| |
| |||||||
Log-Analyse und Auswertung: Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.02.2014, 16:08
| #1 |
 |  Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen Hallo Trojaner-Board-Profis, ich bin das erste Mal auf eurer Seite und hoffe alles nach euren Regeln auszführen. Also: Anscheinend durch einen USB-Stick eines Bekannten habe ich irgendeine Malware auf meinen Rechner bekommen (WIN7 Pro, SP1). Meine Anti-Virensoftware (Trend Micro Titanium) erkennt und löscht diese zwar, der beinhaltende Ordner und die Dateien werden aber automatisch wieder rekonstruiert - die Anti-Virensoftware arbeitet (löscht) also ständig. Ich habe mir bereits Malwarebytes heruntergeladen und mehrere Male ausgeführt, aber ohne Erfolg. Bis jetzt habe ich auch keine Schäden am Rechner oder irgendwelcher Software feststellen können, ich habe aber den Rechner auch gleich vom Netz getrennt, was dzt auch der aktuelle Status ist. Hier meine Log-files: Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:31 on 04/02/2014 (Admin_Mirko)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2014
Ran by Mirko (ATTENTION: The logged in user is not administrator) on MIRKOS_DELL on 04-02-2014 15:32:29
Running from C:\Users\Mirko\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Portrait Displays\PremierColor\dthtml.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Portrait Displays Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Farbar) C:\Users\Mirko\Desktop\02_FRST64.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-02-05] (IDT, Inc.)
HKLM\...\Run: [IntelPROSet] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4805936 2012-08-23] (Intel(R) Corporation)
HKLM\...\Run: [TdmNotify] - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [371024 2013-03-05] (Wave Systems Corp.)
HKLM\...\Run: [DFEPApplication] - C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-15] (Dell Inc.)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1382568 2013-09-16] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [216928 2013-08-29] (Trend Micro Inc.)
HKLM\...\Run: [WLM] - C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe [39528 2013-01-31] (Trend Micro Inc.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-04-03] (CANON INC.)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-12-04] ()
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [DT DL2] - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [120400 2012-07-23] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [SSBkgdUpdate] - C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OpwareSE4] - C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2359832 2013-10-29] (Sony Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624056 2011-08-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
HKU\S-1-5-21-664203464-2089694265-3020698547-1002\...\Run: [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-664203464-2089694265-3020698547-1002\...\Run: [tsiVideo] - C:\Windows\SysWOW64\rundll32.exe C:\Users\Mirko\AppData\Local\Temp\\mdi064.dll,runme <===== ATTENTION
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [184048 2013-12-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-12-04] (NVIDIA Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Analoguhr.lnk
ShortcutTarget: Analoguhr.lnk -> C:\Users\Mirko\AppData\Local\Temp\Temp1_clock.zip\CLOCK.EXE ()
Startup: C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13-comm.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {90699434-2CF0-45A9-B20C-CE9A2C807EDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
SearchScopes: HKLM - {90699434-2CF0-45A9-B20C-CE9A2C807EDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
SearchScopes: HKLM-x32 - DefaultScope {90699434-2CF0-45A9-B20C-CE9A2C807EDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
SearchScopes: HKLM-x32 - {90699434-2CF0-45A9-B20C-CE9A2C807EDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\..\Interfaces\{40D7FC1B-8AF7-4B01-BA89-D973FE645C48}: [NameServer]192.168.200.2
FireFox:
========
FF ProfilePath: C:\Users\Mirko\AppData\Roaming\Mozilla\Firefox\Profiles\jybocd2l.default
FF Homepage: www.google.at
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Bluhell Firewall - C:\Users\Mirko\AppData\Roaming\Mozilla\Firefox\Profiles\jybocd2l.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-12-29]
FF Extension: Tab Mix Plus - C:\Users\Mirko\AppData\Roaming\Mozilla\Firefox\Profiles\jybocd2l.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-09-02]
FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2013-10-08]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2013-10-08]
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2013-08-27]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ []
==================== Services (Whitelisted) =================
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [79360 2013-09-02] (Autodesk)
R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-15] (Dell Inc.)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [136784 2012-07-23] (Portrait Displays, Inc.)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [231792 2013-03-11] ()
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] ()
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-05-23] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166432 2012-10-23] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [1290016 2013-12-04] (NVIDIA Corporation)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [21504 2013-01-21] (Dell, Inc.)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2013-10-29] (Sony Corporation)
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-05-23] ()
S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] ()
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1773056 2013-02-26] (Wave Systems Corp.)
