok
21:28:53.0659 5016 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:28:53.0700 5016 SENS - ok
21:28:53.0711 5016 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:28:53.0750 5016 SensrSvc - ok
21:28:53.0762 5016 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:28:53.0783 5016 Serenum - ok
21:28:53.0794 5016 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:28:53.0826 5016 Serial - ok
21:28:53.0840 5016 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:28:53.0858 5016 sermouse - ok
21:28:53.0875 5016 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:28:53.0913 5016 SessionEnv - ok
21:28:53.0925 5016 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:28:53.0940 5016 sffdisk - ok
21:28:53.0944 5016 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:28:53.0966 5016 sffp_mmc - ok
21:28:53.0978 5016 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:28:54.0002 5016 sffp_sd - ok
21:28:54.0015 5016 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:28:54.0037 5016 sfloppy - ok
21:28:54.0072 5016 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:28:54.0119 5016 SharedAccess - ok
21:28:54.0149 5016 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:28:54.0193 5016 ShellHWDetection - ok
21:28:54.0212 5016 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:28:54.0224 5016 SiSRaid2 - ok
21:28:54.0241 5016 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:28:54.0254 5016 SiSRaid4 - ok
21:28:54.0270 5016 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:28:54.0308 5016 Smb - ok
21:28:54.0329 5016 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:28:54.0365 5016 SNMPTRAP - ok
21:28:54.0381 5016 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:28:54.0393 5016 spldr - ok
21:28:54.0423 5016 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:28:54.0485 5016 Spooler - ok
21:28:54.0557 5016 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:28:54.0651 5016 sppsvc - ok
21:28:54.0676 5016 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:28:54.0709 5016 sppuinotify - ok
21:28:54.0739 5016 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:28:54.0769 5016 srv - ok
21:28:54.0789 5016 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:28:54.0823 5016 srv2 - ok
21:28:54.0834 5016 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:28:54.0848 5016 srvnet - ok
21:28:54.0872 5016 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:28:54.0905 5016 SSDPSRV - ok
21:28:54.0915 5016 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:28:54.0947 5016 SstpSvc - ok
21:28:55.0001 5016 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:28:55.0028 5016 Stereo Service - ok
21:28:55.0051 5016 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:28:55.0063 5016 stexstor - ok
21:28:55.0090 5016 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:28:55.0114 5016 stisvc - ok
21:28:55.0132 5016 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
21:28:55.0144 5016 storflt - ok
21:28:55.0168 5016 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
21:28:55.0205 5016 StorSvc - ok
21:28:55.0222 5016 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:28:55.0236 5016 storvsc - ok
21:28:55.0247 5016 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:28:55.0260 5016 swenum - ok
21:28:55.0280 5016 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:28:55.0318 5016 swprv - ok
21:28:55.0352 5016 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:28:55.0398 5016 SysMain - ok
21:28:55.0414 5016 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:28:55.0443 5016 TabletInputService - ok
21:28:55.0456 5016 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:28:55.0498 5016 TapiSrv - ok
21:28:55.0516 5016 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:28:55.0548 5016 TBS - ok
21:28:55.0599 5016 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:28:55.0642 5016 Tcpip - ok
21:28:55.0665 5016 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:28:55.0698 5016 TCPIP6 - ok
21:28:55.0737 5016 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:28:55.0749 5016 tcpipreg - ok
21:28:55.0767 5016 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:28:55.0800 5016 TDPIPE - ok
21:28:55.0828 5016 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:28:55.0849 5016 TDTCP - ok
21:28:55.0861 5016 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:28:55.0892 5016 tdx - ok
21:28:55.0903 5016 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:28:55.0916 5016 TermDD - ok
21:28:55.0936 5016 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:28:55.0975 5016 TermService - ok
21:28:55.0987 5016 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:28:56.0004 5016 Themes - ok
21:28:56.0025 5016 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:28:56.0056 5016 THREADORDER - ok
21:28:56.0069 5016 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:28:56.0109 5016 TrkWks - ok
21:28:56.0148 5016 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:28:56.0192 5016 TrustedInstaller - ok
21:28:56.0201 5016 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:28:56.0243 5016 tssecsrv - ok
21:28:56.0267 5016 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:28:56.0296 5016 TsUsbFlt - ok
21:28:56.0329 5016 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
21:28:56.0342 5016 TsUsbGD - ok
21:28:56.0417 5016 [ 286809293BC5AE5D6A1A381B53C72D1A ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
21:28:56.0466 5016 TuneUp.UtilitiesSvc - ok
21:28:56.0484 5016 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
21:28:56.0494 5016 TuneUpUtilitiesDrv - ok
21:28:56.0510 5016 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:28:56.0551 5016 tunnel - ok
21:28:56.0561 5016 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:28:56.0574 5016 uagp35 - ok
21:28:56.0596 5016 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:28:56.0637 5016 udfs - ok
21:28:56.0661 5016 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:28:56.0687 5016 UI0Detect - ok
21:28:56.0702 5016 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:28:56.0715 5016 uliagpkx - ok
21:28:56.0741 5016 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:28:56.0763 5016 umbus - ok
21:28:56.0771 5016 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
21:28:56.0787 5016 UmPass - ok
21:28:56.0809 5016 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
21:28:56.0835 5016 UmRdpService - ok
21:28:56.0854 5016 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:28:56.0895 5016 upnphost - ok
21:28:56.0926 5016 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:28:56.0970 5016 usbccgp - ok
21:28:56.0986 5016 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:28:57.0002 5016 usbcir - ok
21:28:57.0012 5016 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:28:57.0033 5016 usbehci - ok
21:28:57.0046 5016 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:28:57.0071 5016 usbhub - ok
21:28:57.0084 5016 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:28:57.0106 5016 usbohci - ok
21:28:57.0116 5016 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:28:57.0140 5016 usbprint - ok
21:28:57.0163 5016 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:28:57.0178 5016 usbscan - ok
21:28:57.0191 5016 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:28:57.0229 5016 USBSTOR - ok
21:28:57.0242 5016 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:28:57.0264 5016 usbuhci - ok
21:28:57.0296 5016 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:28:57.0354 5016 UxSms - ok
21:28:57.0380 5016 [ 594DF74EC1411592585D8FE8165D0816 ] UxTuneUp C:\Windows\System32\uxtuneup.dll
21:28:57.0391 5016 UxTuneUp - ok
21:28:57.0410 5016 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:28:57.0423 5016 VaultSvc - ok
21:28:57.0433 5016 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:28:57.0446 5016 vdrvroot - ok
21:28:57.0465 5016 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:28:57.0515 5016 vds - ok
21:28:57.0535 5016 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:28:57.0557 5016 vga - ok
