|
Plagegeister aller Art und deren Bekämpfung: wssetup von perion network ltd kommt immer nach Start des PCWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
15.06.2013, 18:35 | #1 |
| wssetup von perion network ltd kommt immer nach Start des PC Hallo zusammen, Nach dem Start von Windows 7 kommt immer die Installationsaufforderung von wssetup.exe. Wie ich hier gelesen habe, bin ich ja nicht der einzige. Deshalb habe ich auch direkt OTL ausgeführt. Hier das Ergebnis OTL.txt OTL logfile created on: 15.06.2013 18:53:36 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hans-Werner\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 55,55% Memory free 5,99 Gb Paging File | 3,65 Gb Available in Paging File | 60,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 890,41 Gb Total Space | 281,08 Gb Free Space | 31,57% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 26,96 Gb Free Space | 67,41% Space Free | Partition Type: NTFS Drive F: | 279,47 Gb Total Space | 82,54 Gb Free Space | 29,53% Space Free | Partition Type: NTFS Computer Name: HANS-WERNER1 | User Name: Hans-Werner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.15 18:51:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hans-Werner\Desktop\OTL.exe PRC - [2013.06.15 18:45:00 | 000,050,477 | ---- | M] () -- C:\Users\Hans-Werner\Desktop\Defogger.exe PRC - [2013.05.31 19:31:51 | 000,047,896 | ---- | M] (WebCake LLC) -- C:\Users\Hans-Werner\AppData\Roaming\WebCake\WebCakeDesktop.exe PRC - [2013.05.31 19:31:51 | 000,023,552 | ---- | M] (WebCake LLC) -- C:\Programme\WebCake\WebCakeDesktop.Updater.exe PRC - [2013.05.29 07:27:40 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe PRC - [2013.05.27 10:58:08 | 000,016,176 | ---- | M] () -- C:\Windows\System32\jmdp\stij.exe PRC - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe PRC - [2013.05.21 16:03:12 | 001,226,928 | ---- | M] (AVG Secure Search) -- C:\Programme\AVG Secure Search\vprot.exe PRC - [2013.05.21 16:03:12 | 001,015,984 | ---- | M] (AVG Secure Search) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe PRC - [2013.05.21 15:31:12 | 001,167,152 | ---- | M] () -- C:\Windows\System32\dmwu.exe PRC - [2013.05.16 20:34:58 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.05.16 20:26:07 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.145\GoogleCrashHandler.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.08 08:18:34 | 002,852,640 | ---- | M] (Conduit) -- C:\Users\Hans-Werner\AppData\Roaming\SearchProtect\bin\cltmng.exe PRC - [2013.04.22 13:54:54 | 000,526,144 | ---- | M] (Deutsche Telekom AG) -- C:\Users\Hans-Werner\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe PRC - [2013.04.11 16:28:08 | 000,093,984 | ---- | M] (Conduit) -- C:\Programme\SearchProtect\bin\CltMngSvc.exe PRC - [2013.03.30 12:10:10 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.30 12:10:01 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.03.30 12:10:00 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.03.11 18:22:28 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2013.01.28 17:17:53 | 000,040,960 | ---- | M] () -- C:\Users\Hans-Werner\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe PRC - [2013.01.10 23:10:44 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2013.01.10 23:10:41 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2013.01.10 15:35:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.08.15 20:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe PRC - [2012.07.02 11:18:42 | 000,525,776 | ---- | M] (Abelssoft) -- C:\Programme\CheckDrive\CheckDriveBackgroundGuard.exe PRC - [2012.06.28 17:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe PRC - [2012.04.25 10:31:56 | 000,753,704 | ---- | M] () -- C:\Programme\abylonsoft\Backup-Tube\BackupBoxService.EXE PRC - [2011.10.07 11:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPointP\SetPoint.exe PRC - [2011.09.27 21:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL3\KHALMNPR.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.11.20 14:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2010.01.11 09:14:28 | 000,303,104 | ---- | M] (Wistron Corporation) -- C:\Programme\RemoteKeySrv\RemoteKeySrv.exe PRC - [2009.12.29 19:50:10 | 000,678,432 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2009.12.24 13:38:22 | 005,575,168 | ---- | M] (Chicony) -- C:\Windows\CNYHKey.exe PRC - [2009.12.23 22:10:36 | 000,167,008 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\YouCam\YouCamTray.exe PRC - [2009.12.09 18:02:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009.12.09 18:02:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe PRC - [2009.11.02 15:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.07.14 03:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe PRC - [2009.07.14 03:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe PRC - [2009.07.01 18:03:12 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2009.07.01 18:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2009.07.01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2008.05.07 15:28:32 | 000,591,696 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe PRC - [2008.04.23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe PRC - [2007.01.08 14:51:56 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModLEDKey.exe PRC - [2005.07.29 13:13:52 | 000,638,976 | ---- | M] (Ralink Technology, Corp.) -- C:\Programme\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE ========== Modules (No Company Name) ========== MOD - [2013.06.15 18:45:00 | 000,050,477 | ---- | M] () -- C:\Users\Hans-Werner\Desktop\Defogger.exe MOD - [2013.06.15 12:12:28 | 013,140,872 | ---- | M] () -- C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll MOD - [2013.05.29 07:27:38 | 000,393,168 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\ppgooglenaclpluginchrome.dll MOD - [2013.05.29 07:27:35 | 004,051,408 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\pdf.dll MOD - [2013.05.29 07:26:40 | 000,599,504 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\libglesv2.dll MOD - [2013.05.29 07:26:39 | 000,124,368 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\libegl.dll MOD - [2013.05.29 07:26:36 | 001,597,392 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll MOD - [2013.05.27 10:58:08 | 000,016,176 | ---- | M] () -- C:\Windows\System32\jmdp\stij.exe MOD - [2013.05.27 10:56:42 | 000,382,976 | ---- | M] () -- C:\Windows\System32\jmdp\lmrn.dll MOD - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe MOD - [2013.05.23 11:09:01 | 002,521,040 | ---- | M] () -- c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll MOD - [2013.05.21 16:03:12 | 000,158,384 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\SiteSafety.dll MOD - [2013.05.17 10:39:27 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\019ed4a55ecc7d1f5b933c27970dce9b\System.Runtime.DurableInstancing.ni.dll MOD - [2013.05.17 10:39:25 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2609614ca03927f7a99418c74844059b\System.Runtime.Serialization.ni.dll MOD - [2013.05.17 10:33:48 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f878765b06a1d56b04f4bd23a9c60985\System.Windows.Forms.ni.dll MOD - [2013.05.17 10:33:27 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll MOD - [2013.05.17 10:33:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.05.16 23:41:43 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll MOD - [2013.05.16 23:41:40 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll MOD - [2013.05.16 23:41:24 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll MOD - [2013.05.16 23:41:21 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll MOD - [2013.05.16 23:41:17 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll MOD - [2013.05.16 23:41:12 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll MOD - [2013.02.14 20:48:04 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll MOD - [2013.02.05 09:25:06 | 000,362,029 | ---- | M] () -- C:\Windows\System32\jmdp\sqlite3.dll MOD - [2013.01.09 22:03:41 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll MOD - [2013.01.09 22:01:54 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll MOD - [2013.01.09 22:01:50 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll MOD - [2013.01.09 21:59:32 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll MOD - [2013.01.09 21:55:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.09 21:55:08 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.09 21:54:47 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.09 21:54:42 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.09 21:54:34 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2013.01.09 20:37:51 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll MOD - [2013.01.09 20:37:41 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll MOD - [2013.01.09 20:37:23 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll MOD - [2013.01.09 20:37:21 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll MOD - [2013.01.09 20:37:15 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll MOD - [2012.10.05 12:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012.07.02 11:18:42 | 000,585,680 | ---- | M] () -- C:\Programme\CheckDrive\AbScheduler.dll MOD - [2012.07.02 11:18:42 | 000,013,776 | ---- | M] () -- C:\Programme\CheckDrive\AbMessages.dll MOD - [2012.04.25 10:31:56 | 000,753,704 | ---- | M] () -- C:\Programme\abylonsoft\Backup-Tube\BackupBoxService.EXE MOD - [2012.04.25 10:31:46 | 002,033,704 | ---- | M] () -- C:\Programme\abylonsoft\Backup-Tube\APMPToolsX86.DLL MOD - [2012.04.25 10:30:54 | 000,566,824 | ---- | M] () -- C:\Programme\abylonsoft\Backup-Tube\APMPLangX86.DLL MOD - [2012.04.25 10:29:52 | 002,474,536 | ---- | M] () -- C:\Programme\abylonsoft\Backup-Tube\APMPCmn32X86.DLL MOD - [2011.10.07 11:41:16 | 000,879,896 | ---- | M] () -- C:\Programme\Logitech\SetPointP\Macros\MacroCore.dll MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.11.02 15:23:36 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 15:20:10 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009.07.14 10:47:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2006.01.12 21:20:26 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.DEU MOD - [2006.01.12 21:13:46 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.FRA MOD - [2003.07.11 02:09:28 | 000,048,192 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\Web Folders\1031\NSEXTINT.DLL ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\WebCake\WebCakeDesktop.Updater.exe C:\Users\Hans-Werner\AppData\Roaming\WebCake\WebCakeDesktop.exe -- (WebCake Desktop Updater) SRV - [2013.06.12 19:32:07 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert) SRV - [2013.05.21 16:03:12 | 001,015,984 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe -- (vToolbarUpdater15.2.0) SRV - [2013.05.21 15:31:12 | 001,167,152 | ---- | M] () [Auto | Running] -- C:\Windows\System32\dmwu.exe -- (IBUpdaterService) SRV - [2013.05.16 20:35:00 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.11 16:28:08 | 000,093,984 | ---- | M] (Conduit) [Auto | Running] -- C:\Programme\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc) SRV - [2013.03.30 12:10:10 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.30 12:10:00 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.11 18:22:28 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2013.01.28 17:17:53 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Hans-Werner\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2013.01.10 15:35:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.04.25 10:31:56 | 000,753,704 | ---- | M] () [Auto | Running] -- C:\Programme\abylonsoft\Backup-Tube\BackupBoxService.EXE -- (BackupBoxService) SRV - [2011.09.27 21:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.01.11 09:14:28 | 000,303,104 | ---- | M] (Wistron Corporation) [Auto | Running] -- C:\Programme\RemoteKeySrv\RemoteKeySrv.exe -- (RemoteKeySrv) SRV - [2009.12.09 18:02:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Boot | Stopped] -- -- (rseb) DRV - [2013.05.21 16:03:12 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2013.03.30 12:10:12 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.03.30 12:10:12 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.03.30 12:10:12 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.03.11 18:22:32 | 008,913,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2013.02.22 19:11:42 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2013.02.18 09:22:18 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2011.10.14 17:13:26 | 000,061,312 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser) DRV - [2011.10.14 17:13:26 | 000,047,176 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm) DRV - [2011.09.02 08:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2011.09.02 08:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2011.09.02 08:31:10 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb) DRV - [2011.09.02 08:31:10 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.04.01 10:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2010.01.07 10:05:26 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.10.29 11:20:40 | 000,010,360 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf) DRV - [2009.10.29 11:20:38 | 000,022,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NW1950.sys -- (NW1950) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.01 13:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2009.05.13 12:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2009.05.13 12:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2007.07.27 12:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10) DRV - [2007.07.27 10:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10) DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) DRV - [2005.12.08 14:33:40 | 000,004,096 | ---- | M] (Wistron) [Kernel | On_Demand | Running] -- C:\Programme\RemoteKeySrv\GENPORT.sys -- (genport) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {04a8dd1a-4754-48fe-a703-99846646ef04} - C:\Programme\DVDvideoSoft_2.0\prxtbDVDv.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsh0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL Inc.) IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.00000&barid={0170617E-695E-11E2-B1EF-1C4BD602D165} IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20130321181948801&tb_oid=21-03-2013&tb_mrud=21-03-2013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=119357&babsrc=HP_ss_gin2g&mntrId=2A521C4BD6428A4C IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=119357&babsrc=HP_ss_gin2g&mntrId=2A521C4BD6428A4C IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3B 65 AF C3 78 3F CD 01 [binary data] IE - HKCU\..\URLSearchHook: {04a8dd1a-4754-48fe-a703-99846646ef04} - C:\Programme\DVDvideoSoft_2.0\prxtbDVDv.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsh0.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL Inc.) IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D4945385352 43&st={searchTerms}&clid=684e6412-eb7f-45cf-8140-61eb00daa96e&pid=freewarede&k=0 IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=109718&tt=4612_3&babsrc=SP_ss&mntrId=2a522c270000000000001c4bd6428a4c IE - HKCU\..\SearchScopes\{420C51BF-930C-4854-8EAA-DB2C16E35F30}: "URL" = [String data over 1000 bytes] IE - HKCU\..\SearchScopes\{8A4CC51F-81AA-4648-99C6-6A439A6A120F}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=684e6412-eb7f-45cf-8140-61eb00daa96e&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{8F24ABFF-F6F8-497E-88EB-FD27EA16C77F}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=684e6412-eb7f-45cf-8140-61eb00daa96e&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={AF16B6D9-CC75-4EDA-BCD6-756C31CB4ED6}&mid=2bfe9eb9394147d0bb3fcd0290e63896-7109eff3f2cace622cef12674e461e74a6511a66&lang=de&ds=pd011&pr=sa&d=2012-09-25 20:58:37&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{C77B8B60-FBE5-492E-A285-2FDDB37ACFF9}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=684e6412-eb7f-45cf-8140-61eb00daa96e&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{EA46890A-ADCC-474E-A270-5E3799DCD379}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=684e6412-eb7f-45cf-8140-61eb00daa96e&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{EB1BCBBB-4D79-4F89-A7F2-42382B5E1501}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=684e6412-eb7f-45cf-8140-61eb00daa96e&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.00000&barid={0170617E-695E-11E2-B1EF-1C4BD602D165} IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20130321181948801&tb_oid=21-03-2013&tb_mrud=21-03-2013 IE - HKCU\..