S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254824 2013-03-08] (Wave Systems Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]
==================== Drivers (Whitelisted) ====================
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2013-08-03] (Broadcom Corporation.)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-05-23] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-04] (NVIDIA Corporation)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-05-23] ()
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [109072 2013-09-04] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [175528 2013-09-04] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-24] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [77184 2013-09-04] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [210232 2012-07-06] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2012-05-02] (Trend Micro Inc.)
R5 tmeevw; C:\Windows\System32\Drivers\tmeevw.sys [94520 2012-12-07] (Trend Micro Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-04 15:32 - 2014-02-04 15:32 - 00021524 _____ () C:\Users\Mirko\Desktop\FRST.txt
2014-02-04 15:32 - 2014-02-04 15:32 - 00000000 ____D () C:\FRST
2014-02-04 15:31 - 2014-02-04 15:31 - 00000000 _____ () C:\Users\Admin_Mirko\defogger_reenable
2014-02-04 15:30 - 2014-02-04 15:27 - 02080256 _____ (Farbar) C:\Users\Mirko\Desktop\02_FRST64.exe
2014-02-04 15:30 - 2014-02-04 15:27 - 00380416 _____ () C:\Users\Mirko\Desktop\03_Gmer-19357.exe
2014-02-04 15:30 - 2014-02-04 15:23 - 00050477 _____ () C:\Users\Mirko\Desktop\01_Defogger.exe
2014-02-04 12:45 - 2014-02-04 12:45 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\Malwarebytes
2014-02-04 12:35 - 2014-02-04 12:35 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\Malwarebytes
2014-02-04 12:34 - 2014-02-04 12:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-04 12:34 - 2014-02-04 12:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-04 12:34 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-03 11:53 - 2014-02-03 12:00 - 00000000 ___RD () C:\Users\Admin_Mirko\Virtual Machines
2014-02-03 11:43 - 2014-02-04 11:47 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\CrashDumps
2014-01-27 14:19 - 2014-01-27 14:19 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\PDF Writer
2014-01-27 14:19 - 2014-01-27 14:19 - 00000000 ____D () C:\Users\Mirko\AppData\Local\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\ProgramData\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Program Files\Common Files\Bullzip
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Program Files\Bullzip
2014-01-27 14:13 - 2014-01-09 09:37 - 00147456 _____ (Bullzip) C:\Windows\SysWOW64\bzpdfc.dll
2014-01-27 14:13 - 2013-09-01 11:59 - 01103872 _____ () C:\Windows\SysWOW64\CBLCtlsU.ocx
2014-01-27 14:13 - 2013-07-13 11:15 - 00805376 _____ () C:\Windows\SysWOW64\EditCtlsU.ocx
2014-01-27 14:13 - 2013-07-12 21:57 - 00539648 _____ () C:\Windows\SysWOW64\LblCtlsU.ocx
2014-01-27 14:13 - 2013-04-05 12:55 - 00476160 _____ () C:\Windows\SysWOW64\TabStripCtlU.ocx
2014-01-27 14:13 - 2013-03-28 22:13 - 00645632 _____ () C:\Windows\SysWOW64\BtnCtlsU.ocx
2014-01-27 14:13 - 2013-03-03 13:37 - 01061888 _____ () C:\Windows\SysWOW64\ExLvwU.ocx
2014-01-27 14:13 - 2008-10-30 09:37 - 00227840 _____ (Bullzip) C:\Windows\SysWOW64\bzFlRdr.dll
2014-01-27 14:13 - 2008-07-09 09:37 - 00103424 _____ (Bullzip) C:\Windows\SysWOW64\bzDCT.dll
2014-01-17 15:14 - 2014-01-17 15:14 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\BR
2014-01-17 15:13 - 2014-01-17 15:13 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\BR
2014-01-16 08:27 - 2014-01-16 08:27 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\WinRAR