21:28:57.0567 5016 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:28:57.0598 5016 VgaSave - ok
21:28:57.0610 5016 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:28:57.0626 5016 vhdmp - ok
21:28:57.0635 5016 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:28:57.0648 5016 viaide - ok
21:28:57.0679 5016 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:28:57.0694 5016 vmbus - ok
21:28:57.0705 5016 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:28:57.0729 5016 VMBusHID - ok
21:28:57.0743 5016 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:28:57.0756 5016 volmgr - ok
21:28:57.0770 5016 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:28:57.0788 5016 volmgrx - ok
21:28:57.0799 5016 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:28:57.0816 5016 volsnap - ok
21:28:57.0834 5016 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:28:57.0848 5016 vsmraid - ok
21:28:57.0892 5016 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:28:57.0961 5016 VSS - ok
21:28:57.0974 5016 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:28:57.0996 5016 vwifibus - ok
21:28:58.0012 5016 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:28:58.0048 5016 W32Time - ok
21:28:58.0060 5016 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:28:58.0079 5016 WacomPen - ok
21:28:58.0092 5016 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:28:58.0129 5016 WANARP - ok
21:28:58.0133 5016 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:28:58.0162 5016 Wanarpv6 - ok
21:28:58.0201 5016 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:28:58.0243 5016 wbengine - ok
21:28:58.0262 5016 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:28:58.0283 5016 WbioSrvc - ok
21:28:58.0301 5016 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:28:58.0336 5016 wcncsvc - ok
21:28:58.0350 5016 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:28:58.0421 5016 WcsPlugInService - ok
21:28:58.0432 5016 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
21:28:58.0444 5016 Wd - ok
21:28:58.0478 5016 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:28:58.0511 5016 Wdf01000 - ok
21:28:58.0523 5016 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:28:58.0590 5016 WdiServiceHost - ok
21:28:58.0596 5016 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:28:58.0618 5016 WdiSystemHost - ok
21:28:58.0657 5016 [ E89D463AB373CFACCCBB0645E9AE8154 ] WebCake Desktop Updater C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe
21:28:58.0661 5016 WebCake Desktop Updater ( UnsignedFile.Multi.Generic ) - warning
21:28:58.0661 5016 WebCake Desktop Updater - detected UnsignedFile.Multi.Generic (1)
21:28:58.0674 5016 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:28:58.0703 5016 WebClient - ok
21:28:58.0719 5016 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:28:58.0765 5016 Wecsvc - ok
21:28:58.0780 5016 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:28:58.0823 5016 wercplsupport - ok
21:28:58.0834 5016 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:28:58.0866 5016 WerSvc - ok
21:28:58.0876 5016 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:28:58.0906 5016 WfpLwf - ok
21:28:58.0918 5016 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:28:58.0930 5016 WIMMount - ok
21:28:58.0949 5016 WinDefend - ok
21:28:58.0962 5016 WinHttpAutoProxySvc - ok
21:28:59.0012 5016 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:28:59.0059 5016 Winmgmt - ok
21:28:59.0119 5016 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:28:59.0179 5016 WinRM - ok
21:28:59.0231 5016 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:28:59.0245 5016 WinUsb - ok
21:28:59.0281 5016 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:28:59.0321 5016 Wlansvc - ok
21:28:59.0342 5016 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:28:59.0360 5016 WmiAcpi - ok
21:28:59.0375 5016 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:28:59.0404 5016 wmiApSrv - ok
21:28:59.0432 5016 WMPNetworkSvc - ok
21:28:59.0442 5016 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:28:59.0480 5016 WPCSvc - ok
21:28:59.0494 5016 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:28:59.0520 5016 WPDBusEnum - ok
21:28:59.0533 5016 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:28:59.0563 5016 ws2ifsl - ok
21:28:59.0572 5016 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:28:59.0601 5016 wscsvc - ok
21:28:59.0604 5016 WSearch - ok
21:28:59.0659 5016 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:28:59.0711 5016 wuauserv - ok
21:28:59.0746 5016 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:28:59.0812 5016 WudfPf - ok
21:28:59.0829 5016 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:28:59.0861 5016 WUDFRd - ok
21:28:59.0889 5016 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:28:59.0915 5016 wudfsvc - ok
21:28:59.0939 5016 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
21:28:59.0974 5016 WwanSvc - ok
21:28:59.0979 5016 ================ Scan global ===============================
21:29:00.0048 5016 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:29:00.0078 5016 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:29:00.0097 5016 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:29:00.0125 5016 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:29:00.0147 5016 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:29:00.0153 5016 [Global] - ok
21:29:00.0154 5016 ================ Scan MBR ==================================
21:29:00.0164 5016 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:29:00.0326 5016 \Device\Harddisk0\DR0 - ok
21:29:00.0330 5016 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk1\DR1
21:29:00.0381 5016 \Device\Harddisk1\DR1 - ok
21:29:00.0382 5016 ================ Scan VBR ==================================
21:29:00.0385 5016 [ F4005DE19FE2B937B1209F25B77F40CA ] \Device\Harddisk0\DR0\Partition1
21:29:00.0387 5016 \Device\Harddisk0\DR0\Partition1 - ok
21:29:00.0416 5016 [ BEC6B774BA4C9C608BAC1E5D96F1D9FA ] \Device\Harddisk0\DR0\Partition2
21:29:00.0417 5016 \Device\Harddisk0\DR0\Partition2 - ok
21:29:00.0421 5016 [ 31B377D3D30C71E3BAE8E52D190D7F91 ] \Device\Harddisk1\DR1\Partition1
21:29:00.0423 5016 \Device\Harddisk1\DR1\Partition1 - ok
21:29:00.0424 5016 ============================================================
21:29:00.0424 5016 Scan finished
21:29:00.0424 5016 ============================================================
21:29:00.0437 4360 Detected object count: 3
21:29:00.0437 4360 Actual detected object count: 3
21:29:19.0827 4360 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
21:29:19.0828 4360 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:29:19.0829 4360 OKI OPHD DCS Loader ( UnsignedFile.Multi.Generic ) - skipped by user
21:29:19.0830 4360 OKI OPHD DCS Loader ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:29:19.0831 4360 WebCake Desktop Updater ( UnsignedFile.Multi.Generic ) - skipped by user
21:29:19.0831 4360 WebCake Desktop Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:29:28.0406 4988 Deinitialize success
|
|
12.06.2013, 20:40
| #4 |
| /// Malware-holic | Fenster mit wssetup.exe Perion Ltd. geht nach dem Hochfahren auf und ich soll installieren ? Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.06.2013, 08:27
| #5 |
| | Fenster mit wssetup.exe Perion Ltd. geht nach dem Hochfahren auf und ich soll installieren ? Hallo, hier nun die Combofix - Datei: Zur Information: Es ist alles problemlos durchgelaufen. Nach dem Neustart kam die Fehlermeldung: "Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde" - Hier habe ich, wie angegeben, den Rechner neu gestartet, danach war alles in Ordnung. Viele Grüße Mrs.Ju Code:
ATTFilter ComboFix 13-06-12.02 - *** *** 13.06.2013 9:04.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2047.860 [GMT 2:00]
ausgeführt von:: c:\users\*** Gro¯\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\*** ***\GoToAssistDownloadHelper.exe
c:\users\Public\AlexaNSISPlugin.4692.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BrowserDefendert
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-13 bis 2013-06-13 ))))))))))))))))))))))))))))))
.