\SearchScopes\{FB6B54B8-EEC8-48B2-8E7D-CD865A8ED891}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=684e6412-eb7f-45cf-8140-61eb00daa96e&pid=freewarede&mode=bounce&k=0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5 [2013.05.21 16:03:24 | 000,000,000 | ---D | M] [2012.11.12 22:19:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://search.babylon.com/?affID=119357&babsrc=HP_ss_gin2g&mntrId=2A521C4BD6428A4C CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl\1.4_0\ CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0\ CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0\ CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma\3.5.3.0_0\ CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\ CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0\ CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\ CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolkekjjhnaeaahibbnfebmogackofpf\10.16.4.512_0\ CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl\1.4_0\ CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0\ CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0\ CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma\3.5.3.0_0\ CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\ CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0\ CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\ CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolkekjjhnaeaahibbnfebmogackofpf\10.16.4.512_0\ CHR - Extension: No name found = C:\Users\Hans-Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Programme\Claro LTD\claro\1.8.8.5\bh\claro.dll (Montera Technologeis LTD) O2 - BHO: (DVDvideoSoft 2.0 Toolbar) - {04a8dd1a-4754-48fe-a703-99846646ef04} - C:\Programme\DVDvideoSoft_2.0\prxtbDVDv.dll (Conduit Ltd.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL Inc.) O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Programme\WebCake\WebCakeIEClient.dll (WebCake LLC) O2 - BHO: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsh0.dll (Conduit Ltd.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Programme\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (DealPly) - {EF7BD87A-8024-11E2-F316-F3E56188709B} - C:\Programme\DealPly\DealPlyIE.dll (DealPly) O3 - HKLM\..\Toolbar: (DVDvideoSoft 2.0 Toolbar) - {04a8dd1a-4754-48fe-a703-99846646ef04} - C:\Programme\DVDvideoSoft_2.0\prxtbDVDv.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsh0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Programme\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search) O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Programme\Claro LTD\claro\1.8.8.5\claroTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL Inc.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ashampoo DE Toolbar) - {5786D022-540E-4699-B350-B4BE0AE94B79} - C:\Programme\Ashampoo_DE\prxtbAsh0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL Inc.) O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LchDrv] C:\Windows\LchDrvKey.exe () O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.) O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation) O4 - HKLM..\Run: [Ocs_SM] C:\Users\Hans-Werner\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchProtectAll] C:\Programme\SearchProtect\bin\cltmng.exe (Conduit) O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe (AVG Secure Search) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found O4 - HKLM..\Run: [WUG0902APP] C:\Windows\CNYHKey.exe (Chicony) O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKCU..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks) O4 - HKCU..\Run: [SearchProtect] C:\Users\Hans-Werner\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit) O4 - HKCU..\Run: [WebCake Desktop] C:\Users\Hans-Werner\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC) O4 - Startup: C:\Users\Hans-Werner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk = C:\Users\Hans-Werner\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98E9F58F-74EE-4ADA-8E47-59082C39A40D}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.08.10 14:32:06 | 000,000,000 | ---D | M] - F:\Autobackup -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.15 18:51:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hans-Werner\Desktop\OTL.exe [2013.06.06 21:05:44 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Local\Downloaded Installations [2013.06.06 21:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.06.06 21:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.06.06 21:04:24 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender [2013.06.06 21:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender [2013.06.06 21:04:08 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Roaming\BabSolution [2013.06.06 21:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\Delta [2013.06.06 21:03:58 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Roaming\Delta [2013.06.06 21:03:44 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Roaming\WebCake [2013.06.06 21:03:44 | 000,000,000 | ---D | C] -- C:\Program Files\WebCake [2013.06.06 21:03:44 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Roaming\DealPly [2013.06.06 21:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Converter [2013.06.06 21:03:34 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Roaming\DSite [2013.06.06 21:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013.06.06 21:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\Image Converter [2013.06.06 21:03:30 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly [2013.06.06 21:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\DealPly [2013.06.04 20:07:47 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Local\Apple Computer [2013.06.04 20:07:33 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Roaming\Apple Computer [2013.06.03 19:13:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\jmdp [2013.06.03 19:13:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\ARFC [2013.06.03 19:13:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\WNLT [2013.06.02 17:46:23 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Roaming\Audacity [2013.06.02 17:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity [2013.06.02 17:31:56 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Local\Xara [2013.06.02 17:31:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xara [2013.06.02 17:31:21 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\Documents\MAGIX_Xtreme_Druck_Center [2013.06.02 17:30:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services [2013.06.02 17:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DateiCommander14Basic [2013.06.02 17:23:39 | 000,069,632 | ---- | C] (TimoSoft) -- C:\Windows\System32\SHEvent322.ocx [2013.06.02 17:23:37 | 000,373,248 | ---- | C] (Tools & Components) -- C:\Windows\System32\sevDataGrid2.ocx [2013.06.02 17:23:36 | 000,276,992 | ---- | C] (IntelleSoft) -- C:\Windows\System32\BugTrap.dll [2013.06.02 17:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\DateiCommander14Basic [2013.06.02 17:11:58 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Local\Winamp Toolbar [2013.06.02 17:10:09 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Local\Wondershare [2013.06.02 17:10:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wondershare [2013.06.02 17:09:51 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\Documents\Wondershare Fantashow [2013.05.27 21:21:27 | 000,000,000 | R--D | C] -- C:\Users\Hans-Werner\Mediencenter [2013.05.27 21:20:21 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\Medien [2013.05.27 21:20:09 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\Desktop\Neuer Ordner (3) [2013.05.27 21:15:16 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Local\Telekom [2013.05.27 21:15:02 | 000,000,000 | ---D | C] -- C:\Users\Hans-Werner\AppData\Roaming\Telekom [2013.05.27 19:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.05.16 20:35:52 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys [2013.05.16 20:28:17 | 000,000,000 | ---D | C] -- C:\SearchProtect ========== Files - Modified Within 30 Days ========== [2013.06.15 19:03:01 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\DSite.job [2013.06.15 18:51:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hans-Werner\Desktop\OTL.exe [2013.06.15 18:49:19 | 000,000,000 | ---- | M] () -- C:\Users\Hans-Werner\defogger_reenable [2013.06.15 18:45:00 | 000,050,477 | ---- | M] () -- C:\Users\Hans-Werner\Desktop\Defogger.exe [2013.06.15 18:33:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.15 18:32:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.15 17:50:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.15 12:01:32 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.15 12:01:32 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.15 11:54:24 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.15 11:54:23 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job [2013.06.15 11:54:22 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\CheckDriveBackgroundGuard.job [2013.06.15 11:54:21 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job [2013.06.15 11:52:34 | 2414,432,256 | -HS- | M] () -- C:\hiberfil.sys [2013.06.15 11:20:32 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.15 11:20:32 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.15 11:20:32 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.15 11:20:32 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.14 20:04:00 | 000,000,005 | ---- | M] () -- C:\Users\Hans-Werner\AppData\Roaming\WBPU-TTL.DAT [2013.06.12 22:33:47 | 000,069,358 | ---- | M] () -- C:\Users\Hans-Werner\Documents\PSD OnlineBanking - PSD Bank Rhein-Ruhr eG - BLZ 30060992.pdf [2013.06.06 21:38:03 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.06.06 21:03:33 | 000,001,232 | ---- | M] () -- C:\Users\Public\Desktop\Image Converter.lnk [2013.06.02 17:46:11 | 000,000,973 | ---- | M] () -- C:\Users\Hans-Werner\Desktop\Audacity.lnk [2013.06.02 17:31:37 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Xtreme Druck Center.lnk [2013.06.02 17:23:44 | 000,001,016 | ---- | M] () -- C:\Users\Hans-Werner\Desktop\DateiCommander14Basic.lnk [2013.06.02 16:57:43 | 003,334,136 | ---- | M] () -- C:\Users\Hans-Werner\Desktop\wssetup.exe [2013.05.31 21:27:31 | 000,001,876 | ---- | M] () -- C:\Users\Hans-Werner\Documents\05_31.csv [2013.05.31 21:26:53 | 000,001,576 | ---- | M] () -- C:\Users\Hans-Werner\Documents\05_31R.csv [2013.05.29 20:02:22 | 000,060,016 | ---- | M] () -- C:\Users\Hans-Werner\Documents\Der neue Rundfunkbeitrag - Antworten.pdf [2013.05.27 21:15:02 | 000,001,167 | ---- | M] () -- C:\Users\Hans-Werner\Desktop\Mediencenter.lnk [2013.05.27 21:15:02 | 000,001,159 | ---- | M] () -- C:\Users\Hans-Werner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk [2013.05.27 20:40:35 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT [2013.05.27 20:38:02 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT [2013.05.27 20:11:37 | 000,001,966 | ---- | M] () -- C:\Users\Hans-Werner\Documents\0514.csv [2013.05.27 20:11:19 | 000,002,616 | ---- | M] () -- C:\Users\Hans-Werner\Documents\0513.csv [2013.05.27 20:10:57 | 000,001,966 | ---- | M] () -- C:\Users\Hans-Werner\Documents\0511.csv [2013.05.27 20:10:39 | 000,001,836 | ---- | M] () -- C:\Users\Hans-Werner\Documents\0509.csv [2013.05.27 19:59:33 | 000,002,174 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.05.27 19:48:53 | 000,001,584 | ---- | M] () -- C:\Users\Hans-Werner\Documents\05r.csv [2013.05.27 19:47:34 | 000,000,552 | ---- | M] () -- C:\Users\Hans-Werner\Documents\05rr.csv [2013.05.23 17:53:11 | 000,000,918 | ---- | M] () -- C:\Windows\wiso.ini [2013.05.21 16:03:12 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2013.05.21 15:31:12 | 001,167,152 | ---- | M] () -- C:\Windows\System32\dmwu.exe [2013.05.21 15:28:38 | 000,027,136 | ---- | M] () -- C:\Windows\System32\ImHttpComm.dll [2013.05.17 10:31:50 | 000,448,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.16 21:11:26 | 000,001,716 | ---- | M] () -- C:\Users\Hans-Werner\Documents\05.csv [2013.05.16 20:35:13 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys [2013.05.16 20:27:50 | 000,002,453 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk ========== Files Created - No Company Name ========== [2013.06.15 18:49:19 | 000,000,000 | ---- | C] () -- C:\Users\Hans-Werner\defogger_reenable [2013.06.15 18:44:56 | 000,050,477 | ---- | C] () -- C:\Users\Hans-Werner\Desktop\Defogger.exe [2013.06.14 20:04:00 | 000,000,005 | ---- | C] () -- C:\Users\Hans-Werner\AppData\Roaming\WBPU-TTL.DAT [2013.06.12 22:33:47 | 000,069,358 | ---- | C] () -- C:\Users\Hans-Werner\Documents\PSD OnlineBanking - PSD Bank Rhein-Ruhr eG - BLZ 30060992.pdf [2013.06.08 15:23:40 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job [2013.06.06 21:03:35 | 000,000,304 | ---- | C] () -- C:\Windows\tasks\DSite.job [2013.06.06 21:03:33 | 000,001,232 | ---- | C] () -- C:\Users\Public\Desktop\Image Converter.lnk [2013.06.03 19:13:30 | 001,167,152 | ---- | C] () -- C:\Windows\System32\dmwu.exe [2013.06.03 19:13:30 | 000,027,136 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll [2013.06.02 17:46:11 | 000,000,973 | ---- | C] () -- C:\Users\Hans-Werner\Desktop\Audacity.lnk [2013.06.02 17:46:10 | 000,000,985 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2013.06.02 17:31:37 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Xtreme Druck Center.lnk [2013.06.02 17:23:44 | 000,001,016 | ---- | C] () -- C:\Users\Hans-Werner\Desktop\DateiCommander14Basic.lnk [2013.06.02 17:23:40 | 000,885,760 | ---- | C] () -- C:\Windows\System32\ExTvw.pdb [2013.06.02 17:23:39 | 001,158,144 | ---- | C] () -- C:\Windows\System32\CBLCtlsU.pdb [2013.06.02 17:23:39 | 001,104,896 | ---- | C] () -- C:\Windows\System32\CBLCtlsU.ocx [2013.06.02 17:23:37 | 000,838,656 | ---- | C] () -- C:\Windows\System32\TBarCtlsU.pdb [2013.06.02 17:23:37 | 000,806,400 | ---- | C] () -- C:\Windows\System32\TBarCtlsU.ocx [2013.06.02 17:23:37 | 000,568,320 | ---- | C] () -- C:\Windows\System32\DTCtlsU.pdb [2013.06.02 17:23:37 | 000,505,856 | ---- | C] () -- C:\Windows\System32\DTCtlsU.ocx [2013.06.02 17:23:37 | 000,445,440 | ---- | C] () -- C:\Windows\System32\ProgBarU.pdb [2013.06.02 17:23:36 | 001,117,184 | ---- | C] () -- C:\Windows\System32\ShBrowserCtlsU.pdb [2013.06.02 17:23:36 | 001,061,888 | ---- | C] () -- C:\Windows\System32\ExLVwU.ocx [2013.06.02 17:23:36 | 001,002,496 | ---- | C] () -- C:\Windows\System32\ExLVwU.pdb [2013.06.02 17:23:36 | 000,878,080 | ---- | C] () -- C:\Windows\System32\ShBrowserCtlsU.ocx [2013.06.02 17:23:36 | 000,699,392 | ---- | C] () -- C:\Windows\System32\BtnCtlsU.pdb [2013.06.02 17:23:36 | 000,645,632 | ---- | C] () -- C:\Windows\System32\BtnCtlsU.ocx [2013.06.02 17:23:36 | 000,601,088 | ---- | C] () -- C:\Windows\System32\TabStripCtlU.pdb [2013.06.02 17:23:36 | 000,476,672 | ---- | C] () -- C:\Windows\System32\TabStripCtlU.ocx [2013.06.02 17:23:36 | 000,317,440 | ---- | C] () -- C:\Windows\System32\ProgBarU.ocx [2013.06.02 16:57:42 | 003,334,136 | ---- | C] () -- C:\Users\Hans-Werner\Desktop\wssetup.exe [2013.05.31 21:27:31 | 000,001,876 | ---- | C] () -- C:\Users\Hans-Werner\Documents\05_31.csv [2013.05.31 21:26:52 | 000,001,576 | ---- | C] () -- C:\Users\Hans-Werner\Documents\05_31R.csv [2013.05.31 19:11:46 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job [2013.05.29 20:02:21 | 000,060,016 | ---- | C] () -- C:\Users\Hans-Werner\Documents\Der neue Rundfunkbeitrag - Antworten.pdf [2013.05.27 21:15:02 | 000,001,167 | ---- | C] () -- C:\Users\Hans-Werner\Desktop\Mediencenter.lnk [2013.05.27 21:15:02 | 000,001,159 | ---- | C] () -- C:\Users\Hans-Werner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk [2013.05.27 21:15:02 | 000,001,153 | ---- | C] () -- C:\Users\Hans-Werner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mediencenter.lnk [2013.05.27 20:11:37 | 000,001,966 | ---- | C] () -- C:\Users\Hans-Werner\Documents\0514.csv [2013.05.27 20:11:19 | 000,002,616 | ---- | C] () -- C:\Users\Hans-Werner\Documents\0513.csv [2013.05.27 20:10:56 | 000,001,966 | ---- | C] () -- C:\Users\Hans-Werner\Documents\0511.csv [2013.05.27 20:10:39 | 000,001,836 | ---- | C] () -- C:\Users\Hans-Werner\Documents\0509.csv [2013.05.27 19:59:33 | 000,002,174 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.05.27 19:47:34 | 000,000,552 | ---- | C] () -- C:\Users\Hans-Werner\Documents\05rr.csv [2013.05.16 21:11:26 | 000,001,716 | ---- | C] () -- C:\Users\Hans-Werner\Documents\05.csv [2013.05.16 21:10:29 | 000,001,584 | ---- | C] () -- C:\Users\Hans-Werner\Documents\05r.csv [2013.01.07 20:54:44 | 000,000,231 | ---- | C] () -- C:\Windows\LSBackupBox.ini [2013.01.01 13:21:19 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2013.01.01 13:20:26 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2012.12.17 00:07:24 | 000,000,000 | ---- | C] () -- C:\Windows\winfile.ini [2012.11.04 20:14:22 | 000,164,352 | ---- | C] () -- C:\Windows\System32\UNRAR.DLL [2012.11.04 20:14:22 | 000,075,264 | ---- | C] () -- C:\Windows\System32\UNACEV2.DLL [2012.10.25 21:50:50 | 002,300,672 | ---- | C] () -- C:\Windows\System32\libintl-8.dll [2012.10.25 21:50:50 | 000,289,739 | ---- | C] () -- C:\Windows\System32\libmp3splt-0.dll [2012.10.25 21:50:50 | 000,261,438 | ---- | C] () -- C:\Windows\System32\libsplt_mp3-0.dll [2012.10.25 21:50:50 | 000,197,337 | ---- | C] () -- C:\Windows\System32\libmad-0.dll [2012.10.25 21:50:50 | 000,174,716 | ---- | C] () -- C:\Windows\System32\libid3tag.dll [2012.10.25 21:50:50 | 000,116,736 | ---- | C] () -- C:\Windows\System32\mp3splt.exe [2012.10.25 21:50:50 | 