2014-01-16 08:25 - 2014-01-16 08:25 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-16 08:25 - 2014-01-16 08:25 - 00000000 ____D () C:\Program Files\WinRAR
2014-01-10 11:02 - 2014-01-10 11:02 - 00000175 _____ () C:\ProgramData\OutlookFail.20140110.log
2014-01-09 13:55 - 2014-01-09 14:32 - 43703296 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd831_all_incr.msp
2014-01-09 12:28 - 2014-01-09 12:37 - 44644864 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd830_all_incr.msp
2014-01-09 12:27 - 2014-01-09 12:47 - 43396608 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd826_all_incr.msp
2014-01-09 12:22 - 2014-01-09 12:34 - 43589632 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd825_all_incr.msp
2014-01-09 12:19 - 2014-01-09 12:46 - 45099008 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd822_all_incr.msp
2014-01-09 12:19 - 2014-01-09 12:28 - 42970624 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd823_all_incr.msp
2014-01-09 12:19 - 2014-01-09 12:22 - 09225216 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd824_all_incr.msp
2014-01-09 12:18 - 2014-01-09 12:47 - 49241088 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd820_all_incr.msp
2014-01-09 12:18 - 2014-01-09 12:45 - 45229056 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd817_all_incr.msp
2014-01-09 12:18 - 2014-01-09 12:19 - 02953728 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd821_all_incr.msp
2014-01-09 12:17 - 2014-01-09 12:27 - 18554368 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd816_all_incr.msp
2014-01-09 12:17 - 2014-01-09 12:18 - 03162624 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd815_all_incr.msp
2014-01-09 12:16 - 2014-01-09 12:18 - 10935296 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd814_all_incr.msp
2014-01-09 12:16 - 2014-01-09 12:17 - 04498944 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd814_all_ce_incr.msp
2014-01-09 12:16 - 2014-01-09 12:17 - 04436992 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd814_all_me_incr.msp
2014-01-09 12:11 - 2007-03-23 16:55 - 00035928 _____ (Adobe Systems Incorporated.) C:\Windows\system32\AdobePDF64.dll
2014-01-09 12:07 - 2014-01-09 12:11 - 40293888 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd813_all_incr.msp
2014-01-09 12:04 - 2014-01-09 12:05 - 02251776 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatReaderUpd812_SU1_all.msi
2014-01-09 12:03 - 2014-01-09 12:05 - 20783104 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd812_all_incr.msp
2014-01-09 12:01 - 2014-01-09 12:02 - 11395584 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd811_all_incr.msp
2014-01-09 11:54 - 2014-01-09 11:57 - 37983232 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd810_efgj_incr.msp
2014-01-09 10:57 - 2006-09-29 12:48 - 00033368 ____R (Adobe Systems Incorporated.) C:\Windows\SysWOW64\AdobePDF.dll
2014-01-09 10:14 - 2014-01-09 10:14 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-01-06 16:49 - 2014-01-06 16:49 - 00000175 _____ () C:\ProgramData\OutlookFail.20140106.log
2014-01-06 16:43 - 2014-01-06 16:43 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\EDrawings
2014-01-06 16:38 - 2014-01-06 16:41 - 00000000 ____D () C:\Users\Mirko\AppData\Local\TempSWSicherungsverzeichnis
2014-01-06 16:38 - 2014-01-06 16:38 - 00000000 ____D () C:\Users\Mirko\AppData\Local\SolidWorks
2014-01-06 16:32 - 2014-01-06 16:32 - 00000000 ____D () C:\ProgramData\Simpoe
2014-01-06 16:31 - 2014-01-06 16:31 - 00000000 ____D () C:\Program Files (x86)\SolidWorks Corp
2014-01-06 16:29 - 2014-01-06 16:29 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\help_images_otherUI