.
2013-06-12 17:20 . 2013-06-12 17:20 -------- d-----w- c:\users\*** ***\AppData\Roaming\WebCake
2013-06-12 17:20 . 2013-06-12 17:20 -------- d-----w- c:\program files (x86)\WebCake
2013-06-12 17:20 . 2013-06-12 17:20 -------- d-----w- c:\users\*** ***\AppData\Roaming\Open It! - Zip Extractor Packages
2013-06-12 17:20 . 2013-06-12 17:20 -------- d-----w- c:\users\*** ***\AppData\Roaming\DSite
2013-06-12 17:20 . 2013-06-12 17:20 -------- d-----w- c:\programdata\Tarma Installer
2013-06-12 17:03 . 2013-06-12 17:23 -------- d-----w- c:\program files (x86)\Amazon
2013-06-12 17:03 . 2013-06-12 17:25 -------- d-----w- c:\users\*** ***\AppData\Roaming\Systweak
2013-06-12 17:03 . 2013-02-28 14:27 20312 ----a-w- c:\windows\system32\roboot64.exe
2013-06-12 17:01 . 2013-06-12 17:01 -------- d-----w- c:\users\*** ***\AppData\Local\Programs
2013-06-12 16:55 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CBC582EB-E325-422F-93F1-EB6B1D5C5F4C}\mpengine.dll
2013-06-12 16:51 . 2013-06-12 16:51 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-06-12 16:51 . 2013-06-12 16:51 -------- d-----w- c:\windows\SysWow64\Extensions
2013-06-12 16:51 . 2013-06-12 16:51 -------- d-----w- c:\programdata\BrowserDefender
2013-06-12 16:51 . 2013-06-12 16:51 -------- d-----w- c:\users\*** ***\AppData\Roaming\BabSolution
2013-06-12 16:51 . 2013-06-12 16:51 -------- d-----w- c:\program files (x86)\Delta
2013-06-12 16:51 . 2013-06-12 16:51 -------- d-----w- c:\users\*** ***\AppData\Roaming\Delta
2013-06-12 16:50 . 2013-06-12 16:50 -------- d-----w- c:\program files (x86)\FilesFrog Update Checker
2013-06-12 05:05 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 05:05 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 05:05 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-12 05:05 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 05:05 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-11 05:27 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-06 12:29 . 2013-06-06 20:22 -------- d-----w- c:\users\*** ***\AppData\Roaming\Skype
2013-06-06 12:29 . 2013-06-06 20:22 -------- d-----w- c:\programdata\Skype
2013-06-05 13:23 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-06-05 13:23 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-06-05 13:23 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-06-05 13:23 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-06-05 13:23 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-06-05 13:23 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-06-05 13:23 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-06-05 13:23 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-06-05 13:23 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-06-05 04:45 . 2013-06-05 04:46 -------- d-----w- c:\windows\SysWow64\jmdp
2013-06-05 04:45 . 2013-06-05 04:45 -------- d-----w- c:\windows\SysWow64\ARFC
2013-06-05 04:45 . 2013-05-21 13:31 1447728 ----a-w- c:\windows\system32\dmwu.exe
2013-06-05 04:45 . 2013-05-21 13:30 33792 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-06-05 04:45 . 2013-02-05 07:25 829264 ----a-w- c:\windows\system32\msvcr100.dll
2013-06-05 04:45 . 2013-02-05 07:25 608080 ----a-w- c:\windows\system32\msvcp100.dll
2013-06-05 04:45 . 2013-06-05 13:15 -------- d-----w- c:\windows\SysWow64\WNLT
2013-05-21 09:10 . 2013-05-21 09:10 4959800 ----a-w- c:\windows\SysWow64\LxXtreme110.dll
2013-05-21 09:10 . 2013-05-21 09:10 104504 ----a-w- c:\windows\SysWow64\LxUISettingsN100.dll
2013-05-21 09:10 . 2013-05-21 09:10 26168 ----a-w- c:\windows\SysWow64\LxTPSW100.dll
2013-05-21 09:10 . 2013-05-21 09:10 1362488 ----a-w- c:\windows\SysWow64\LxTool111.dll
2013-05-21 09:10 . 2013-05-21 09:10 63544 ----a-w- c:\windows\SysWow64\LxPXTree100.dll
2013-05-21 09:10 . 2013-05-21 09:10 127544 ----a-w- c:\windows\SysWow64\LxMail100.dll
2013-05-21 09:10 . 2013-05-21 09:10 49720 ----a-w- c:\windows\SysWow64\LXCurr100.dll
2013-05-21 09:10 . 2013-05-21 09:10 68152 ----a-w- c:\windows\SysWow64\LxCI12.dll
2013-05-21 09:10 . 2013-05-21 09:10 207928 ----a-w- c:\windows\SysWow64\LxBasics100.dll
2013-05-21 04:31 . 2013-05-21 04:31 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C054F3B5-DD62-4996-B67F-40D77ADE61EE}\gapaengine.dll
2013-05-20 19:14 . 2013-05-20 19:14 49720 ----a-w- c:\windows\SysWow64\FKStampPainter20.dll
2013-05-15 05:28 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 05:28 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 05:28 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 05:27 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 05:27 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 05:27 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 05:27 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 05:27 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 05:27 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 05:27 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 05:27 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 05:27 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-14 17:52 . 2013-05-14 18:12 -------- d-----w- c:\users\*** ***\Eigene Routen
2013-05-14 17:52 . 2013-05-14 18:16 -------- d-----w- c:\users\*** ***\.hgt
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 14:44 . 2011-11-04 18:04 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 07:56 . 2012-04-16 04:09 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 07:56 . 2011-11-04 17:47 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-24 05:32 . 2012-02-13 06:38 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-13 05:49 . 2013-05-15 05:28 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 05:28 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 05:28 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 05:28 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 05:28 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 05:28 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 05:27 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-26 17:18 . 2013-03-26 17:19 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-26 17:18 . 2012-06-06 08:10 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-26 17:18 . 2011-11-04 17:48 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-21 14:29 . 2013-03-21 14:29 139320 ----a-w- c:\windows\SysWow64\LXReportManage.ocx
2013-03-21 14:29 . 2013-03-21 14:29 74808 ----a-w- c:\windows\SysWow64\LxDNTvm100.dll
2013-03-21 14:29 . 2013-03-21 14:29 207928 ----a-w- c:\windows\SysWow64\LXPrnUtil10.dll
2013-03-21 14:29 . 2013-03-21 14:29 138808 ----a-w- c:\windows\SysWow64\LxDNTvmc100.dll
2013-03-21 14:29 . 2013-03-21 14:29 319032 ----a-w- c:\windows\SysWow64\LxDNT100.dll
2013-03-19 06:04 . 2013-04-10 09:54 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 09:54 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 09:54 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 09:54 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 09:54 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 09:54 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-18 14:44 . 2013-03-18 14:44 1361464 ----a-w- c:\windows\SysWow64\LxTool110.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}]
2013-06-07 20:55 197912 ----a-w- c:\program files (x86)\WebCake\WebCakeIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-05-20 10:02 295832 ----a-w- c:\program files (x86)\Delta\delta\1.8.21.5\bh\delta.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 13:03 1310040 ----a-w- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll" [2013-05-20 284056]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ChromeFrameHelper"="c:\users\*** ***\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe" [2013-05-29 82896]