000,061,211 | ---- | C] () -- C:\Windows\System32\libltdl-7.dll [2012.10.25 21:50:50 | 000,045,245 | ---- | C] () -- C:\Windows\System32\mp3wrap.exe [2012.08.07 21:48:34 | 000,000,918 | ---- | C] () -- C:\Windows\wiso.ini [2012.06.06 22:06:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\Install2500USB.dll [2012.06.06 22:06:58 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DEDriverDLL.dll [2012.06.06 22:06:58 | 000,036,864 | ---- | C] () -- C:\Windows\System32\WRLSetup.exe [2012.06.06 20:39:00 | 000,000,268 | RH-- | C] () -- C:\ProgramData\SingleFiles [2012.06.06 20:39:00 | 000,000,268 | RH-- | C] () -- C:\Users\Hans-Werner\AppData\Roaming\Screen Saver [2012.06.06 20:39:00 | 000,000,012 | RH-- | C] () -- C:\ProgramData\StatusSheet [2012.06.06 20:38:59 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Services [2012.06.06 20:38:59 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Scripts Menu [2012.06.06 20:38:59 | 000,000,268 | RH-- | C] () -- C:\Users\Hans-Werner\AppData\Roaming\Sci-Fi [2012.06.06 20:38:59 | 000,000,268 | RH-- | C] () -- C:\Users\Hans-Werner\AppData\Roaming\Sampler Instruments [2012.06.06 20:38:59 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2012.06.06 20:38:59 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2012.06.06 20:38:59 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2012.06.06 20:38:59 | 000,000,012 | RH-- | C] () -- C:\ProgramData\StartupItems [2012.06.06 20:38:59 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Standard [2012.06.05 21:55:32 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2012.06.05 21:55:32 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2012.06.05 21:55:32 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2012.06.05 21:55:32 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2012.06.05 21:55:32 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2012.06.05 21:55:32 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2012.06.05 21:55:32 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2012.06.05 21:55:32 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2012.06.05 21:55:32 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2012.06.05 21:55:32 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2012.06.05 21:55:32 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2012.06.05 21:55:32 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2012.06.05 21:55:31 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2012.06.05 21:55:31 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2012.06.05 21:55:31 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2012.06.05 21:55:31 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2012.06.05 21:55:31 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2012.06.05 21:55:31 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2012.06.05 21:55:31 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2012.06.05 21:55:09 | 000,065,793 | ---- | C] () -- C:\Windows\System32\esfw8b.bin [2012.06.05 21:54:49 | 000,000,025 | ---- | C] () -- C:\Windows\CDE V30V300DEFGIPSRUk.ini [2012.06.05 21:24:36 | 000,000,140 | ---- | C] () -- C:\Windows\ML24DXn.INI [2012.06.03 15:55:14 | 000,036,864 | ---- | C] () -- C:\Windows\LchDrvKey.exe [2012.06.03 14:07:35 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe [2012.06.03 13:49:35 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe [2012.06.03 13:49:34 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe [2012.06.03 13:41:50 | 000,013,224 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT [2012.06.01 21:56:14 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.06.06 21:12:38 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\Audacity [2013.06.06 21:04:11 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\BabSolution [2012.11.12 22:18:55 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\Babylon [2012.08.07 21:49:42 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\Buhl Data Service [2012.11.12 22:19:20 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\Claro [2013.01.28 18:05:14 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\Claro LTD [2013.06.02 17:23:42 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\Dateicommander [2013.06.06 21:03:44 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\DealPly [2013.06.06 21:03:58 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\Delta [2013.01.28 17:17:56 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\DesktopIconForAmazon [2013.06.06 21:03:34 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\DSite [2013.04.12 18:50:36 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\DVDVideoSoft [2012.06.05 22:15:15 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\Epson [2012.06.06 19:57:20 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\Leadertech [2013.06.02 17:31:58 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\MAGIX [2012.06.30 16:19:04 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\Nikon [2013.02.18 20:56:33 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\Notepad++ [2013.01.28 17:17:53 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\OCS [2013.03.21 20:30:50 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\OpenCandy [2012.06.01 21:28:34 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\Opera [2013.01.07 21:53:51 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\pdfforge [2012.06.26 19:48:23 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\PowerCinema [2013.04.12 18:56:08 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\SearchProtect [2012.07.20 21:06:06 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\SmartTools [2013.05.27 21:15:02 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\Telekom [2013.03.21 20:32:15 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\TuneUp Software [2013.06.06 21:04:00 | 000,000,000 | ---D | M] -- C:\Users\Hans-Werner\AppData\Roaming\WebCake ========== Purity Check ========== < End of report > Extras.txt OTL Extras logfile created on: 15.06.2013 18:53:36 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hans-Werner\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 55,55% Memory free 5,99 Gb Paging File | 3,65 Gb Available in Paging File | 60,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 890,41 Gb Total Space | 281,08 Gb Free Space | 31,57% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 26,96 Gb Free Space | 67,41% Space Free | Partition Type: NTFS Drive F: | 279,47 Gb Total Space | 82,54 Gb Free Space | 29,53% Space Free | Partition Type: NTFS Computer Name: HANS-WERNER1 | User Name: Hans-Werner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [DateiCommander] -- C:\Program Files\DateiCommander14Basic\DateiCommander.exe %1 (Ch.Lütgens & Co) Directory [Datei-Commander] -- C:\Program Files\DateiCommander\DateiCommander.exe %1 (OEM) Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{029CA508-2F3E-4A56-8D48-6BE0F3B0238D}" = rport=10243 | protocol=6 | dir=out | app=system | "{118D4EFE-2AE3-43EF-8C4E-30F2DFB3C529}" = rport=138 | protocol=17 | dir=out | app=system | "{2235D3B3-AF47-4F5E-976D-813916C96EA6}" = rport=139 | protocol=6 | dir=out | app=system | "{2767B32D-DC07-4A8C-B05E-4668633DD97B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{38F59FC4-ACB1-464F-964E-252E082DAC36}" = lport=139 | protocol=6 | dir=in | app=system | "{4878F92A-FE10-4C41-B2DF-C02327F01D03}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4FE97C18-F3CC-483D-9E4B-434265840FC4}" = rport=137 | protocol=17 | dir=out | app=system | "{565ED97B-EEA8-4FED-8415-860C240737D2}" = lport=137 | protocol=17 | dir=in | app=system | "{59CF73E3-216D-4636-84EE-58E9AA4AD4C5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5A13856C-31A0-48E3-9020-36176FEE5B4A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5BEB3BE9-113C-4EA1-8FBE-C03048092011}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{723942B3-8038-46AE-A5F7-C547FA7A8D7A}" = lport=10243 | protocol=6 | dir=in | app=system | "{7D0442B6-84CD-4A5A-8D0F-94381EAE1CE5}" = lport=445 | protocol=6 | dir=in | app=system | "{9EC50FA0-ACFB-4909-9900-14705D650D6F}" = lport=2869 | protocol=6 | dir=in | app=system | "{A2565333-0D27-4787-9D66-DC0A67737B17}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A579A4C2-E31B-417B-88D8-BFCDBEEBFF37}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A8B9ABBB-0813-429C-99A5-6141359903B8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{DF738E1E-CEFE-4C83-B58D-837AA807DF23}" = rport=445 | protocol=6 | dir=out | app=system | "{E78EB66C-888E-44AE-A32D-2A4391CB7854}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EA3C5517-BE1E-49ED-B6B6-F41AA38FFF81}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EC7EAAE7-F1A6-42FE-97BB-FB389BE27391}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F41DB5BB-53F2-439D-937D-1245B416AB43}" = lport=138 | protocol=17 | dir=in | app=system | "{F817B8B5-2D40-4B0C-91AA-01FC685AA9D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0112E3B0-64C4-44C1-9485-DDE79162CA1A}" = protocol=6 | dir=out | app=system | "{02BEE5BF-C6F0-47E5-8DB8-5126717F2D99}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{05B24A14-91A3-4CCE-939A-D96E2C5F68FB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{0ADD24C7-BAE0-4AF3-A85E-B85E1E301FA7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{0B473FBF-5F18-460E-9558-6039F220AE16}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | "{0D97F2A6-7B4A-489F-B158-AD93DB490E75}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{139588BD-FDA8-4B2C-82E1-5790ADBD5693}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | "{15826304-3B66-4F8B-AEBB-804E6D4DC6C9}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{183E4F2E-E073-4B91-9841-CE85D0C56872}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{194ADA60-B839-4A08-9C98-6619D6FA5249}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{1BBAAEC1-4AD9-4433-9F30-E460E8D96E2B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{2603F59D-5042-4263-ADDE-CECBF2A168F3}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | "{2AFCED50-8BBB-4EA0-8C6A-1E6E2D381B00}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{2E714308-04FE-4F85-BBC8-5E3FA50142B3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{31CF9198-0D6E-4A41-BA7E-5F7DC9BA008D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{33F21EE9-9397-4BF7-8ED7-8D9AA29F807C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{3954D30F-3829-48BB-AFB9-B08317773E57}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{3AB47269-5F93-48B3-8389-36E5A69E5915}" = dir=in | app=c:\program files\cyberlink\powercinema movie\powercinemamovie.exe | "{3C76AF0D-AB5A-40AA-A575-FC38610DE345}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{3C95AF57-E37A-46C1-B19E-920C9004F9B8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{43C121FE-A0C2-4F2F-8824-8B206848F516}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | "{458640F3-1252-42BB-AA77-857E8FDBB9F2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{46AFE903-A08D-4199-96D0-5E8E1A134CFE}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{4EB5A88B-0411-4988-B1BF-7CD7A7369354}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{55E2D9AF-F518-4655-AE60-565725117323}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | "{59B25DDC-C9BB-4C96-AFBF-2A615F9FA140}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{5A8A9013-C977-412D-84F1-D0F99D1E5B47}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{766F5EBC-6A64-4E73-9CFE-B354419299F5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{7B38CE4E-E81B-44D6-B604-A8908CA26DFF}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | "{7DCB3EA8-E4E9-4FB1-9C1E-7A978A58C2A4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{82009E66-4712-4588-ACE3-7486ED238B19}" = protocol=17 | dir=in | app=c:\program files\gps master 2.0.12\gps master.exe | "{864CB878-E7F8-4B8D-ACA8-1A04EF3FA76B}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | "{8C0DBADE-92F7-4ED1-B3A3-E8A9BD682287}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{8C5B0037-3F0E-4FDC-AE8E-79EA03AF7AC5}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{96B7B3F5-32A8-4145-B5AB-487AEC5DCA5A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{972770F2-ED1D-4B00-94FC-0441932826AD}" = dir=in | app=c:\program files\cyberlink\powercinema\powercinema.exe | "{A110050B-5142-467B-9916-04431292D33B}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | "{A4983BB0-611E-42D3-94F3-91A4E55B9ADE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{A7273398-F6AD-441C-83AC-F5FAE1AE8C77}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{A753E030-B927-4B13-86F7-AC2616ADADD3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{AE81B819-DBE8-471F-9A96-819E26A7979D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B332CADC-0F88-4E00-9DB9-E277394EDB3C}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | "{B5E6408E-0BFB-4FF1-820D-93C88961CFD8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B8FC2463-84E0-4311-9EE5-F5718F02E5E7}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{BB16EE88-4897-4D6A-B57E-13FBDE8BEE2A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C10791D6-4EB6-4BD6-8749-73E862FF82CD}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | "{C20C80B2-3475-4FD9-BEA4-3ECC16512FBA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CD4FCF58-D703-4488-9546-667613C457E7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D00F8366-DFE2-4D08-B80E-37109D14F46D}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{D4F7CD96-D7E7-4319-A448-F149F332EC2A}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{D7B11101-BB36-4F79-B355-27B2860340A0}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | "{DA45B661-C7C2-431F-B539-B23FFCC4AA6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DDEFA0D8-18A0-49D4-B26C-6EF27D2E0F17}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{EC6DB7EE-5BDB-49C9-BA8B-9481F6258D6E}" = protocol=6 | dir=in | app=c:\program files\gps master 2.0.12\gps master.exe | "{ECA946FB-D630-4746-8FA3-B9D27F6AF89F}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{F43C50CB-2CEA-4057-AA0C-DE76F368982B}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | "{F46F2DBF-9334-487D-94F6-13E3E2CDB0A3}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{F9447430-99BB-4803-8A2A-046BD1B8549D}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | "{F94D7A37-698E-4A1D-9FC1-18F7C7F00B2E}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe | "TCP Query User{4B3F68B6-B6C1-491D-A933-BC9BD8769827}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | "TCP Query User{F429CB6E-6785-4850-A530-26CF443F746D}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | "TCP Query User{FD65EABF-0E83-4418-B944-C577E1E2FDA9}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "UDP Query User{CF89EA27-0262-47FD-B67D-5B5F2EB4E21D}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | "UDP Query User{E1AFA81E-EA6E-48DE-B86A-8FDB81A8FF0C}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | "UDP Query User{E5E4D303-FBCF-4D9C-B8F1-898C2CF53E00}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{069B290F-5398-4629-A009-85B4BCB4B1B9}" = Claro Chrome Toolbar "{0A844D8F-A965-11E2-9E77-B8AC6F98CCE3}" = Google Earth "{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012 "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserDefender "{16844FEF-BCAF-4FCC-BFE9-8C52069E82CF}" = USB 2.4G Wireless Keyboard Driver "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{389BE10D-555B-495B-A83E-E3D94B66D26A}" = CDRWIN 7 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{531F0013-964C-4BE6-B382-4117DC8BCDF9}" = ArcSoft MediaImpression "{5490B6EF-5A48-40B7-A9E0-D3B886D17A29}" = RT2500 USB Wireless LAN Card "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{699D0EFA-5AC2-4DAB-846E-E4EFDA00ACAC}" = RemoteKeySrv "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{70CC0095-AA68-45BE-AE98-D8170182E9EB}" = PowerCinema Movie "{714F1BA5-F95E-4821-AA70-D30BBE04A5FF}" = NextWindow Drivers "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint "{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7 "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003 "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003 "{91B33C97-7650-0EB0-B6C7-DDBA2932B7B4}_is1" = Ashampoo Music Studio 4 v.4.0.5 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center "{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.4 "{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema "{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.00 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.00 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.00 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1" = CheckDrive "{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks "{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}" = WebCake 3.00 "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2 "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013 "{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2 "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1 "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "abylonprotectionmanager-backup-tube_is1" = abylon