2014-01-06 16:29 - 2014-01-06 16:29 - 00000000 _____ () C:\Windows\eDrawingOfficeAutomator.INI
2014-01-06 16:28 - 2014-01-06 16:28 - 00000000 ____D () C:\Users\Admin_Mirko\Documents\SolidWorks Visual Studio Tools for Applications
2014-01-06 16:28 - 2014-01-06 16:28 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\DassaultSystemes
2014-01-06 16:28 - 2014-01-06 16:28 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\DassaultSystemes
2014-01-06 16:28 - 2014-01-06 16:28 - 00000000 ____D () C:\ProgramData\DassaultSystemes
2014-01-06 16:07 - 2014-01-06 16:32 - 00000000 ____D () C:\Program Files\SolidWorks Corp
2014-01-06 16:07 - 2014-01-06 16:31 - 00000000 ____D () C:\Program Files\Common Files\SolidWorks Shared
2014-01-06 16:07 - 2014-01-06 16:07 - 00000000 ____D () C:\ProgramData\SolidWorks
2014-01-06 16:07 - 2014-01-06 16:07 - 00000000 ____D () C:\Program Files\Common Files\Macrovision Shared
2014-01-06 16:06 - 2014-01-06 16:06 - 00000000 ____D () C:\Users\Admin_Mirko\Documents\Visual Studio 2005
2014-01-06 16:06 - 2014-01-06 16:06 - 00000000 ____D () C:\ProgramData\Apple
2014-01-06 16:06 - 2014-01-06 16:06 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2014-01-06 16:06 - 2014-01-06 16:06 - 00000000 ____D () C:\Program Files\Bonjour
2014-01-06 16:06 - 2014-01-06 16:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-01-06 16:06 - 2014-01-06 16:06 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-01-06 16:05 - 2014-01-06 16:10 - 00000000 ____D () C:\SolidWorks Data
2014-01-06 16:05 - 2014-01-06 16:05 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-01-06 15:48 - 2014-01-06 16:05 - 00000000 ____D () C:\Windows\SolidWorks
2014-01-06 15:48 - 2014-01-06 15:48 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\SolidWorks
2014-01-06 15:47 - 2014-01-19 19:51 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\SolidWorks
2014-01-06 15:38 - 2014-01-06 15:38 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\DAEMON Tools Lite
2014-01-06 15:17 - 2014-01-06 15:33 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\DAEMON Tools Lite
2014-01-06 15:16 - 2014-01-06 15:33 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
==================== One Month Modified Files and Folders =======
2014-02-04 15:32 - 2014-02-04 15:32 - 00021524 _____ () C:\Users\Mirko\Desktop\FRST.txt
2014-02-04 15:32 - 2014-02-04 15:32 - 00000000 ____D () C:\FRST
2014-02-04 15:31 - 2014-02-04 15:31 - 00000000 _____ () C:\Users\Admin_Mirko\defogger_reenable
2014-02-04 15:31 - 2013-08-19 19:02 - 00000000 ____D () C:\Users\Admin_Mirko
2014-02-04 15:30 - 2010-11-21 07:50 - 00701236 _____ () C:\Windows\system32\perfh007.dat
2014-02-04 15:30 - 2010-11-21 07:50 - 00150104 _____ () C:\Windows\system32\perfc007.dat
2014-02-04 15:30 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-04 15:29 - 2009-07-14 05:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-04 15:29 - 2009-07-14 05:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-04 15:27 - 2014-02-04 15:30 - 02080256 _____ (Farbar) C:\Users\Mirko\Desktop\02_FRST64.exe
2014-02-04 15:27 - 2014-02-04 15:30 - 00380416 _____ () C:\Users\Mirko\Desktop\03_Gmer-19357.exe
2014-02-04 15:25 - 2013-08-03 23:54 - 01326277 _____ () C:\Windows\WindowsUpdate.log
2014-02-04 15:23 - 2014-02-04 15:30 - 00050477 _____ () C:\Users\Mirko\Desktop\01_Defogger.exe
2014-02-04 15:22 - 2013-08-04 00:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-04 15:22 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-04 15:22 - 2009-07-14 05:51 - 00062248 _____ () C:\Windows\setupact.log
2014-02-04 14:38 - 2013-12-19 16:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-04 14:01 - 2010-11-21 04:47 - 00471340 _____ () C:\Windows\PFRO.log