"SDP"="c:\program files (x86)\FilesFrog Update Checker\update_checker.exe" [2013-01-31 201808]
"WebCake Desktop"="c:\users\*** ***\AppData\Roaming\WebCake\WebCakeDesktop.exe" [2013-06-07 47896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NA1Messenger"="c:\ups\WSTD\UPSNA1Msgr.exe" [2010-12-09 24576]
"Share-to-Web Namespace Daemon"="c:\program files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UPS WorldShip Messaging Utility.lnk - c:\ups\WSTD\WSTDMessaging.exe [2010-12-9 422912]
UPS WorldShip PLD Reminder Utility.lnk - c:\ups\WSTD\wstdPldReminder.exe [2010-12-9 34304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BROWSE~1\261339~1.144\{C16C1~1\BrowserDefender.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"LexwareInfoService"=c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
.
R0 AFS;AFS; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe;c:\windows\SYSNATIVE\dmwu.exe [x]
S2 OKI OPHD DCS Loader;OKI OPHD DCS Loader;c:\windows\system32\spool\DRIVERS\x64\3\OPHDLDCS.EXE;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\OPHDLDCS.EXE [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [x]
S2 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files (x86)\WebCake\WebCakeDesktop.Updater.exe;c:\program files (x86)\WebCake\WebCakeDesktop.Updater.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 07:56]
.
2013-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-18 08:53]
.
2013-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-18 08:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=22CCE0CB4EB58C70
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 217.0.43.113 217.0.43.97
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\SysWOW64\jmdp\stij.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-13 09:16:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-06-13 07:16
.
Vor Suchlauf: 10 Verzeichnis(se), 430.277.382.144 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 429.747.781.632 Bytes frei
.
- - End Of File - - A9D0E7810D4C75342CE4AF4C760550AF
A36C5E4F47E84449FF07ED3517B43A31
|
|
13.06.2013, 11:10
| #6 |
| /// Malware-holic | Fenster mit wssetup.exe Perion Ltd. geht nach dem Hochfahren auf und ich soll installieren ? Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ --> Fenster mit wssetup.exe Perion Ltd. geht nach dem Hochfahren auf und ich soll installieren ? |
|
13.06.2013, 15:06
| #7 |
| | Fenster mit wssetup.exe Perion Ltd. geht nach dem Hochfahren auf und ich soll installieren ? Hallo, so, das wäre auch geschafft ... dauert bei mir leider ein wenig länger, da ich nicht permanent dranbleiben kann. hier das Logfile aus Malwarebytes Anti-Malware es wurde 1 Datei gefunden, die ich entfernt habe. Lg Mrs.Ju Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.13.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16614 Jutta Groß :: JUTTA [Administrator] Schutz: Aktiviert 13.06.2013 14:59:59 mbam-log-2013-06-13 (14-59-59).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 430289 Laufzeit: 1 Stunde(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Noch eine Info: Nach der Entfernung der gefundenen Datei war (lt. Malwarebytes) ein Neustart erforderlich ... noch konnten wir den Bösewicht nicht ins Aus befördern, aber ich bin guter Dinge  Lg Mrs.Ju |
|
13.06.2013, 18:28
| #8 |
| /// Malware-holic | Fenster mit wssetup.exe Perion Ltd. geht nach dem Hochfahren auf und ich soll installieren ? hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.06.2013, 07:34
| #9 |
| | Fenster mit wssetup.exe Perion Ltd. geht nach dem Hochfahren auf und ich soll installieren ? Hallo, hier nun die Liste mit den Programmen. Nochmals vielen Dank, dass Sie sich solche Mühe machen. Lg Mrs.Ju Code:
ATTFilter 2007 Microsoft Office system Microsoft Corporation 05.11.2011 12.0.6612.1000 notwendig
Adobe AIR Adobe Systems Incorporated 04.11.2011 3.0.0.4080 notwendig
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 12.06.2013 6,00MB 11.7.700.224 notwendig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 12.06.2013 6,00MB 11.7.700.224 notwendig
Adobe Reader XI (11.0.03) - Deutsch Adobe Systems Incorporated 16.05.2013 133MB 11.0.03 notwendig
Adobe Shockwave Player 11.6 Adobe Systems, Inc. 04.11.2011 11.6.1.629 unbekannt
BrowserDefender Bit89 Inc 12.06.2013 unbekannt
Bundled software uninstaller 12.06.2013 unbekannt
CCleaner Piriform 24.05.2013 4.02 notwendig
CDBurnerXP CDBurnerXP 04.11.2011 19,0MB 4.3.9.2762 notwendig
CuteFTP 8 Home GlobalSCAPE 22.11.2011 8.3.4 notwendig
dakota.ag ITSG 21.12.2012 5.2.0.8 notwendig
Delta Chrome Toolbar Visual Tools 12.06.2013 unnötig
Delta toolbar Delta 12.06.2013 1.8.21.5 unnötig
FilesFrog Update Checker 12.06.2013 unbekannt
GLS UniConverter GLS IT Services GmbH 13.08.2012 notwendig
Google Chrome Google Inc. 27.12.2011 27.0.1453.110 notwendig
Google Chrome Frame Google Inc. 19.06.2012 27.0.1453.110 unbekannt
Google Earth Google 27.03.2013 173MB 7.0.3.8542 unnötig
GS ShopBuilder Pro Plus 11 GS Software AG 05.11.2011 11.0.0 notwendig
HP Photo and Imaging 2.2 - Scanjet 3970 Series {&Tahoma8}Hewlett-Packard 29.11.2011 110MB 2.2.0000 notwendig
HP Speicher-Disc Hewlett-Packard Company 29.11.2011 22,6MB 1.0.4.805 notwendig
IB Updater Service 05.06.2013 3.0.5.4 unbekannt
ICCHelp UPS 04.11.2011 0,99MB 1.0.0.2 unbekannt
Internet Explorer Toolbar 4.6 by SweetPacks SweetIM Technologies Ltd. 31.08.2012 4,27MB 4.6.0004 notwendig
Java 7 Update 17 Oracle 26.03.2013 129MB 7.0.170 notwendig
Java(TM) 6 Update 30 Oracle 09.07.2012 97,3MB 6.0.300 notwendig (? oder reicht das neueste Update )
JavaFX 2.1.1 Oracle Corporation 26.06.2012 20,8MB 2.1.1 unbekannt
Lexware anlagen scan 2010 Lexware GmbH & Co. KG 05.04.2012 38,7MB 1.00.00.0056 notwendig
Lexware Elster Haufe-Lexware GmbH & Co.KG 07.06.2013 106MB 13.11.00.0034 notwendig
Lexware financial office premium 2013 Haufe-Lexware GmbH Co.KG 10.06.2013 1,28GB 13.50.00.0308 notwendig
Lexware Info Service Haufe-Lexware GmbH & Co.KG 21.12.2012 12,3MB 2.90.00.0009 notwendig
Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 13.06.2013 19,2MB 1.75.0.1300 notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 04.11.2011 38,8MB 4.0.30319 unbekannt (wir benötigen alles für Windows 7 professional - was genau von Microsoft erforderlich ist, weiß ich nicht - ich setzte alles auf unbekannt, mit fällt noch ein, dass LEXWARE dieses "Framework" benötigt)
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 02.05.2012 2,93MB 4.0.30319 unbekannt
Microsoft .NET Framework 4 Extended Microsoft Corporation 02.05.2012 51,9MB 4.0.30319 unbekannt
Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 02.05.2012 10,6MB 4.0.30319 unbekannt
Microsoft Office File Validation Add-In Microsoft Corporation 05.11.2011 7,95MB 14.0.5130.5003 unbekannt
Microsoft Office Live Add-in 1.5 Microsoft Corporation 26.04.2012 508KB 2.0.4024.1 unbekannt
Microsoft Security Essentials Microsoft Corporation 25.02.2013 4.2.223.1 notwendig
Microsoft Silverlight Microsoft Corporation 13.03.2013 50,6MB 5.1.20125.0 unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 24.01.2012 250KB 8.0.50727.4053 unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 04.11.2011 298KB 8.0.56336 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 21.12.2012 234KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 16.12.2011 588KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.12.2011 594KB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 17.12.2011 15,0MB 10.0.40219 unbekannt
Microsoft WSE 3.0 Runtime Microsoft Corp. 04.11.2011 942KB 3.0.5305.0 unbekannt
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 04.11.2011 1,27MB 4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 04.11.2011 1,33MB 4.20.9876.0 unbekannt