BACKUP-TUBE 2012.PRV "Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Ashampoo Music Studio 2012_is1" = Ashampoo Music Studio 2012 v.1.0.0 "Ashampoo Photo Optimizer 4_is1" = Ashampoo Photo Optimizer 4 v.4.0.3 "Ashampoo_DE Toolbar" = Ashampoo DE Toolbar "Audacity_is1" = Audacity 2.0.3 "AVG Secure Search" = AVG Security Toolbar "Avira AntiVir Desktop" = Avira Free Antivirus "claro" = Claro toolbar "DateiCommander 14 Basic_is1" = DateiCommander14Basic "DateiCommander 9 Personal_is1" = DateiCommander "DealPly" = DealPly (remove only) "delta" = Delta toolbar "Delta Chrome Toolbar" = Delta Chrome Toolbar "DesktopIconAmazon" = Desktop Icon für Amazon "dm-Fotowelt" = dm-Fotowelt "DVDvideoSoft_2.0 Toolbar" = DVDvideoSoft 2.0 Toolbar "EPSON PERFECTION V30_V300 PHOTO Benutzerhandbuch" = EPSON PERFECTION V30_V300 PHOTO Handbuch "EPSON Scanner" = EPSON Scan "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition "Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.23.320 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320 "Google Chrome" = Google Chrome "GPS Master_is1" = GPS Master 2.0.12 "Image Converter Image Converter" = Image Converter "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "MAGIX Fotobuch" = MAGIX Fotobuch 3.2 "MAGIX Fotos auf CD & DVD 7 deluxe D" = MAGIX Fotos auf CD & DVD 7 deluxe 7.0.0.19 (D) "MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D) "MAGIX PC Visit D" = MAGIX PC Visit "MAGIX Xtreme Druck Center D" = MAGIX Xtreme Druck Center 5.0.0.7399 (D) "MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 6.0.22.0 (D) "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "mp3Boy_is1" = mp3Boy 1.8.0 "Notepad++" = Notepad++ "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Opera 12.12.1707" = Opera 12.12 "Orb" = Winamp Remote "ProtectDisc Driver 10" = ProtectDisc Helper Driver 10 "SearchAnonymizer" = SearchAnonymizer "SearchProtect" = Search Protect by conduit "SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) "SmartToolsBerichte-Verteilerv3.00" = SmartTools Publishing • Access Berichte-Verteiler "SmartToolsBeschreibungs-Managerv1.50" = SmartTools Publishing • Access Beschreibungs-Manager "SmartToolsEM 2012-Planerv1.50" = SmartTools Publishing • Outlook EM 2012-Planer "SoftwareUpdUtility" = Download Updater (AOL LLC) "sp6" = Logitech SetPoint 6.32 "ST6UNST #1" = Mp3-Manager personal "ST6UNST #2" = Mp3-Manager personal (C:\Program Files\Mp3-Manager personal\) "Winamp" = Winamp "Winamp Toolbar" = Winamp Toolbar "WinZip" = WinZip "WNLT" = IB Updater Service "X10Hardware" = X10 Hardware(TM) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "DealPly" = DealPly "DSite" = Update for Image Editor "Mediencenter" = Mediencenter 3.7.0.2204 "Winamp Detect" = Winamp Erkennungs-Plug-in "Winamp Toolbar" = Winamp Toolbar ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12.06.2013 01:41:50 | Computer Name = Hans-Werner1 | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\NextWindow\NW1950v2171_Vista\dpinst64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 12.06.2013 01:42:36 | Computer Name = Hans-Werner1 | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\NextWindow\NW1950v2171\dpinst64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 12.06.2013 01:42:46 | Computer Name = Hans-Werner1 | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\abylonsoft\backup-tube\AdminCallx64.EXE". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 12.06.2013 01:42:47 | Computer Name = Hans-Werner1 | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\abylonsoft\backup-tube\BackupBoxServiceX64.EXE". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 12.06.2013 01:42:47 | Computer Name = Hans-Werner1 | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\abylonsoft\backup-tube\BackupBoxX64.EXE". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 12.06.2013 01:43:43 | Computer Name = Hans-Werner1 | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\gps master 2.0.12\USB\DPINST_AMD64.EXE". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 12.06.2013 01:46:04 | Computer Name = Hans-Werner1 | Source = SideBySide | ID = 16842761 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\smarttools\access berichte-verteiler\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei "c:\program files\smarttools\access berichte-verteiler\adxloader.dll.Manifest" in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein. Error - 12.06.2013 01:46:06 | Computer Name = Hans-Werner1 | Source = SideBySide | ID = 16842761 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\smarttools\outlook em 2012-planer\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei "c:\program files\smarttools\outlook em 2012-planer\adxloader.dll.Manifest" in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein. Error - 14.06.2013 15:44:38 | Computer Name = Hans-Werner1 | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: SweetIM.exe, Version: 3.7.0.5, Zeitstempel: 0x4fc4c5d3 Name des fehlerhaften Moduls: ole32.DLL, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00039342 ID des fehlerhaften Prozesses: 0x11bc Startzeit der fehlerhaften Anwendung: 0x01ce6925a0928a68 Pfad der fehlerhaften Anwendung: C:\Program Files\SweetIM\Messenger\SweetIM.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\ole32.DLL Berichtskennung: d8885964-d52a-11e2-be49-1c4bd602d165 Error - 15.06.2013 11:50:32 | Computer Name = Hans-Werner1 | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: SweetIM.exe, Version: 3.7.0.5, Zeitstempel: 0x4fc4c5d3 Name des fehlerhaften Moduls: ole32.DLL, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00039342 ID des fehlerhaften Prozesses: 0x6b0 Startzeit der fehlerhaften Anwendung: 0x01ce69ae54226950 Pfad der fehlerhaften Anwendung: C:\Program Files\SweetIM\Messenger\SweetIM.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\ole32.DLL Berichtskennung: 4eba1253-d5d3-11e2-bdc1-1c4bd602d165 [ System Events ] Error - 13.12.2012 11:43:46 | Computer Name = Hans-Werner1 | Source = iaStor | ID = 262153 Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error - 13.12.2012 13:50:05 | Computer Name = Hans-Werner1 | Source = Microsoft-Windows-Application-Experience | ID = 205 Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht initialisieren. Error - 14.12.2012 03:53:46 | Computer Name = Hans-Werner1 | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: rseb Error - 14.12.2012 04:28:41 | Computer Name = Hans-Werner1 | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: rseb Error - 15.12.2012 06:26:40 | Computer Name = Hans-Werner1 | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: rseb Error - 15.12.2012 08:10:04 | Computer Name = Hans-Werner1 | Source = volsnap | ID = 393230 Description = Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers auf Volume "C:" abgebrochen. Error - 16.12.2012 07:35:54 | Computer Name = Hans-Werner1 | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: rseb Error - 16.12.2012 14:56:08 | Computer Name = Hans-Werner1 | Source = DCOM | ID = 10010 Description = Error - 17.12.2012 03:48:18 | Computer Name = Hans-Werner1 | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: rseb Error - 17.12.2012 08:33:37 | Computer Name = Hans-Werner1 | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: rseb < End of report > Ich hoffe, dass ich das hier richtig gemacht habe und das mir jemand helfen kann. Ganz liebe Grüße Hans-Werner |
15.06.2013, 18:38 | #2 |
/// Malware-holic | wssetup von perion network ltd kommt immer nach Start des PC Hi,
__________________Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
15.06.2013, 18:57 | #3 |
| wssetup von perion network ltd kommt immer nach Start des PC Hallo Markusg,
__________________schön was Du mir helfen möchtest. Hier der Inhalt der Datei: 19:50:39.0572 8036 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 19:50:40.0116 8036 ============================================================ 19:50:40.0116 8036 Current date / time: 2013/06/15 19:50:40.0116 19:50:40.0116 8036 SystemInfo: 19:50:40.0116 8036 19:50:40.0116 8036 OS Version: 6.1.7601 ServicePack: 1.0 19:50:40.0116 8036 Product type: Workstation 19:50:40.0116 8036 ComputerName: HANS-WERNER1 19:50:40.0116 8036 UserName: Hans-Werner 19:50:40.0116 8036 Windows directory: C:\Windows 19:50:40.0116 8036 System windows directory: C:\Windows 19:50:40.0116 8036 Processor architecture: Intel x86 19:50:40.0116 8036 Number of processors: 2 19:50:40.0116 8036 Page size: 0x1000 19:50:40.0116 8036 Boot type: Normal boot 19:50:40.0116 8036 ============================================================ 19:50:40.0855 8036 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 19:50:40.0860 8036 Drive \Device\Harddisk2\DR2 - Size: 0x45DECD2000 (279.48 Gb), SectorSize: 0x200, Cylinders: 0x8E83, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 19:50:40.0880 8036 ============================================================ 19:50:40.0880 8036 \Device\Harddisk0\DR0: 19:50:40.0881 8036 MBR partitions: 19:50:40.0881 8036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 19:50:40.0881 8036 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F4D3000 19:50:40.0881 8036 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6F505800, BlocksNum 0x5000000 19:50:40.0881 8036 \Device\Harddisk2\DR2: 19:50:40.0882 8036 MBR partitions: 19:50:40.0882 8036 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EF2A84 19:50:40.0882 8036 ============================================================ 19:50:40.0907 8036 C: <-> \Device\Harddisk0\DR0\Partition2 19:50:40.0957 8036 D: <-> \Device\Harddisk0\DR0\Partition3 19:50:40.0977 8036 F: <-> \Device\Harddisk2\DR2\Partition1 19:50:40.0977 8036 ============================================================ 19:50:40.0977 8036 Initialize success 19:50:40.0977 8036 ============================================================ 19:51:30.0295 3368 ============================================================ 19:51:30.0295 3368 Scan started 19:51:30.0295 3368 Mode: Manual; SigCheck; TDLFS; 19:51:30.0295 3368 ============================================================ 19:51:30.0619 3368 ================ Scan system memory ======================== 19:51:30.0619 3368 System memory - ok 19:51:30.0619 3368 ================ Scan services ============================= 19:51:30.0881 3368 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 19:51:31.0351 3368 1394ohci - ok 19:51:31.0505 3368 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 19:51:31.0535 3368 ACDaemon - ok 19:51:31.0606 3368 [ 553BA53445795CBC0D4F9FA37EB855A6 ] acedrv10 C:\Windows\system32\drivers\acedrv10.sys 19:51:31.0628 3368 acedrv10 - ok 19:51:31.0648 3368 [ 8CE00B6A46962A1808B19CD1DAE5170C ] acehlp10 C:\Windows\system32\drivers\acehlp10.sys 19:51:31.0667 3368 acehlp10 - ok 19:51:31.0688 3368 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys 19:51:31.0710 3368 ACPI - ok 19:51:31.0755 3368 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 19:51:31.0842 3368 AcpiPmi - ok 19:51:31.0876 3368 [ 6D182C31ACF16213407F2768F1107FE3 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe 19:51:31.0934 3368 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning 19:51:31.0934 3368 Adobe LM Service - detected UnsignedFile.Multi.Generic (1) 19:51:32.0047 3368 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 19:51:32.0068 3368 AdobeARMservice - ok 19:51:32.0150 3368 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 19:51:32.0186 3368 AdobeFlashPlayerUpdateSvc - ok 19:51:32.0257 3368 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 19:51:32.0283 3368 adp94xx - ok 19:51:32.0340 3368 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 19:51:32.0362 3368 adpahci - ok 19:51:32.0374 3368 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 19:51:32.0395 3368 adpu320 - ok 19:51:32.0438 3368 [ 8D155386B3B032EA7513E19F8C8F80A7 ] AegisP C:\Windows\system32\DRIVERS\AegisP.sys 19:51:32.0680 3368 AegisP ( UnsignedFile.Multi.Generic ) - warning 19:51:32.0680 3368 AegisP - detected UnsignedFile.Multi.Generic (1) 19:51:32.0743 3368 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 19:51:32.0842 3368 AeLookupSvc - ok 19:51:32.0877 3368 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\Windows\system32\drivers\Afc.sys 19:51:32.0897 3368 Afc - ok 19:51:32.0976 3368 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys 19:51:33.0044 3368 AFD - ok 19:51:33.0059 3368 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys 19:51:33.0078 3368 agp440 - ok 19:51:33.0111 3368 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys 19:51:33.0129 3368 aic78xx - ok 19:51:33.0151 3368 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe 19:51:33.0172 3368 ALG - ok 19:51:33.0206 3368 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys 19:51:33.0225 3368 aliide - ok 19:51:33.0244 3368 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys 19:51:33.0264 3368 amdagp - ok 19:51:33.0301 3368 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys 19:51:33.0320 3368 amdide - ok 19:51:33.0348 3368 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 19:51:33.0401 3368 AmdK8 - ok 19:51:33.0423 3368 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 19:51:33.0499 3368 AmdPPM - ok 19:51:33.0519 3368 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys 19:51:33.0545 3368 amdsata - ok 19:51:33.0557 3368 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 19:51:33.0579 3368 amdsbs - ok 19:51:33.0588 3368 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys 19:51:33.0608 3368 amdxata - ok 19:51:33.0715 3368 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 19:51:33.0732 3368 AntiVirSchedulerService - ok 19:51:33.0794 3368 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 19:51:33.0810 3368 AntiVirService - ok 19:51:33.0871 3368 [ 9EDAE2D1CA368E8D01BEE8BFBC9488E4 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE 19:51:33.0895 3368 AntiVirWebService - ok 19:51:33.0944 3368 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys 19:51:34.0057 3368 AppID - ok 19:51:34.0095 3368 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 19:51:34.0272 3368 AppIDSvc - ok 19:51:34.0311 3368 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll 19:51:34.0473 3368 Appinfo - ok 19:51:34.0495 3368 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys 19:51:34.0514 3368 arc - ok 19:51:34.0530 3368 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 19:51:34.0550 3368 arcsas - ok 19:51:34.0556 3368 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 19:51:34.0646 3368 AsyncMac - ok 19:51:34.0664 3368 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys 19:51:34.0682 3368 atapi - ok 19:51:34.0733 3368 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 19:51:34.0799 3368 AudioEndpointBuilder - ok 19:51:34.0811 3368 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll 19:51:34.0857 3368 Audiosrv - ok 19:51:34.0897 3368 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 19:51:34.0933 3368 avgntflt - ok 19:51:35.0011 3368 [ 02A43ADBA362B89B7D5715221D5F3010 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys 19:51:35.0029 3368 avgtp - ok 19:51:35.0069 3368 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 19:51:35.0088 3368 avipbb - ok 19:51:35.0137 3368 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 19:51:35.0154 3368 avkmgr - ok 19:51:35.0193 3368 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll 19:51:35.0243 3368 AxInstSV - ok 19:51:35.0273 3368 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys 19:51:35.0315 3368 b06bdrv - ok 19:51:35.0343 3368 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 19:51:35.0382 3368 b57nd60x - ok 19:51:35.0473 3368 [ 6771D6F3A244379EEEEF55E8A6050CBD ] BackupBoxService C:\Program Files\abylonsoft\Backup-Tube\BackupBoxService.EXE 19:51:35.0503 3368 BackupBoxService - ok 19:51:35.0566 3368 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll 19:51:35.0600 3368 BDESVC - ok 19:51:35.0630 3368 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys 19:51:35.0736 3368 Beep - ok 19:51:35.0836 3368 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll 19:51:36.0005 3368 BFE - ok 19:51:36.0064 3368 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll 19:51:36.0123 3368 BITS - ok 19:51:36.0143 3368 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 19:51:36.0180 3368 blbdrive - ok 19:51:36.0221 3368 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 19:51:36.0347 3368 bowser - ok 19:51:36.0366 3368 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 19:51:36.0475 3368 BrFiltLo - ok 19:51:36.0501 3368 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 19:51:36.0532 3368 BrFiltUp - ok 19:51:36.0565 3368 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll 19:51:36.0615 3368 Browser - ok 19:51:36.0774 3368 [ 013A330F16B1CECBDE5CB6F921689523 ] BrowserDefendert C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe 19:51:36.0876 3368 BrowserDefendert - ok 19:51:36.0897 3368 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys 19:51:36.0935 3368 Brserid - ok 19:51:36.0950 3368 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 19:51:36.0990 3368 BrSerWdm - ok 19:51:37.0003 3368 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 19:51:37.0069 3368 BrUsbMdm - ok 19:51:37.0089 3368 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 19:51:37.0215 3368 BrUsbSer - ok 19:51:37.0277 3368 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 19:51:37.0441 3368 BthEnum - ok 19:51:37.0447 3368 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 19:51:37.0538 3368 BTHMODEM - ok 19:51:37.0579 3368 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 19:51:37.0636 3368 BthPan - ok 19:51:37.0695 3368 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 19:51:37.0791 3368 BTHPORT - ok 19:51:37.0876 3368 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll 19:51:37.0934 3368 bthserv - ok 19:51:37.0970 3368 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 19:51:37.0998 3368 BTHUSB - ok 19:51:38.0050 3368 [ 92C5B845803F3662637EB691AC0B250F ] btusbflt C:\Windows\system32\drivers\btusbflt.sys 19:51:38.0068 3368 btusbflt - ok 19:51:38.0105 3368 [ D57D29132EFE13A83133D9BD449E0CF1 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 19:51:38.0122 3368 btwaudio - ok 19:51:38.0185 3368 [ D282C14A69357D0E1BAFAECC2CA98C3A ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys 19:51:38.0210 3368 btwavdt - ok 19:51:38.0294 3368 [ F7434401AE320BB97903A3C1865242FB ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 19:51:38.0318 3368 btwdins - ok 19:51:38.0339 3368 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys 19:51:38.0352 3368 btwl2cap - ok 19:51:38.0386 3368 [ 02EB4D2B05967DF2D32F29C84AB1FB17 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 19:51:38.0401 3368 btwrchid - ok 19:51:38.0427 3368 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 19:51:38.0546 3368 cdfs - ok 19:51:38.0594 3368 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 19:51:38.0680 3368 cdrom - ok 19:51:38.0736 3368 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll 19:51:38.0815 3368 CertPropSvc - ok 19:51:38.0828 3368 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 19:51:38.0858 3368 circlass - ok 19:51:38.0880 3368 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys 19:51:38.0903 3368 CLFS - ok 19:51:38.0985 3368 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:51:39.0004 3368 clr_optimization_v2.0.50727_32 - ok 19:51:39.0109 3368 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 19:51:39.0130 3368 clr_optimization_v4.0.30319_32 - ok 19:51:39.0202 3368 [ 934F4153380EDB6809EB9231C6B5F2A9 ] CltMngSvc C:\Program Files\SearchProtect\bin\CltMngSvc.exe 19:51:39.0226 3368 CltMngSvc - ok 19:51:39.0233 3368 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 19:51:39.0258 3368 CmBatt - ok 19:51:39.0277 3368 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys 19:51:39.0295 3368 cmdide - ok 19:51:39.0330 3368 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys 19:51:39.0382 3368 CNG - ok 19:51:39.0404 3368 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 19:51:39.0461 3368 Compbatt - ok 19:51:39.0508 3368 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 19:51:39.0575 3368 CompositeBus - ok 19:51:39.0583 3368 COMSysApp - ok 19:51:39.0612 3368 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 19:51:39.0631 3368 crcdisk - ok 19:51:39.0690 3368 [ 3897DFF247D9ED0006190349DE264E14 ] CryptSvc C:\Windows\system32\cryptsvc.dll 19:51:39.0736 3368 CryptSvc - ok 19:51:39.0788 3368 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll 19:51:39.0865 3368 DcomLaunch - ok 19:51:39.0908 3368 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll 19:51:39.0973 3368 defragsvc - ok 19:51:40.0009 3368 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 19:51:40.0077 3368 DfsC - ok 19:51:40.0121 3368 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll 19:51:40.0230 3368 Dhcp - ok 19:51:40.0237 3368 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys 19:51:40.0274 3368 discache - ok 19:51:40.0311 3368 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys 19:51:40.0329 3368 Disk - ok 19:51:40.0412 3368 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 19:51:40.0476 3368 Dnscache - ok 19:51:40.0525 3368 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll 19:51:40.0723 3368 dot3svc - ok 19:51:40.0767 3368 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll 19:51:40.0894 3368 DPS - ok 19:51:40.0952 3368 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 19:51:41.0061 3368 drmkaud - ok 19:51:41.0122 3368 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 19:51:41.0152 3368 DXGKrnl - ok 19:51:41.0188 3368 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll 19:51:41.0243 3368 EapHost - ok 19:51:41.0328 3368 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys 19:51:41.0388 3368 ebdrv - ok 19:51:41.0432 3368 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe 19:51:41.0544 3368 EFS - ok 19:51:41.0592 3368 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 19:51:41.0633 3368 ehRecvr - ok 19:51:41.0661 3368 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe 19:51:41.0690 3368 ehSched - ok 19:51:41.0713 3368 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 19:51:41.0739 3368 elxstor - ok 19:51:41.0779 3368 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys 19:51:41.0822 3368 ErrDev - ok 19:51:41.0860 3368 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll 19:51:41.0915 3368 EventSystem - ok 19:51:41.0931 3368 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys 19:51:41.0980 3368 exfat - ok 19:51:41.0992 3368 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys 19:51:42.0026 3368 fastfat - ok 19:51:42.0100 3368 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe 19:51:42.0208 3368 Fax - ok 19:51:42.0226 3368 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 19:51:42.0297 3368 fdc - ok 19:51:42.0337 3368 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll 19:51:42.0418 3368 fdPHost - ok 19:51:42.0444 3368 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll 19:51:42.0668 3368 FDResPub - ok 19:51:42.0691 3368 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 19:51:42.0710 3368 FileInfo - ok 19:51:42.0722 3368 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 19:51:42.0780 3368 Filetrace - ok 19:51:42.0919 3368 [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe 19:51:42.0993 3368 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning 19:51:42.0993 3368 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1) 19:51:43.0018 3368 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 19:51:43.0085 3368 flpydisk - ok 19:51:43.0122 3368 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 19:51:43.0144 3368 FltMgr - ok 19:51:43.0202 3368 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll 19:51:43.0259 3368 FontCache - ok 19:51:43.0331 3368 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 19:51:43.0359 3368 FontCache3.0.0.0 - ok 19:51:43.0381 3368 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 19:51:43.0399 3368 FsDepends - ok 19:51:43.0445 3368 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 19:51:43.0464 3368 Fs_Rec - ok 19:51:43.0525 3368 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 19:51:43.0556 3368 fvevol - ok 19:51:43.0609 3368 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 19:51:43.0628 3368 gagp30kx - ok 19:51:43.0677 3368 [ C1049F3D658F33D0D64CC48B0DCCCF08 ] genport C:\Program Files\RemoteKeySrv\GenPort.sys 19:51:43.0915 3368 genport ( UnsignedFile.Multi.Generic ) - warning 19:51:43.0915 3368 genport - detected UnsignedFile.Multi.Generic (1) 19:51:43.0966 3368 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll 19:51:44.0040 3368 gpsvc - ok 19:51:44.0117 3368 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 19:51:44.0145 3368 gupdate - ok 19:51:44.0173 3368 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 19:51:44.0190 3368 gupdatem - ok 19:51:44.0198 3368 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 19:51:44.0286 3368 hcw85cir - ok 19:51:44.0352 3368 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 19:51:44.0392 3368 HdAudAddService - ok 19:51:44.0444 3368 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 19:51:44.0486 3368 HDAudBus - ok 19:51:44.0499 3368 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 19:51:44.0526 3368 HidBatt - ok 19:51:44.0557 3368 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 19:51:44.0617 3368 HidBth - ok 19:51:44.0625 3368 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 19:51:44.0645 3368 HidIr - ok 19:51:44.0729 3368 [ 1FAB2540C1BD6DA847CCD292F4EEE48A ] hidkmdf C:\Windows\system32\DRIVERS\hidkmdf.sys 19:51:44.0754 3368 hidkmdf - ok 19:51:44.0820 3368 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll 19:51:44.0872 3368 hidserv - ok 19:51:44.0907 3368 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 19:51:44.0966 3368 HidUsb - ok 19:51:45.0007 3368 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll 19:51:45.0215 3368 hkmsvc - ok 19:51:45.0255 3368 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 19:51:45.0300 3368 HomeGroupListener - ok 19:51:45.0350 3368 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 19:51:45.0479 3368 HomeGroupProvider - ok 19:51:45.0511 3368 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 19:51:45.0531 3368 HpSAMD - ok 19:51:45.0572 3368 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys 19:51:45.0611 3368 HTTP - ok 19:51:45.0654 3368 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 19:51:45.0674 3368 hwpolicy - ok 19:51:45.0723 3368 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 19:51:45.0755 3368 i8042prt - ok 19:51:45.0804 3368 [ 5A6C5876FB84418D08D67B8CAED5EFCF ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 19:51:45.0829 3368 iaStor - ok 19:51:45.0898 3368 [ DE9560E9703BFE1BD08014A406BE0033 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 19:51:45.0917 3368 IAStorDataMgrSvc - ok 19:51:45.0975 3368 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 19:51:46.0000 3368 iaStorV - ok 19:51:46.0082 3368 [ 0EC38F6D0DB84900B00FA8AA0E822948 ] IBUpdaterService C:\Windows\system32\dmwu.exe 19:51:46.0121 3368 IBUpdaterService - ok 19:51:46.0217 3368 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 19:51:46.0233 3368 IDriverT ( UnsignedFile.Multi.Generic ) - warning 19:51:46.0233 3368 IDriverT - detected UnsignedFile.Multi.Generic (1) 19:51:46.0325 3368 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 19:51:46.0357 3368 idsvc - ok 19:51:46.0384 3368 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 19:51:46.0468 3368 iirsp - ok 19:51:46.0530 3368 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll 19:51:46.0649 3368 IKEEXT - ok 19:51:46.0779 3368 [ BA9A1F572D1A91559E6E76504CFD381C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 19:51:46.0891 3368 IntcAzAudAddService - ok 19:51:46.0921 3368 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys 19:51:46.0941 3368 intelide - ok 19:51:46.0956 3368 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 19:51:47.0005 3368 intelppm - ok 19:51:47.0024 3368 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 19:51:47.0144 3368 IPBusEnum - ok 19:51:47.0163 3368 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:51:47.0222 3368 IpFilterDriver - ok 19:51:47.0280 3368 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 19:51:47.0396 3368 iphlpsvc - ok 19:51:47.0426 3368 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 19:51:47.0506 3368 IPMIDRV - ok 19:51:47.0514 3368 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys 19:51:47.0640 3368 IPNAT - ok 19:51:47.0665 3368 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys 19:51:47.0717 3368 IRENUM - ok 19:51:47.0736 3368 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys 19:51:47.0755 3368 isapnp - ok 19:51:47.0797 3368 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 19:51:47.0817 3368 iScsiPrt - ok 19:51:47.0839 3368 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 19:51:47.0858 3368 kbdclass - ok 19:51:47.0904 3368 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 19:51:47.0946 3368 kbdhid - ok 19:51:47.0952 3368 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe 19:51:47.0977 3368 KeyIso - ok 19:51:48.0012 3368 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 19:51:48.0031 3368 KSecDD - ok 19:51:48.0059 3368 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 19:51:48.0080 3368 KSecPkg - ok 19:51:48.0133 3368 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll 19:51:48.0269 3368 KtmRm - ok 19:51:48.0300 3368 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll 19:51:48.0342 3368 LanmanServer - ok 19:51:48.0361 3368 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 19:51:48.0419 3368 LanmanWorkstation - ok 19:51:48.0546 3368 [ 910344E2A984010435AE84783B25E5EB ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe 19:51:48.0569 3368 LBTServ - ok 19:51:48.0634 3368 [ 717E6714BCA808F2A372E636AFF3D15A ] LEqdUsb C:\Windows\system32\Drivers\LEqdUsb.Sys 19:51:48.0687 3368 LEqdUsb - ok 19:51:48.0735 3368 [ 2786F7B4003ADFF88CE28BC1800B5407 ] LHidEqd C:\Windows\system32\Drivers\LHidEqd.Sys 19:51:48.0755 3368 LHidEqd - ok 19:51:48.0824 3368 [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys 19:51:48.0842 3368 LHidFilt - ok 19:51:48.0882 3368 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 19:51:48.0947 3368 lltdio - ok 19:51:48.0992 3368 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll 19:51:49.0064 3368 lltdsvc - ok 19:51:49.0096 3368 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll 19:51:49.0147 3368 lmhosts - ok 19:51:49.0163 3368 [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys 19:51:49.0182 3368 LMouFilt - ok 19:51:49.0226 3368 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 19:51:49.0247 3368 LSI_FC - ok 19:51:49.0267 3368 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 19:51:49.0286 3368 LSI_SAS - ok 19:51:49.0297 3368 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 19:51:49.0317 3368 LSI_SAS2 - ok 19:51:49.0332 3368 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 19:51:49.0352 3368 LSI_SCSI - ok 19:51:49.0368 3368 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys 19:51:49.0405 3368 luafv - ok 19:51:49.0479 3368 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe 19:51:49.0500 3368 McComponentHostService - ok 19:51:49.0541 3368 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 19:51:49.0564 3368 Mcx2Svc - ok 19:51:49.0644 3368 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 19:51:49.0667 3368 MDM - ok 19:51:49.0689 3368 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 19:51:49.0709 3368 megasas - ok 19:51:49.0729 3368 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 19:51:49.0752 3368 MegaSR - ok 19:51:49.0792 3368 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll 19:51:49.0844 3368 MMCSS - ok 19:51:49.0868 3368 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys 19:51:49.0916 3368 Modem - ok 19:51:49.0953 3368 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 19:51:49.0996 3368 monitor - ok 19:51:50.0029 3368 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 19:51:50.0047 3368 mouclass - ok 19:51:50.0054 3368 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 19:51:50.0103 3368 mouhid - ok 19:51:50.0138 3368 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 19:51:50.0196 3368 mountmgr - ok 19:51:50.0234 3368 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys 19:51:50.0258 3368 mpio - ok 19:51:50.0271 3368 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 19:51:50.0429 3368 mpsdrv - ok 19:51:50.0483 3368 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll 19:51:50.0553 3368 MpsSvc - ok 19:51:50.0603 3368 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 19:51:50.0638 3368 MRxDAV - ok 19:51:50.0679 3368 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 19:51:50.0730 3368 mrxsmb - ok 19:51:50.0749 3368 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:51:50.0782 3368 mrxsmb10 - ok 19:51:50.0815 3368 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:51:50.0837 3368 mrxsmb20 - ok 19:51:50.0849 3368 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys 19:51:50.0879 3368 msahci - ok 19:51:50.0935 3368 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys 19:51:50.0955 3368 msdsm - ok 19:51:50.0974 3368 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe 19:51:51.0027 3368 MSDTC - ok 19:51:51.0053 3368 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys 19:51:51.0104 3368 Msfs - ok 19:51:51.0123 3368 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 19:51:51.0185 3368 mshidkmdf - ok 19:51:51.0230 3368 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 19:51:51.0249 3368 msisadrv - ok 19:51:51.0297 3368 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 19:51:51.0336 3368 MSiSCSI - ok 19:51:51.0343 3368 msiserver - ok 19:51:51.0375 3368 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 19:51:51.0408 3368 MSKSSRV - ok 19:51:51.0442 3368 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 19:51:51.0475 3368 MSPCLOCK - ok 19:51:51.0501 3368 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 19:51:51.0558 3368 MSPQM - ok 19:51:51.0581 3368 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 19:51:51.0619 3368 MsRPC - ok 19:51:51.0629 3368 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 19:51:51.0649 3368 mssmbios - ok 19:51:51.0672 3368 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 19:51:51.0731 3368 MSTEE - ok 19:51:51.0753 3368 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 19:51:51.0885 3368 MTConfig - ok 19:51:51.0908 3368 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys 19:51:52.0017 3368 Mup - ok 19:51:52.0063 3368 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll 19:51:52.0132 3368 napagent - ok 19:51:52.0195 3368 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 19:51:52.0220 3368 NativeWifiP - ok 19:51:52.0277 3368 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys 19:51:52.0307 3368 NDIS - ok 19:51:52.0332 3368 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 19:51:52.0465 3368 NdisCap - ok 19:51:52.0493 3368 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 19:51:52.0560 3368 NdisTapi - ok 19:51:52.0608 3368 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 19:51:52.0680 3368 Ndisuio - ok 19:51:52.0720 3368 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 19:51:52.0776 3368 NdisWan - ok 19:51:52.0812 3368 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 19:51:52.0844 3368 NDProxy - ok 19:51:52.0857 3368 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 19:51:52.0915 3368 NetBIOS - ok 19:51:52.0962 3368 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 19:51:53.0008 3368 NetBT - ok 19:51:53.0032 3368 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe 19:51:53.0074 3368 Netlogon - ok 19:51:53.0128 3368 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll 19:51:53.0204 3368 Netman - ok 19:51:53.0215 3368 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll 19:51:53.0327 3368 netprofm - ok 19:51:53.0358 3368 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 19:51:53.0376 3368 NetTcpPortSharing - ok 19:51:53.0410 3368 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 19:51:53.0441 3368 nfrd960 - ok 19:51:53.0481 3368 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll 19:51:53.0510 3368 NlaSvc - ok 19:51:53.0525 3368 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys 19:51:53.0578 3368 Npfs - ok 19:51:53.0599 3368 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll 19:51:53.0650 3368 nsi - ok 19:51:53.0678 3368 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 19:51:53.0712 3368 nsiproxy - ok 19:51:53.0775 3368 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 19:51:53.0814 3368 Ntfs - ok 19:51:53.0850 3368 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys 19:51:53.0917 3368 Null - ok 19:51:53.0979 3368 [ 77F9F9A199B87FE3F852E12F5419240B ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys 19:51:54.0007 3368 NVHDA - ok 19:51:54.0219 3368 [ 1CCE9097830775F447DD78BD1B35FC8E ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 19:51:54.0381 3368 nvlddmkm - ok 19:51:54.0417 3368 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys 19:51:54.0438 3368 nvraid - ok 19:51:54.0485 3368 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys 19:51:54.0505 3368 nvstor - ok 19:51:54.0592 3368 [ 0136C91BBD22751D79940E62AC95195F ] nvsvc C:\Windows\system32\nvvsvc.exe 19:51:54.0623 3368 nvsvc - ok 19:51:54.0688 3368 [ 3D0A45F8F033B4DAE58D96601991A3AE ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 19:51:54.0760 3368 nvUpdatusService - ok 19:51:54.0784 3368 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 19:51:54.0806 3368 nv_agp - ok 19:51:54.0847 3368 [ F1A718C6C6CD3EDF157FA3D459ADFEF7 ] NW1950 C:\Windows\system32\DRIVERS\NW1950.sys 19:51:54.0864 3368 NW1950 - ok 19:51:54.0904 3368 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 19:51:55.0020 3368 ohci1394 - ok 19:51:55.0076 3368 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 19:51:55.0093 3368 ose - ok 19:51:55.0115 3368 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 19:51:55.0159 3368 p2pimsvc - ok 19:51:55.0192 3368 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll 19:51:55.0282 3368 p2psvc - ok 19:51:55.0327 3368 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys 19:51:55.0362 3368 Parport - ok 19:51:55.0404 3368 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys 19:51:55.0424 3368 partmgr - ok 19:51:55.0447 3368 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys 19:51:55.0482 3368 Parvdm - ok 19:51:55.0508 3368 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll 19:51:55.0570 3368 PcaSvc - ok 19:51:55.0592 3368 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys 19:51:55.0617 3368 pci - ok 19:51:55.0663 3368 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys 19:51:55.0682 3368 pciide - ok 19:51:55.0704 3368 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 19:51:55.0728 3368 pcmcia - ok 19:51:55.0750 3368 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys 19:51:55.0770 3368 pcw - ok 19:51:55.0796 3368 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys 19:51:55.0907 3368 PEAUTH - ok 19:51:55.0987 3368 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll 19:51:56.0071 3368 pla - ok 19:51:56.0136 3368 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll 19:51:56.0188 3368 PlugPlay - ok 19:51:56.0199 3368 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 19:51:56.0383 3368 PNRPAutoReg - ok 19:51:56.0399 3368 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 19:51:56.0428 3368 PNRPsvc - ok 19:51:56.0476 3368 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 19:51:56.0556 3368 PolicyAgent - ok 19:51:56.0605 3368 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll 19:51:56.0661 3368 Power - ok 19:51:56.0682 3368 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 19:51:56.0720 3368 PptpMiniport - ok 19:51:56.0746 3368 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys 19:51:56.0779 3368 Processor - ok 19:51:56.0838 3368 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll 19:51:56.0876 3368 ProfSvc - ok 19:51:56.0899 3368 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe 19:51:56.0924 3368 ProtectedStorage - ok 19:51:56.0977 3368 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys 19:51:57.0019 3368 Psched - ok 19:51:57.0062 3368 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 19:51:57.0103 3368 ql2300 - ok 19:51:57.0111 3368 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 19:51:57.0132 3368 ql40xx - ok 19:51:57.0163 3368 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll 19:51:57.0232 3368 QWAVE - ok 19:51:57.0258 3368 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 19:51:57.0290 3368 QWAVEdrv - ok 19:51:57.0350 3368 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll 19:51:57.0370 3368 RapiMgr - ok 19:51:57.0395 3368 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 19:51:57.0439 3368 RasAcd - ok 19:51:57.0465 3368 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 19:51:57.0519 3368 RasAgileVpn - ok 19:51:57.0545 3368 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll 19:51:57.0628 3368 RasAuto - ok 19:51:57.0653 3368 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 19:51:57.0691 3368 Rasl2tp - ok 19:51:57.0732 3368 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll 19:51:57.0797 3368 RasMan - ok 19:51:57.0809 3368 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 19:51:57.0854 3368 RasPppoe - ok 19:51:57.0861 3368 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 19:51:57.0934 3368 RasSstp - ok 19:51:57.0958 3368 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 19:51:58.0023 3368 rdbss - ok 19:51:58.0046 3368 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 19:51:58.0081 3368 rdpbus - ok 19:51:58.0120 3368 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 19:51:58.0176 3368 RDPCDD - ok 19:51:58.0204 3368 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 19:51:58.0250 3368 RDPENCDD - ok 19:51:58.0271 3368 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 19:51:58.0320 3368 RDPREFMP - ok 19:51:58.0377 3368 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 19:51:58.0421 3368 RdpVideoMiniport - ok 19:51:58.0471 3368 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 19:51:58.0553 3368 RDPWD - ok 19:51:58.0598 3368 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 19:51:58.0619 3368 rdyboost - ok 19:51:58.0662 3368 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll 19:51:58.0767 3368 RemoteAccess - ok 19:51:58.0804 3368 [ F8B45E293FCAACB7C32495CAFB969752 ] RemoteKeySrv C:\Program Files\RemoteKeySrv\RemoteKeySrv.exe 19:51:58.0825 3368 RemoteKeySrv ( UnsignedFile.Multi.Generic ) - warning 19:51:58.0825 3368 RemoteKeySrv - detected UnsignedFile.Multi.Generic (1) 19:51:58.0839 3368 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll 19:51:58.0892 3368 RemoteRegistry - ok 19:51:58.0953 3368 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 19:51:58.0993 3368 RFCOMM - ok 19:51:59.0117 3368 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe 19:51:59.0157 3368 RichVideo ( UnsignedFile.Multi.Generic ) - warning 19:51:59.0157 3368 RichVideo - detected UnsignedFile.Multi.Generic (1) 19:51:59.0183 3368 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 19:51:59.0251 3368 RpcEptMapper - ok 19:51:59.0290 3368 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe 19:51:59.0333 3368 RpcLocator - ok 19:51:59.0355 3368 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll 19:51:59.0404 3368 RpcSs - ok 19:51:59.0411 3368 rseb - ok 19:51:59.0428 3368 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 19:51:59.0486 3368 rspndr - ok 19:51:59.0526 3368 [ B87F999E05DD9C0312C83A8752E8E66B ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys 19:51:59.0560 3368 RSUSBSTOR - ok 19:51:59.0615 3368 [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys 19:51:59.0637 3368 RTL8167 - ok 19:51:59.0699 3368 [ B5E9979FBB26FC059BD87A81F763D5DA ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys 19:51:59.0742 3368 rtl8192se - ok 19:51:59.0765 3368 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe 19:51:59.0788 3368 SamSs - ok 19:51:59.0844 3368 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 19:51:59.0862 3368 sbp2port - ok 19:51:59.0880 3368 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll 19:51:59.0913 3368 SCardSvr - ok 19:51:59.0947 3368 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 19:52:00.0036 3368 scfilter - ok 19:52:00.0089 3368 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll 19:52:00.0218 3368 Schedule - ok 19:52:00.0237 3368 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll 19:52:00.0285 3368 SCPolicySvc - ok 19:52:00.0318 3368 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll 19:52:00.0371 3368 SDRSVC - ok 19:52:00.0498 3368 [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\Hans-Werner\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe 19:52:00.0523 3368 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning 19:52:00.0523 3368 SearchAnonymizer - detected UnsignedFile.Multi.Generic (1) 19:52:00.0544 3368 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 19:52:00.0589 3368 secdrv - ok 19:52:00.0611 3368 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll 19:52:00.0663 3368 seclogon - ok 19:52:00.0670 3368 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll 19:52:00.0717 3368 SENS - ok 19:52:00.0740 3368 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll 19:52:00.0804 3368 SensrSvc - ok 19:52:00.0820 3368 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 19:52:00.0897 3368 Serenum - ok 19:52:00.0908 3368 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys 19:52:00.0935 3368 Serial - ok 19:52:00.0970 3368 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 19:52:01.0009 3368 sermouse - ok 19:52:01.0062 3368 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll 19:52:01.0124 3368 SessionEnv - ok 19:52:01.0158 3368 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 19:52:01.0204 3368 sffdisk - ok 19:52:01.0224 3368 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 19:52:01.0267 3368 sffp_mmc - ok 19:52:01.0285 3368 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 19:52:01.0307 3368 sffp_sd - ok 19:52:01.0313 3368 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 19:52:01.0332 3368 sfloppy - ok 19:52:01.0394 3368 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll 19:52:01.0482 3368 SharedAccess - ok 19:52:01.0513 3368 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 19:52:01.0590 3368 ShellHWDetection - ok 19:52:01.0656 3368 [ 3EAD8E1668CE42A0AFE41D56E7157BCF ] silabenm C:\Windows\system32\DRIVERS\silabenm.sys 19:52:01.0704 3368 silabenm - ok 19:52:01.0754 3368 [ B77C60B4A7848057BDCD0AA07299E8F3 ] silabser C:\Windows\system32\DRIVERS\silabser.sys 19:52:01.0786 3368 silabser - ok 19:52:01.0828 3368 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys 19:52:01.0849 3368 sisagp - ok 19:52:01.0888 3368 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 19:52:01.0908 3368 SiSRaid2 - ok 19:52:01.0918 3368 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 19:52:01.0940 3368 SiSRaid4 - ok 19:52:01.0964 3368 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys 19:52:02.0011 3368 Smb - ok 19:52:02.0055 3368 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 19:52:02.0083 3368 SNMPTRAP - ok 19:52:02.0104 3368 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys 19:52:02.0125 3368 spldr - ok 19:52:02.0186 3368 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe 19:52:02.0304 3368 Spooler - ok 19:52:02.0397 3368 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe 19:52:02.0511 3368 sppsvc - ok 19:52:02.0575 3368 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll 19:52:02.0673 3368 sppuinotify - ok 19:52:02.0746 3368 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys 19:52:02.0880 3368 srv - ok 19:52:02.0905 3368 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 19:52:02.0929 3368 srv2 - ok 19:52:02.0964 3368 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 19:52:02.0999 3368 srvnet - ok 19:52:03.0024 3368 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 19:52:03.0064 3368 SSDPSRV - ok 19:52:03.0137 3368 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys 19:52:03.0164 3368 ssmdrv - ok 19:52:03.0185 3368 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll 19:52:03.0285 3368 SstpSvc - ok 19:52:03.0373 3368 [ 17FC2EAD763F0237457817A753A5A676 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 19:52:03.0410 3368 Stereo Service - ok 19:52:03.0430 3368 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 19:52:03.0449 3368 stexstor - ok 19:52:03.0484 3368 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll 19:52:03.0579 3368 StiSvc - ok 19:52:03.0636 3368 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys 19:52:03.0655 3368 swenum - ok 19:52:03.0679 3368 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll 19:52:03.0742 3368 swprv - ok 19:52:03.0813 3368 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll 19:52:03.0869 3368 SysMain - ok 19:52:03.0894 3368 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll 19:52:03.0979 3368 TabletInputService - ok 19:52:04.0029 3368 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll 19:52:04.0085 3368 TapiSrv - ok 19:52:04.0103 3368 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll 19:52:04.0178 3368 TBS - ok 19:52:04.0257 3368 [ D32FDAC73FCD76B85389C39BC1087F2A ] Tcpip C:\Windows\system32\drivers\tcpip.sys 19:52:04.0296 3368 Tcpip - ok 19:52:04.0348 3368 [ D32FDAC73FCD76B85389C39BC1087F2A ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 19:52:04.0389 3368 TCPIP6 - ok 19:52:04.0439 3368 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 19:52:04.0464 3368 tcpipreg - ok 19:52:04.0530 3368 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 19:52:04.0561 3368 TDPIPE - ok 19:52:04.0577 3368 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 19:52:04.0670 3368 TDTCP - ok 19:52:04.0713 3368 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 19:52:04.0746 3368 tdx - ok 19:52:04.0753 3368 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys 19:52:04.0773 3368 TermDD - ok 19:52:04.0828 3368 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll 19:52:04.0894 3368 TermService - ok 19:52:04.0914 3368 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll 19:52:04.0967 3368 Themes - ok 19:52:04.0993 3368 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll 19:52:05.0052 3368 THREADORDER - ok 19:52:05.0075 3368 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll 19:52:05.0128 3368 TrkWks - ok 19:52:05.0204 3368 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 19:52:05.0283 3368 TrustedInstaller - ok 19:52:05.0343 3368 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 19:52:05.0396 3368 tssecsrv - ok 19:52:05.0462 3368 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 19:52:05.0481 3368 TsUsbFlt - ok 19:52:05.0531 3368 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 19:52:05.0587 3368 tunnel - ok 19:52:05.0638 3368 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 