NetObjects Fusion 8 04.11.2011 8 notwendig
Notepad++ 04.11.2011 5.9.6 notwendig
NVIDIA 3D Vision Treiber 311.06 NVIDIA Corporation 13.04.2013 311.06 notwendig
NVIDIA Grafiktreiber 311.06 NVIDIA Corporation 13.04.2013 311.06 notwendig
NVIDIA Update 1.11.3 NVIDIA Corporation 13.04.2013 1.11.3 notwendig
Open It! - Zip Extractor Packages 12.06.2013 unbekannt
Paint.NET v3.5.10 dotPDN LLC 04.11.2011 10,7MB 3.60.0 unbekannt
PDFCreator Frank Heindörfer, Philip Chinery 04.11.2011 1.2.3 notwendig
RENESIS® Player Browser Plugins examotion® GmbH 05.04.2012 1,83MB 1.1.1 unbekannt
SweetIM for Messenger 3.7 SweetIM Technologies Ltd. 31.08.2012 4,93MB 3.7.0005 unbekannt
TuneUp Utilities 2011 TuneUp Software 27.12.2011 10.0.4500.49 notwendig
Ulead PhotoImpact XL Ulead System 05.11.2011 8.5 notwendig
Update Manager for SweetPacks 1.1 SweetIM Technologies Ltd. 31.08.2012 2,76MB 1.1.0008 unbekannt
UPS WorldShip UPS 04.11.2011 14.0 notwendig
VLC media player 1.1.11 VideoLAN 04.11.2011 1.1.11 notwendig
WebCake 3.00 WebCake LLC 12.06.2013 1,42MB 3.00 unbekannt
WebHelp UPS 04.11.2011 1.00.0000 unbekannt
WinRAR 4.00 (64-Bit) win.rar GmbH 04.11.2011 4.00.0 notwendig
|
|
14.06.2013, 11:20
| #10 |
| /// Malware-holic | Fenster mit wssetup.exe Perion Ltd. geht nach dem Hochfahren auf und ich soll installieren ? bHi, allgemein: Software nur vom hersteller laden, benutzerdefiniert instalieren, toolbars, und drittanbieter abwählen, evtl. via kurzer Google suche informieren ob sie was zusätzliches instaliert bzw in den AGB's deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Adobe Shockwave BrowserDefender Bundled Delta : beide FilesFrog Google Earth IB Updater Internet Explorer Toolbar : bitte auch weg damit, keine Toolbars nutzen. Java : alle downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Paint.NET SweetIM TuneUp : bitte verzichte auf "tuning" software, sie bringt fast nie messbare Verbesserungen und einige Funktionen können dem System schaden. Update Manager WebCake WebHelp UPS Öffne bitte CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.06.2013, 13:48
| #11 |
| | Fenster mit wssetup.exe Perion Ltd. geht nach dem Hochfahren auf und ich soll installieren ? Hallo, da bin ich wieder. habe alles brav nach Anweisung gelöscht. Einziger "Zwischenfall" JAVA meldet zwar "erfolgreich installiert" aber dann öffnete sich ein Fenster mit "Browser Launch Error3" Für mich sieht es aber so aus, als ob alles installiert ist. Dann der mit Spannung erwartete Neustart ... und siehe da: NIX wssetup ist WEG ... ich hatte mich schon fast daran gewöhnt   Hier die Zusammenfassung aus AdwCleaner: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 14/06/2013 um 14:29:53 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : ***
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\******\Downloads\Trojaner Board\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\***AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\***\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\***\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\***\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\XingHaoLyrics
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5948d8ae63abd14
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16611
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v27.0.1453.110
Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [6737 octets] - [14/06/2013 14:29:53]
########## EOF - C:\AdwCleaner[S1].txt - [6797 octets] ##########
Geändert von Mrs.Ju (14.06.2013 um 13:54 Uhr) |
|
14.06.2013, 13:50
| #12 |
| /// Malware-holic | Fenster mit wssetup.exe Perion Ltd. geht nach dem Hochfahren auf und ich soll installieren ? Na, wir könnens auch wiederherstellen, nicht das du am WE weinend vor dem PC sitzt? lade mal bitte Hitmanpro: HitmanPro - Download - Filepony Doppelklick, Scan klicken. Nichts löschen, weiter klicken. Log speichern, und posten, bzw als xml exportieren, packen und anhängen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.06.2013, 14:04
| #13 |
| | Fenster mit wssetup.exe Perion Ltd. geht nach dem Hochfahren auf und ich soll installieren ? Ja, darüber habe ich gar nicht nachgedacht  das wird ja sicher ganz schön langweilig. Aber Spaß beiseite  HitmanPro läuft ... hier das Ergebnis: Code:
ATTFilter
... irgendwas Gutes für Dummies, die nicht viel Ahnung haben. Was mich auch interessieren würde, wo kommt der Virus eigentlich her? Was bezweckt er ? |
|
14.06.2013, 14:36
| #14 |
| /// Malware-holic | Fenster mit wssetup.exe Perion Ltd. geht nach dem Hochfahren auf und ich soll installieren ? Hi, 1. lösch mal alle Hitmanpro funde, starte neu, poste ein neues OTL Log. 2. Absicherung kommt nach diesem OTL Log. 3. bitte nur Programme vom Hersteller laden, benutzerdefiniert instalieren, drittanbietersoftware und toolbars abwählen. agbs lesen bzw google befragen ob die zu instalierene software adware enthält, daher kommt dein Problem wohl.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.06.2013, 16:41
| #15 |
| | Fenster mit wssetup.exe Perion Ltd. geht nach dem Hochfahren auf und ich soll installieren ? Hallihallo hier das OTL Logfile Code:
ATTFilter OTL logfile created on: 14.06.2013 16:02:04 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*** ***\Downloads\Trojaner Board 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,77 Gb Available Physical Memory | 38,73% Memory free 4,00 Gb Paging File | 2,41 Gb Available in Paging File | 60,17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 398,57 Gb Free Space | 85,59% Space Free | Partition Type: NTFS Drive D: | 186,31 Gb Total Space | 146,23 Gb Free Space | 78,49% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*** ***\Downloads\Trojaner Board\OTL.exe (OldTimer Tools) PRC - C:\Users\*** ***\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe (Google Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\UPS\WSTD\WSTDMessaging.exe () PRC - C:\UPS\WSTD\UPSNA1Msgr.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll () MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll () MOD - C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL () MOD - C:\PROGRA~2\MIF5BA~1\Office12\ADDINS\UMOUTL~1.DLL () MOD - C:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_de_b77a5c561934e089\System.Data.resources.dll () MOD - C:\UPS\WSTD\WSTDMessaging.exe () MOD - C:\UPS\WSTD\UPSNA1Msgr.exe () MOD - C:\UPS\WSTD\POLICYMGR\UPS.Components.NA1MessengerServer.dll () MOD - C:\UPS\WSTD\POLICYMGR\Microsoft.ApplicationBlocks.Data.dll () MOD - C:\UPS\WSTD\POLICYMGR\UPS.Components.PolicyHolder.dll () MOD - C:\UPS\WSTD\UPSResourceManager.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll () MOD - C:\PROGRA~2\MIF5BA~1\Office12\ADDINS\COLLEA~1.DLL () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe () ========== Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (OKI OPHD DCS Loader) -- C:\Windows\SysNative\spool\drivers\x64\3\OPHDLDCS.EXE (Oki Data Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (HitmanProScheduler) -- C:\Programme\HitmanPro\hmpsched.exe (SurfRight B.V.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (OKI OPHD DCS Loader) -- C:\Windows\system32\spool\DRIVERS\x64\3\OPHDLDCS.EXE (Oki Data Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV - (AFS) -- C:\Windows\SysWow64\drivers\AFS.SYS (Oak Technology Inc.) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 81 3A 7C 21 9B CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{86456CA8-4477-49FB-A649-900FD117BDD4}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=F361C762-0E8E-4508-B8A9-267353163E58&apn_sauid=0738B553-CF2D-4B03-9126-0ED878A380CF IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*** ***\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*** ***\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) [2012.01.20 14:50:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.11.04 19:48:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\*** Gro\u00DF\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\*** Gro\u00DF\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\*** Gro\u00DF\AppData\Local\Google\Chrome\Application\27.0.1453.110\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: Google Update (Enabled) = C:\Users\*** Gro\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\*** ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\*** ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Google Mail = C:\Users\*** ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: YouTube = C:\Users\*** ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\*** ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Google Mail = C:\Users\*** ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013.06.13 09:12:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NA1Messenger] C:\UPS\WSTD\UPSNA1Msgr.exe () O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard) O4 - HKCU..\Run: [ChromeFrameHelper] C:\Users\*** ***\AppData\Local\Google\Chrome\Application\27.0.1453.110\chrome_frame_helper.exe (Google Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.113 217.0.43.97 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F7698C4-D9DB-47BE-82BC-DD7E8C1C534C}: DhcpNameServer = 217.0.43.113 217.0.43.97 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browserdefender.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.14 15:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2013.06.14 14:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.06.14 13:53:50 | 001,092,512 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.06.14 13:53:50 | 000,971,680 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013.06.14 13:53:50 | 000,311,200 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.06.14 13:53:46 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.06.14 13:53:46 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.06.14 13:53:46 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.06.14 13:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.06.14 13:49:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.06.14 13:42:20 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.06.14 13:42:20 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.06.14 08:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.06.14 08:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.06.13 14:58:16 | 000,000,000 | ---D | C] -- C:\Users\*** ***\AppData\Roaming\Malwarebytes [2013.06.13 14:58:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.06.13 14:58:10 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.06.13 14:58:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.06.13 14:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.13 09:16:18 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.06.13 09:12:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.06.13 09:02:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.06.13 09:02:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.06.13 09:02:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.06.13 08:53:20 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.06.13 08:52:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.06.12 20:23:51 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.06.12 19:20:21 | 000,000,000 | ---D | C] -- C:\Users\*** ***\AppData\Roaming\Open It! - Zip Extractor Packages [2013.06.12 19:03:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon [2013.06.12 19:03:13 | 000,000,000 | ---D | C] -- C:\Users\*** ***\AppData\Roaming\Systweak [2013.06.12 19:03:12 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe [2013.06.12 19:01:04 | 000,000,000 | ---D | C] -- C:\Users\*** ***\AppData\Local\Programs [2013.06.12 18:51:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.06.12 18:51:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.06.12 18:51:22 | 000,000,000 | ---D | C] -- C:\Users\*** ***\Local Settings [2013.06.12 16:44:05 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.06.12 16:44:04 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.06.12 16:44:03 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.06.12 16:44:03 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.06.12 16:44:03 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.06.12 16:44:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.06.12 16:44:03 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.06.12 16:44:03 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.06.12 16:44:03 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.06.12 16:44:02 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.06.12 16:44:02 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.06.12 16:44:01 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.06.12 16:44:01 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.06.12 16:44:01 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.06.12 16:44:00 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.06.12 07:05:07 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.06.12 07:05:07 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.06.12 07:05:05 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll [2013.06.12 07:05:05 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll [2013.06.12 07:04:58 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.06.12 07:04:54 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.06.12 07:04:54 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe [2013.06.12 07:04:54 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe [2013.06.12 07:04:53 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013.06.12 07:04:53 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll [2013.06.12 07:04:53 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll [2013.06.12 07:04:45 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.06.12 07:04:45 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.06.06 14:29:28 | 000,000,000 | ---D | C] -- C:\Users\*** ***\AppData\Roaming\Skype [2013.06.06 14:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2013.06.05 15:24:43 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2013.06.05 15:24:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2013.06.05 15:24:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2013.06.05 15:24:40 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2013.06.05 15:24:40 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys [2013.06.05 15:24:40 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2013.06.05 15:24:37 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.06.05 15:24:37 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.06.05 15:24:37 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2013.06.05 15:24:37 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2013.06.05 15:24:37 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2013.06.05 15:24:37 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2013.06.05 15:24:37 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2013.06.05 15:24:37 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.06.05 15:24:37 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2013.06.05 15:24:37 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.06.05 15:24:37 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2013.06.05 15:24:37 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2013.06.05 15:24:36 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2013.06.05 15:24:36 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2013.06.05 