19:52:05.0669 3368 uagp35 - ok 19:52:05.0705 3368 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys 19:52:05.0747 3368 udfs - ok 19:52:05.0783 3368 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 19:52:05.0835 3368 UI0Detect - ok 19:52:05.0866 3368 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 19:52:05.0885 3368 uliagpkx - ok 19:52:05.0932 3368 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys 19:52:05.0996 3368 umbus - ok 19:52:06.0004 3368 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 19:52:06.0027 3368 UmPass - ok 19:52:06.0055 3368 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll 19:52:06.0173 3368 upnphost - ok 19:52:06.0222 3368 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 19:52:06.0274 3368 usbccgp - ok 19:52:06.0319 3368 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys 19:52:06.0358 3368 usbcir - ok 19:52:06.0383 3368 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 19:52:06.0405 3368 usbehci - ok 19:52:06.0436 3368 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 19:52:06.0494 3368 usbhub - ok 19:52:06.0543 3368 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys 19:52:06.0563 3368 usbohci - ok 19:52:06.0607 3368 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 19:52:06.0637 3368 usbprint - ok 19:52:06.0701 3368 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 19:52:06.0750 3368 usbscan - ok 19:52:06.0766 3368 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:52:06.0802 3368 USBSTOR - ok 19:52:06.0821 3368 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 19:52:06.0842 3368 usbuhci - ok 19:52:06.0870 3368 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 19:52:06.0893 3368 usbvideo - ok 19:52:06.0908 3368 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll 19:52:06.0984 3368 UxSms - ok 19:52:06.0999 3368 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe 19:52:07.0018 3368 VaultSvc - ok 19:52:07.0035 3368 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 19:52:07.0053 3368 vdrvroot - ok 19:52:07.0102 3368 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe 19:52:07.0156 3368 vds - ok 19:52:07.0176 3368 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 19:52:07.0197 3368 vga - ok 19:52:07.0224 3368 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys 19:52:07.0263 3368 VgaSave - ok 19:52:07.0286 3368 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 19:52:07.0308 3368 vhdmp - ok 19:52:07.0337 3368 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys 19:52:07.0376 3368 viaagp - ok 19:52:07.0405 3368 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys 19:52:07.0479 3368 ViaC7 - ok 19:52:07.0511 3368 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys 19:52:07.0530 3368 viaide - ok 19:52:07.0544 3368 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys 19:52:07.0563 3368 volmgr - ok 19:52:07.0601 3368 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 19:52:07.0629 3368 volmgrx - ok 19:52:07.0643 3368 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys 19:52:07.0665 3368 volsnap - ok 19:52:07.0690 3368 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 19:52:07.0711 3368 vsmraid - ok 19:52:07.0763 3368 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe 19:52:08.0004 3368 VSS - ok 19:52:08.0105 3368 [ 4B817450226F93C31ADD5BCC27FED27A ] vToolbarUpdater15.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe 19:52:08.0143 3368 vToolbarUpdater15.2.0 - ok 19:52:08.0166 3368 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 19:52:08.0230 3368 vwifibus - ok 19:52:08.0268 3368 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 19:52:08.0331 3368 vwififlt - ok 19:52:08.0355 3368 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 19:52:08.0405 3368 vwifimp - ok 19:52:08.0437 3368 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll 19:52:08.0478 3368 W32Time - ok 19:52:08.0506 3368 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 19:52:08.0548 3368 WacomPen - ok 19:52:08.0580 3368 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 19:52:08.0627 3368 WANARP - ok 19:52:08.0632 3368 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 19:52:08.0663 3368 Wanarpv6 - ok 19:52:08.0703 3368 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe 19:52:08.0763 3368 wbengine - ok 19:52:08.0775 3368 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 19:52:08.0802 3368 WbioSrvc - ok 19:52:08.0855 3368 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll 19:52:08.0876 3368 WcesComm - ok 19:52:08.0922 3368 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll 19:52:09.0019 3368 wcncsvc - ok 19:52:09.0050 3368 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 19:52:09.0103 3368 WcsPlugInService - ok 19:52:09.0119 3368 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys 19:52:09.0138 3368 Wd - ok 19:52:09.0190 3368 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 19:52:09.0220 3368 Wdf01000 - ok 19:52:09.0231 3368 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll 19:52:09.0312 3368 WdiServiceHost - ok 19:52:09.0317 3368 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll 19:52:09.0409 3368 WdiSystemHost - ok 19:52:09.0487 3368 [ E89D463AB373CFACCCBB0645E9AE8154 ] WebCake Desktop Updater C:\Program Files\WebCake\WebCakeDesktop.Updater.exe 19:52:09.0527 3368 WebCake Desktop Updater ( UnsignedFile.Multi.Generic ) - warning 19:52:09.0527 3368 WebCake Desktop Updater - detected UnsignedFile.Multi.Generic (1) 19:52:09.0563 3368 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll 19:52:09.0626 3368 WebClient - ok 19:52:09.0645 3368 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll 19:52:09.0697 3368 Wecsvc - ok 19:52:09.0706 3368 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll 19:52:09.0865 3368 wercplsupport - ok 19:52:09.0910 3368 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll 19:52:09.0952 3368 WerSvc - ok 19:52:09.0987 3368 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 19:52:10.0024 3368 WfpLwf - ok 19:52:10.0030 3368 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys 19:52:10.0048 3368 WIMMount - ok 19:52:10.0116 3368 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 19:52:10.0149 3368 WinDefend - ok 19:52:10.0160 3368 WinHttpAutoProxySvc - ok 19:52:10.0247 3368 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 19:52:10.0280 3368 Winmgmt - ok 19:52:10.0329 3368 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll 19:52:10.0425 3368 WinRM - ok 19:52:10.0507 3368 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 19:52:10.0543 3368 WinUsb - ok 19:52:10.0569 3368 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll 19:52:10.0641 3368 Wlansvc - ok 19:52:10.0677 3368 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 19:52:10.0876 3368 WmiAcpi - ok 19:52:10.0921 3368 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 19:52:10.0985 3368 wmiApSrv - ok 19:52:11.0047 3368 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 19:52:11.0141 3368 WMPNetworkSvc - ok 19:52:11.0151 3368 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll 19:52:11.0267 3368 WPCSvc - ok 19:52:11.0307 3368 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 19:52:11.0444 3368 WPDBusEnum - ok 19:52:11.0459 3368 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 19:52:11.0526 3368 ws2ifsl - ok 19:52:11.0545 3368 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll 19:52:11.0584 3368 wscsvc - ok 19:52:11.0590 3368 WSearch - ok 19:52:11.0662 3368 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 19:52:11.0739 3368 wuauserv - ok 19:52:11.0785 3368 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 19:52:11.0830 3368 WudfPf - ok 19:52:11.0852 3368 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 19:52:11.0890 3368 WUDFRd - ok 19:52:11.0926 3368 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 19:52:11.0966 3368 wudfsvc - ok 19:52:11.0996 3368 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll 19:52:12.0187 3368 WwanSvc - ok 19:52:12.0257 3368 [ 1F93FCB5BAB3A921ECBA522F63586F4A ] X10Hid C:\Windows\system32\Drivers\x10hid.sys 19:52:12.0287 3368 X10Hid - ok 19:52:12.0372 3368 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe 19:52:12.0396 3368 x10nets ( UnsignedFile.Multi.Generic ) - warning 19:52:12.0396 3368 x10nets - detected UnsignedFile.Multi.Generic (1) 19:52:12.0417 3368 [ 378DC1B0B1F62A7488EE8D31A3C6E949 ] XUIF C:\Windows\system32\Drivers\x10ufx2.sys 19:52:12.0437 3368 XUIF - ok 19:52:12.0452 3368 ================ Scan global =============================== 19:52:12.0501 3368 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll 19:52:12.0550 3368 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll 19:52:12.0561 3368 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll 19:52:12.0576 3368 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll 19:52:12.0593 3368 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe 19:52:12.0599 3368 [Global] - ok 19:52:12.0600 3368 ================ Scan MBR ================================== 19:52:12.0610 3368 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 19:52:12.0984 3368 \Device\Harddisk0\DR0 - ok 19:52:12.0994 3368 [ A4A15D6782E6FE1DCE41A606CB3AFFE3 ] \Device\Harddisk2\DR2 19:52:13.0496 3368 \Device\Harddisk2\DR2 - ok 19:52:13.0496 3368 ================ Scan VBR ================================== 19:52:13.0501 3368 [ 73E9C56AF786BDE5F13FB5E8082DA42F ] \Device\Harddisk0\DR0\Partition1 19:52:13.0502 3368 \Device\Harddisk0\DR0\Partition1 - ok 19:52:13.0526 3368 [ 7F2CD5D1042BF803298035BDC681C496 ] \Device\Harddisk0\DR0\Partition2 19:52:13.0528 3368 \Device\Harddisk0\DR0\Partition2 - ok 19:52:13.0556 3368 [ 47F4C99EB5F18EC36BEBE2501645E7A3 ] \Device\Harddisk0\DR0\Partition3 19:52:13.0558 3368 \Device\Harddisk0\DR0\Partition3 - ok 19:52:13.0583 3368 [ A651866D76043B7D8E26F7893FEB5334 ] \Device\Harddisk2\DR2\Partition1 19:52:13.0586 3368 \Device\Harddisk2\DR2\Partition1 - ok 19:52:13.0586 3368 ============================================================ 19:52:13.0586 3368 Scan finished 19:52:13.0586 3368 ============================================================ 19:52:13.0609 6828 Detected object count: 10 19:52:13.0609 6828 Actual detected object count: 10 19:54:30.0114 6828 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user 19:54:30.0114 6828 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:54:30.0117 6828 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user 19:54:30.0117 6828 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:54:30.0118 6828 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user 19:54:30.0118 6828 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:54:30.0121 6828 genport ( UnsignedFile.Multi.Generic ) - skipped by user 19:54:30.0121 6828 genport ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:54:30.0127 6828 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 19:54:30.0127 6828 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:54:30.0128 6828 RemoteKeySrv ( UnsignedFile.Multi.Generic ) - skipped by user 19:54:30.0129 6828 RemoteKeySrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:54:30.0130 6828 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user 19:54:30.0130 6828 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:54:30.0133 6828 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user 19:54:30.0134 6828 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:54:30.0136 6828 WebCake Desktop Updater ( UnsignedFile.Multi.Generic ) - skipped by user 19:54:30.0136 6828 WebCake Desktop Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:54:30.0138 6828 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user 19:54:30.0138 6828 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip |
15.06.2013, 19:07 | #4 |
/// Malware-holic | wssetup von perion network ltd kommt immer nach Start des PC Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
15.06.2013, 19:48 | #5 |
| wssetup von perion network ltd kommt immer nach Start des PC Hallo hier der Text Combofix Logfile: Code:
ATTFilter ComboFix 13-06-15.01 - Hans-Werner 15.06.2013 20:20:05.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3070.1303 [GMT 2:00] ausgeführt von:: c:\users\Hans-Werner\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Claro LTD\claro\1.8.8.5\bh\clARo.dll c:\program files\Claro LTD\claro\1.8.8.5\clARotlbr.dll c:\program files\DealPly c:\program files\DealPly\DealPly.crx c:\program files\DealPly\DealPly.xpi c:\program files\DealPly\DealPlyIE.dll c:\program files\DealPly\DealPlyIE64.dll c:\program files\DealPly\DealPlyUpdate.exe c:\program files\DealPly\DealPlyUpdateRun.exe c:\program files\DealPly\DealPlyUpdateVer.exe c:\program files\DealPly\icon.ico c:\program files\DealPly\uninst.exe c:\programdata\Services c:\users\Hans-Werner\AppData\Local\assembly\tmp . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_BrowserDefendert . . ((((((((((((((((((((((( Dateien erstellt von 2013-05-15 bis 2013-06-15 )))))))))))))))))))))))))))))) . . 2013-06-15 18:34 . 2013-06-15 18:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-06-15 18:34 . 2013-06-15 18:34 -------- d-----w- c:\users\Internert\AppData\Local\temp 2013-06-15 18:34 . 2013-06-15 18:34 -------- d-----w- c:\users\User\AppData\Local\temp 2013-06-15 18:34 . 2013-06-15 18:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-15 18:23 . 2013-06-15 18:23 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6997227A-27F0-4B63-B6DA-1492BEEC8E6E}\offreg.dll 2013-06-14 17:22 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6997227A-27F0-4B63-B6DA-1492BEEC8E6E}\mpengine.dll 2013-06-12 20:52 . 2013-06-08 11:41 218112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2013-06-12 20:52 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-06-12 15:56 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\system32\d3d11.dll 2013-06-12 15:56 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll 2013-06-12 15:56 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll 2013-06-12 15:56 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll 2013-06-12 15:56 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe 2013-06-12 15:56 . 2013-05-13 04:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-06-12 15:56 . 2013-05-13 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-06-12 15:56 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll 2013-06-12 15:56 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-06-12 15:56 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-06-12 15:56 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-06-12 15:56 . 2013-05-08 05:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-08 13:24 . 2013-06-08 13:24 -------- d-----w- c:\users\Internert\AppData\Local\Wondershare 2013-06-06 19:05 . 2013-06-06 19:05 -------- d-----w- c:\users\Hans-Werner\AppData\Local\Downloaded Installations 2013-06-06 19:04 . 2013-06-06 19:04 -------- d-----w- c:\program files\Microsoft Silverlight 2013-06-06 19:04 . 2013-06-06 19:04 -------- d-----w- c:\programdata\BrowserDefender 2013-06-06 19:04 . 2013-06-06 19:04 -------- d-----w- c:\users\Hans-Werner\AppData\Roaming\BabSolution 2013-06-06 19:04 . 2013-06-06 19:04 -------- d-----w- c:\program files\Delta 2013-06-06 19:03 . 2013-06-06 19:03 -------- d-----w- c:\users\Hans-Werner\AppData\Roaming\Delta 2013-06-06 19:03 . 2013-06-06 19:07 -------- d-----w- c:\program files\WebCake 2013-06-06 19:03 . 2013-06-06 19:04 -------- d-----w- c:\users\Hans-Werner\AppData\Roaming\WebCake 2013-06-06 19:03 . 2013-06-06 19:03 -------- d-----w- c:\users\Hans-Werner\AppData\Roaming\DealPly 2013-06-06 19:03 . 2013-06-06 19:03 -------- d-----w- c:\users\Hans-Werner\AppData\Roaming\DSite 2013-06-06 19:03 . 2013-06-06 19:03 -------- d-----w- c:\programdata\Tarma Installer 2013-06-06 19:03 . 2013-06-06 19:03 -------- d-----w- c:\program files\Image Converter 2013-06-04 18:07 . 2013-06-04 18:07 -------- d-----w- c:\users\Hans-Werner\AppData\Local\Apple Computer 2013-06-04 18:07 . 2013-06-04 18:07 -------- d-----w- c:\users\Hans-Werner\AppData\Roaming\Apple Computer 2013-06-03 17:13 . 2013-06-03 17:13 -------- d-----w- c:\windows\system32\jmdp 2013-06-03 17:13 . 2013-06-03 17:13 -------- d-----w- c:\windows\system32\ARFC 2013-06-03 17:13 . 2013-02-05 07:25 632656 ----a-w- c:\windows\system32\msvcr80.dll 2013-06-03 17:13 . 2013-02-05 07:25 554832 ----a-w- c:\windows\system32\msvcp80.dll 2013-06-03 17:13 . 2013-02-05 07:25 479232 ----a-w- c:\windows\system32\msvcm80.dll 2013-06-03 17:13 . 2013-05-21 13:31 1167152 ----a-w- c:\windows\system32\dmwu.exe 2013-06-03 17:13 . 2013-05-21 13:28 27136 ----a-w- c:\windows\system32\ImHttpComm.dll 2013-06-03 17:13 . 2013-06-15 06:48 -------- d-----w- c:\windows\system32\WNLT 2013-06-02 15:46 . 2013-06-06 19:12 -------- d-----w- c:\users\Hans-Werner\AppData\Roaming\Audacity 2013-06-02 15:45 . 2013-06-02 15:46 -------- d-----w- c:\program files\Audacity 2013-06-02 15:31 . 2013-06-02 15:31 -------- d-----w- c:\users\Hans-Werner\AppData\Local\Xara 2013-06-02 15:31 . 2013-06-02 15:31 -------- d-----w- c:\program files\Common Files\xara 2013-06-02 15:30 . 2013-06-02 15:30 -------- d-----w- c:\program files\Common Files\MAGIX Services 2013-06-02 15:11 . 