15:24:36 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2013.06.05 15:24:36 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2013.06.05 15:24:35 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2013.06.05 15:24:34 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.06.05 15:24:34 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.06.05 15:23:47 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2013.06.05 15:23:47 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2013.06.05 15:23:46 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2013.06.05 15:13:12 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.06.05 15:13:12 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.06.05 15:13:12 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.06.05 15:13:12 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.06.05 15:13:12 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.06.05 15:13:12 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.06.05 15:13:12 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.06.05 15:13:12 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.06.05 15:13:12 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.06.05 15:13:12 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.06.05 15:13:11 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.06.05 15:13:11 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.06.05 15:13:11 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.06.05 15:13:11 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.06.05 15:13:11 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.06.05 15:13:11 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.06.05 15:13:11 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.06.05 15:13:10 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.06.05 15:13:10 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.06.05 15:13:10 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.06.05 15:13:10 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.06.05 15:13:10 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.06.05 15:13:10 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.06.05 15:13:10 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.06.05 15:13:10 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.06.05 15:13:10 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.06.05 15:13:10 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.06.05 15:13:10 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.06.05 15:13:10 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.06.05 15:13:10 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.06.05 15:13:10 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.06.05 15:13:10 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.06.05 15:13:09 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.06.05 15:13:09 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.06.05 15:13:09 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.06.05 15:13:09 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.06.05 15:13:09 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.06.05 15:13:09 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.06.05 15:13:09 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.06.05 15:13:09 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.06.05 15:13:09 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.06.05 15:13:09 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.06.05 15:13:09 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.06.05 15:13:09 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.06.05 15:13:09 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.06.05 15:13:09 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.06.05 15:13:09 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.06.05 15:13:09 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.06.05 15:13:09 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.06.05 15:13:09 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.06.05 15:13:09 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.06.05 15:13:09 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.06.05 15:13:08 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.06.05 06:45:58 | 000,829,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll [2013.06.05 06:45:58 | 000,608,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp100.dll [2013.05.21 11:10:32 | 004,959,800 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxXtreme110.dll [2013.05.21 11:10:30 | 000,104,504 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxUISettingsN100.dll [2013.05.21 11:10:28 | 001,362,488 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxTool111.dll [2013.05.21 11:10:28 | 000,026,168 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxTPSW100.dll [2013.05.21 11:10:26 | 000,063,544 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxPXTree100.dll [2013.05.21 11:10:24 | 000,127,544 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxMail100.dll [2013.05.21 11:10:16 | 000,049,720 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LXCurr100.dll [2013.05.21 11:10:12 | 000,207,928 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxBasics100.dll [2013.05.21 11:10:12 | 000,068,152 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxCI12.dll [2013.05.20 21:14:44 | 000,049,720 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\FKStampPainter20.dll ========== Files - Modified Within 30 Days ========== [2013.06.14 15:18:01 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.14 14:39:01 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.14 14:39:01 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.14 14:32:04 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.14 14:31:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.14 14:31:39 | 1609,965,568 | -HS- | M] () -- C:\hiberfil.sys [2013.06.14 14:01:45 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.06.14 14:01:45 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.06.14 13:53:39 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.06.14 13:53:37 | 000,311,200 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.06.14 13:53:37 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.06.14 13:53:37 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.06.14 13:53:36 | 001,092,512 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.06.14 13:53:36 | 000,971,680 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013.06.14 13:42:20 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.06.14 13:42:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.06.13 14:48:03 | 000,000,050 | ---- | M] () -- C:\Users\*** ***\AppData\Roaming\Opusbext.dat [2013.06.13 09:12:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.06.12 20:06:53 | 000,000,000 | ---- | M] () -- C:\Users\*** ***\defogger_reenable [2013.06.11 17:22:17 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET [2013.06.05 15:13:12 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.06.05 15:13:12 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.06.05 15:13:12 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.06.05 15:13:12 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.06.05 15:13:12 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.06.05 15:13:12 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.06.05 15:13:12 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.06.05 15:13:12 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.06.05 15:13:12 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.06.05 15:13:12 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.06.05 15:13:11 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.06.05 