2013-06-02 15:11 -------- d-----w- c:\users\Hans-Werner\AppData\Local\Winamp Toolbar 2013-06-02 15:10 . 2013-06-02 15:10 -------- d-----w- c:\users\Hans-Werner\AppData\Local\Wondershare 2013-06-02 15:10 . 2013-06-02 15:10 -------- d-----w- c:\program files\Common Files\Wondershare 2013-05-27 19:20 . 2013-05-27 19:20 -------- d-----w- c:\users\Hans-Werner\Medien 2013-05-27 19:15 . 2013-05-27 19:15 -------- d-----w- c:\users\Hans-Werner\AppData\Local\Telekom 2013-05-27 19:15 . 2013-05-27 19:15 -------- d-----w- c:\users\Hans-Werner\AppData\Roaming\Telekom 2013-05-16 18:41 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll 2013-05-16 18:41 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll 2013-05-16 18:41 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-05-16 18:41 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-16 18:41 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-16 18:40 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe 2013-05-16 18:40 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll 2013-05-16 18:40 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-12 17:32 . 2012-06-09 07:57 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-12 17:32 . 2012-06-09 07:57 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-21 14:03 . 2012-09-25 18:58 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2013-05-16 18:35 . 2013-05-16 18:35 66656 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2013-05-02 00:06 . 2012-05-31 20:33 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-04-13 04:45 . 2013-05-16 18:41 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-16 18:41 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 13:45 . 2013-04-23 18:28 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-11 18:00 . 2013-04-11 18:00 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-04-11 18:00 . 2013-04-11 18:00 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-04-11 18:00 . 2013-04-11 18:00 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-04-11 18:00 . 2013-04-11 18:00 61952 ----a-w- c:\windows\system32\tdc.ocx 2013-04-11 18:00 . 2013-04-11 18:00 523264 ----a-w- c:\windows\system32\vbscript.dll 2013-04-11 18:00 . 2013-04-11 18:00 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-04-11 18:00 . 2013-04-11 18:00 38400 ----a-w- c:\windows\system32\imgutil.dll 2013-04-11 18:00 . 2013-04-11 18:00 361984 ----a-w- c:\windows\system32\html.iec 2013-04-11 18:00 . 2013-04-11 18:00 185344 ----a-w- c:\windows\system32\elshyph.dll 2013-04-11 18:00 . 2013-04-11 18:00 158720 ----a-w- c:\windows\system32\msls31.dll 2013-04-11 18:00 . 2013-04-11 18:00 150528 ----a-w- c:\windows\system32\iexpress.exe 2013-04-11 18:00 . 2013-04-11 18:00 138752 ----a-w- c:\windows\system32\wextract.exe 2013-04-11 18:00 . 2013-04-11 18:00 137216 ----a-w- c:\windows\system32\ieUnatt.exe 2013-04-11 18:00 . 2013-04-11 18:00 12800 ----a-w- c:\windows\system32\mshta.exe 2013-04-11 18:00 . 2013-04-11 18:00 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-04-11 18:00 . 2013-04-11 18:00 23040 ----a-w- c:\windows\system32\licmgr10.dll 2013-04-11 18:00 . 2013-04-11 18:00 1441280 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-30 10:10 . 2013-02-22 17:16 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-03-30 10:10 . 2013-02-22 17:16 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-03-30 10:10 . 2013-02-22 17:16 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-03-20 21:22 . 2013-03-20 21:22 53322 ----a-w- c:\windows\system32\temp.009 2013-03-20 21:22 . 2013-03-20 21:22 30992 ----a-w- c:\windows\system32\temp.007 2013-03-20 21:22 . 2013-03-20 21:22 180496 ----a-w- c:\windows\system32\temp.008 2013-03-20 21:22 . 2013-03-20 21:22 1503260 ----a-w- c:\windows\system32\temp.00A 2013-03-20 21:22 . 2013-03-20 21:22 379152 ----a-w- c:\windows\system32\temp.006 2013-03-20 21:22 . 2013-03-20 21:22 831562 ----a-w- c:\windows\system32\temp.004 2013-03-20 21:22 . 2013-03-20 21:22 614672 ----a-w- c:\windows\system32\temp.005 2013-03-20 21:22 . 2013-03-20 21:22 421962 ----a-w- c:\windows\system32\temp.003 2013-03-20 21:22 . 2013-03-20 21:22 315466 ----a-w- c:\windows\system32\temp.002 2013-03-20 21:22 . 2013-03-20 21:22 553034 ----a-w- c:\windows\system32\temp.001 2013-03-20 21:22 . 2013-03-20 21:22 241695 ----a-w- c:\windows\system32\temp.000 2013-03-20 21:21 . 2012-12-17 20:04 253952 ------w- c:\windows\Setup1.exe 2013-03-20 21:21 . 2012-12-17 20:04 74752 ----a-w- c:\windows\ST6UNST.EXE 2013-03-19 04:48 . 2013-04-10 14:43 38912 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 02:49 . 2013-04-10 14:43 69632 ----a-w- c:\windows\system32\smss.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2012-03-19 1937736] "{5786d022-540e-4699-b350-b4be0ae94b79}"= "c:\program files\Ashampoo_DE\prxtbAsh0.dll" [2013-03-05 231168] "{04a8dd1a-4754-48fe-a703-99846646ef04}"= "c:\program files\DVDvideoSoft_2.0\prxtbDVDv.dll" [2013-03-05 231168] . [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch] . [HKEY_CLASSES_ROOT\clsid\{5786d022-540e-4699-b350-b4be0ae94b79}] . [HKEY_CLASSES_ROOT\clsid\{04a8dd1a-4754-48fe-a703-99846646ef04}] . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{04a8dd1a-4754-48fe-a703-99846646ef04}] 2013-03-05 12:37 231168 ----a-w- c:\program files\DVDvideoSoft_2.0\prxtbDVDv.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{5786d022-540e-4699-b350-b4be0ae94b79}] 2013-03-05 13:37 231168 ----a-w- c:\program files\Ashampoo_DE\prxtbAsh0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2013-05-21 14:03 1991344 ----a-w- c:\program files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{5786d022-540e-4699-b350-b4be0ae94b79}"= "c:\program files\Ashampoo_DE\prxtbAsh0.dll" [2013-03-05 231168] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll" [2013-05-21 1991344] "{04a8dd1a-4754-48fe-a703-99846646ef04}"= "c:\program files\DVDvideoSoft_2.0\prxtbDVDv.dll" [2013-03-05 231168] . [HKEY_CLASSES_ROOT\clsid\{5786d022-540e-4699-b350-b4be0ae94b79}] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CLASSES_ROOT\clsid\{04a8dd1a-4754-48fe-a703-99846646ef04}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{5786D022-540E-4699-B350-B4BE0AE94B79}"= "c:\program files\Ashampoo_DE\prxtbAsh0.dll" [2013-03-05 231168] . [HKEY_CLASSES_ROOT\clsid\{5786d022-540e-4699-b350-b4be0ae94b79}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Mediencenter_InSync] @="{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}" "ReferenceCount"=dword:00000001 [HKEY_CLASSES_ROOT\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}] 2013-04-18 16:06 540672 ----a-w- c:\users\Hans-Werner\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Mediencenter_ToSync] @="{528EE335-5034-4EFC-834E-63E5F02D2BC2}" "ReferenceCount"=dword:00000001 [HKEY_CLASSES_ROOT\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}] 2013-04-18 16:06 540672 ----a-w- c:\users\Hans-Werner\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Mediencenter_Failed] @="{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}" "ReferenceCount"=dword:00000001 [HKEY_CLASSES_ROOT\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}] 2013-04-18 16:06 540672 ----a-w- c:\users\Hans-Werner\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904] "SearchProtect"="c:\users\Hans-Werner\AppData\Roaming\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640] "WebCake Desktop"="c:\users\Hans-Werner\AppData\Roaming\WebCake\WebCakeDesktop.exe" [2013-05-31 47896] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1425208] "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-09 284696] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-29 8391200] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2009-12-29 678432] "LchDrv"="LchDrvKey.exe" [2007-03-28 36864] "WUG0902APP"="CNYHKey.exe" [2009-12-24 5575168] "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328] "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288] "Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-05-21 1226928] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720] "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472] "YouCam Mirror Tray icon"="c:\program files\CyberLink\YouCam\YouCamTray.exe" [2009-12-23 167008] "Ocs_SM"="c:\users\Hans-Werner\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2013-01-28 106496] "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032] "Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-16 345312] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2012-06-28 74752] "SearchProtectAll"="c:\program files\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] . c:\users\Hans-Werner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Mediencenter.lnk - c:\users\Hans-Werner\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe [2013-4-22 526144] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2012-6-3 25214] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 795936] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248] Ralink Wireless Utility.lnk - c:\program files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe -s [2012-6-6 638976] RemoteKeySrv.lnk - c:\program files\RemoteKeySrv\RemoteKeySrv.exe [2012-6-3 303104] WISO Mein Steuer-Sparbuch heute.lnk - c:\program files\WISO\Steuersoftware 2013\mshaktuell.exe [2013-3-26 1397840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~2\BROWSE~1\261339~1.144\{C16C1~1\BrowserDefender.dll . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "updateMgr"=c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_1_0 -reboot 1 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . R0 rseb;rseb; [x] R2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-05-16 562744] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 182304] R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2011-10-14 47176] R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2011-10-14 61312] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-05-21 37664] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-30 37352] S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2007-07-27 330144] S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-07-27 251680] S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-03-30 86752] S2 BackupBoxService;BackupBoxService;c:\program files\abylonsoft\Backup-Tube\BackupBoxService.EXE [2012-04-25 753704] S2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\SearchProtect\bin\CltMngSvc.exe [2013-04-11 93984] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-09 13336] S2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe [2013-05-21 1167152] S2 RemoteKeySrv;RemoteKeySrv;c:\program files\RemoteKeySrv\RemoteKeySrv.exe [2010-01-11 303104] S2 SearchAnonymizer;SearchAnonymizer;c:\users\Hans-Werner\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2013-01-28 40960] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-10 383264] S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-05-21 1015984] S2 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files\WebCake\WebCakeDesktop.Updater.exe [2013-05-31 23552] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472] S3 genport;genport;c:\program files\RemoteKeySrv\GenPort.sys [2005-12-08 4096] S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys [2009-10-29 10360] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2011-09-02 42648] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2011-09-02 12184] S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys [2009-10-29 22392] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-01 1009184] S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2009-05-13 13720] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-06-06 19:33 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2013-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 17:32] . 2013-06-15 c:\windows\Tasks\CheckDriveBackgroundGuard.job - c:\program files\CheckDrive\CheckDriveBackgroundGuard.exe [2012-09-25 09:18] . 2013-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-07 19:54] . 2013-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-07 19:54] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://search.babylon.com/?affID=119357&babsrc=HP_ss_gin2g&mntrId=2A521C4BD6428A4C IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: In vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html TCP: DhcpNameServer = 192.168.2.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKLM-Run-Wondershare Helper Compact.exe - c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exe AddRemove-DealPly - c:\program files\DealPly\uninst.exe AddRemove-SLABCOMM&10C4&EA60 - c:\program files\Silabs\CP210x\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60 . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'Explorer.exe'(5848) c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\NVIDIA Corporation\Display\nvxdsync.exe c:\windows\system32\nvvsvc.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\windows\SYSTEM32\WISPTIS.EXE c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\CyberLink\Shared files\RichVideo.exe c:\progra~1\COMMON~1\X10\Common\x10nets.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\System32\WUDFHost.exe c:\windows\system32\taskhost.exe c:\windows\SYSTEM32\WISPTIS.EXE c:\program files\Common Files\microsoft shared\ink\TabTip.exe c:\program files\Google\Update\1.3.21.145\GoogleCrashHandler.exe c:\windows\system32\conhost.exe c:\windows\System32\jmdp\stij.exe c:\windows\system32\conhost.exe c:\program files\NVIDIA Corporation\Display\nvtray.exe c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe c:\windows\system32\sppsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Zeit der Fertigstellung: 2013-06-15 20:45:11 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2013-06-15 18:45 . Vor Suchlauf: 13 Verzeichnis(se), 301.591.662.592 Bytes frei Nach Suchlauf: 19 Verzeichnis(se), 301.480.349.696 Bytes frei . - - End Of File - - C2DE832148CFBAEF54D42D96987A8A77 A36C5E4F47E84449FF07ED3517B43A31 |
15.06.2013, 19:55 | #6 |
/// Malware-holic | wssetup von perion network ltd kommt immer nach Start des PC Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ --> wssetup von perion network ltd kommt immer nach Start des PC |
16.06.2013, 16:34 | #7 |
| wssetup von perion network ltd kommt immer nach Start des PC Hallo Markusg, der Scan ist heute Nacht durchgelaufen und als ich heute Morgen mir das Ergebnis ansehen wollte, hatte sich der Rechner total aufgehangen. Habe dann den Scan nochmal laufen lassen. Hier das Ergebnis Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.15.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16618 Hans-Werner :: HANS-WERNER1 [Administrator] Schutz: Aktiviert 16.06.2013 09:50:45 mbam-log-2013-06-16 (09-50-45).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 939406 Laufzeit: 7 Stunde(n), 25 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> 1516 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 7 F:\Datensicherung HW\C\Programme\Program Files\PCWELT\0602\pantsoff.exe (PUP.Pantsoff.PasswordFinder) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\Datensicherung HW\C\Programme\Cracks Clone CD\CloneCD_v4.0.0.1_by_TMG.zip (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\Datensicherung HW\C\Programme\Cracks Clone CD\cr-clonecd4001.zip (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\Datensicherung HW\Kathrins PC\Datensicherung HW\Programme\Cracks Clone CD\CloneCD_v4.0.0.1_by_TMG.zip (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\Datensicherung HW\Kathrins PC\Datensicherung HW\Programme\Cracks Clone CD\cr-clonecd4001.zip (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\Datensicherung HW\Kathrins PC\Datensicherung HW\Programme\Program Files\PCWELT\0602\pantsoff.exe (PUP.Pantsoff.PasswordFinder) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> Löschen bei Neustart. (Ende) LG Hans-Werner |
16.06.2013, 17:57 | #8 |
/// Malware-holic | wssetup von perion network ltd kommt immer nach Start des PC F:\Datensicherung HW\C\Programme\Cracks Clone CD\cr-clonecd4001.zip (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\Datensicherung HW\Kathrins PC\Datensicherung HW\Programme\Cracks Clone CD\CloneCD_v4.0.0.1_by_TMG.zip (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\Datensicherung HW\Kathrins PC\Datensicherung HW\Programme\Cracks Clone CD\cr-clonecd4001.zip (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. ... da die Verwendung von keygens etc illegal ist, gibts hier nur hilfe beim neu aufsetzen. http://www.trojaner-board.de/95393-c...-software.html 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu wssetup von perion network ltd kommt immer nach Start des PC |
abelssoft, adobe reader xi, antivir, avg secure search, avg security toolbar, avira, browserdefendert, delta chrome toolbar, ebanking, fehler, flash player, format, homepage, install.exe, msiexec.exe, perion network ltd, pup.installbrain, pup.pantsoff.passwordfinder, richtlinie, rundll, search protect, secure search, security, start von windows, svchost.exe, tarma, trojan.agent.ck, udp, vtoolbarupdater, webcake, windows, wssetup.exe perion network ltd. |