15:13:11 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.06.05 15:13:11 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.06.05 15:13:11 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.06.05 15:13:11 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.06.05 15:13:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.06.05 15:13:11 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.06.05 15:13:11 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.06.05 15:13:10 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.06.05 15:13:10 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.06.05 15:13:10 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.06.05 15:13:10 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.06.05 15:13:10 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.06.05 15:13:10 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.06.05 15:13:10 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.06.05 15:13:10 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.06.05 15:13:10 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.06.05 15:13:10 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.06.05 15:13:10 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.06.05 15:13:10 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.06.05 15:13:10 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.06.05 15:13:10 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.06.05 15:13:10 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.06.05 15:13:10 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.06.05 15:13:09 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.06.05 15:13:09 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.06.05 15:13:09 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.06.05 15:13:09 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.06.05 15:13:09 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.06.05 15:13:09 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.06.05 15:13:09 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.06.05 15:13:09 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.06.05 15:13:09 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.06.05 15:13:09 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.06.05 15:13:09 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.06.05 15:13:09 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.06.05 15:13:09 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.06.05 15:13:09 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.06.05 15:13:09 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.06.05 15:13:09 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.06.05 15:13:09 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.06.05 15:13:09 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.06.05 15:13:09 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.06.05 15:13:09 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.06.05 15:13:08 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.06.04 06:55:21 | 000,383,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.29 15:43:15 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.29 15:43:15 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.29 15:43:15 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.29 15:43:15 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.29 15:43:15 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.21 11:10:32 | 004,959,800 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxXtreme110.dll [2013.05.21 11:10:30 | 000,104,504 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxUISettingsN100.dll [2013.05.21 11:10:28 | 001,362,488 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxTool111.dll [2013.05.21 11:10:28 | 000,026,168 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxTPSW100.dll [2013.05.21 11:10:26 | 000,063,544 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxPXTree100.dll [2013.05.21 11:10:24 | 000,127,544 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxMail100.dll [2013.05.21 11:10:16 | 000,049,720 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LXCurr100.dll [2013.05.21 11:10:12 | 000,207,928 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxBasics100.dll [2013.05.21 11:10:12 | 000,068,152 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxCI12.dll [2013.05.20 21:14:44 | 000,049,720 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\FKStampPainter20.dll [2013.05.18 09:56:36 | 000,000,030 | ---- | M] () -- C:\Windows\Iedit.INI [2013.05.17 03:25:27 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.17 03:25:26 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.17 03:25:26 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.05.17 03:25:26 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.05.17 03:25:26 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.05.17 02:59:12 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.05.17 02:58:20 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.17 02:58:10 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.17 02:58:10 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.17 02:58:08 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.17 02:58:08 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.05.17 02:58:08 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.05.17 02:58:08 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll ========== Files Created - No Company Name ========== [2013.06.13 09:02:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.06.13 09:02:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.06.13 09:02:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.06.13 09:02:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.06.13 09:02:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.06.12 20:06:53 | 000,000,000 | ---- | C] () -- C:\Users\*** ***\defogger_reenable [2013.06.05 15:13:10 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.06.05 15:13:09 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.21 16:29:42 | 000,207,928 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2013.03.21 16:29:42 | 000,138,808 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll [2013.03.21 16:29:42 | 000,074,808 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll [2013.03.21 16:29:40 | 000,319,032 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll [2012.05.02 11:13:44 | 000,000,121 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.12.15 10:10:04 | 000,000,079 | ---- | C] () -- C:\Windows\GSSBProPlus.INI [2011.11.17 07:54:30 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit.INI [2011.11.14 12:28:58 | 000,000,050 | ---- | C] () -- C:\Users\*** ***\AppData\Roaming\Opusbext.dat [2011.11.12 16:19:56 | 000,000,042 | -H-- | C] () -- C:\Windows\SysWow64\_sbkzcu.dat [2011.11.05 13:59:52 | 000,004,008 | ---- | C] () -- C:\Windows\ULEAD32.INI [2011.11.04 20:18:40 | 000,000,160 | ---- | C] () -- C:\Windows\wstdUPSWSHIP.INI [2011.11.04 20:18:38 | 000,001,076 | ---- | C] () -- C:\Windows\ODBC.INI [2011.11.04 19:55:57 | 001,590,370 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.11.04 19:49:36 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
| Themen zu Fenster mit wssetup.exe Perion Ltd. geht nach dem Hochfahren auf und ich soll installieren ? |
| adobe, adobe reader xi, anlage, autorun, bho, browserdefendert, delta chrome toolbar, error, explorer, firefox, flash player, format, google, helper.exe, homepage, iexplore.exe, install.exe, logfile, msiexec.exe, neustart, nvidia, object, plug-in, realtek, registry, rundll, scan, security, software, somoto, svchost.exe, tarma, udp, ups, webcake, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