2014-02-04 12:58 - 2014-01-04 13:43 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\genienext
2014-02-04 12:45 - 2014-02-04 12:45 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\Malwarebytes
2014-02-04 12:35 - 2014-02-04 12:35 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\Malwarebytes
2014-02-04 12:35 - 2014-02-04 12:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-04 12:34 - 2014-02-04 12:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-04 11:47 - 2014-02-03 11:43 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\CrashDumps
2014-02-03 12:00 - 2014-02-03 11:53 - 00000000 ___RD () C:\Users\Admin_Mirko\Virtual Machines
2014-02-03 11:45 - 2014-01-02 16:52 - 00000000 ___RD () C:\Users\Mirko\Virtual Machines
2014-02-03 11:39 - 2013-12-23 15:53 - 00000000 ____D () C:\Users\Mirko\AppData\Local\CrashDumps
2014-01-27 14:19 - 2014-01-27 14:19 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\PDF Writer
2014-01-27 14:19 - 2014-01-27 14:19 - 00000000 ____D () C:\Users\Mirko\AppData\Local\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\ProgramData\PDF Writer
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Program Files\Common Files\Bullzip
2014-01-27 14:13 - 2014-01-27 14:13 - 00000000 ____D () C:\Program Files\Bullzip
2014-01-20 20:19 - 2013-08-19 19:07 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\Adobe
2014-01-20 20:18 - 2013-08-03 23:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-20 20:18 - 2013-08-03 23:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-19 19:51 - 2014-01-06 15:47 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\SolidWorks
2014-01-18 07:10 - 2013-11-11 07:15 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\Skype
2014-01-17 15:14 - 2014-01-17 15:14 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\BR
2014-01-17 15:13 - 2014-01-17 15:13 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\BR
2014-01-16 08:32 - 2010-11-21 08:00 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-01-16 08:27 - 2014-01-16 08:27 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\WinRAR
2014-01-16 08:25 - 2014-01-16 08:25 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-16 08:25 - 2014-01-16 08:25 - 00000000 ____D () C:\Program Files\WinRAR
2014-01-12 23:26 - 2013-11-11 07:15 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-01-12 23:26 - 2013-11-11 07:15 - 00000000 ____D () C:\ProgramData\Skype
2014-01-10 11:02 - 2014-01-10 11:02 - 00000175 _____ () C:\ProgramData\OutlookFail.20140110.log
2014-01-09 14:32 - 2014-01-09 13:55 - 43703296 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd831_all_incr.msp
2014-01-09 12:47 - 2014-01-09 12:27 - 43396608 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd826_all_incr.msp
2014-01-09 12:47 - 2014-01-09 12:18 - 49241088 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd820_all_incr.msp
2014-01-09 12:46 - 2014-01-09 12:19 - 45099008 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd822_all_incr.msp
2014-01-09 12:45 - 2014-01-09 12:18 - 45229056 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd817_all_incr.msp
2014-01-09 12:37 - 2014-01-09 12:28 - 44644864 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd830_all_incr.msp
2014-01-09 12:34 - 2014-01-09 12:22 - 43589632 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd825_all_incr.msp
2014-01-09 12:28 - 2014-01-09 12:19 - 42970624 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd823_all_incr.msp
2014-01-09 12:27 - 2014-01-09 12:17 - 18554368 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd816_all_incr.msp
2014-01-09 12:22 - 2014-01-09 12:19 - 09225216 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd824_all_incr.msp
2014-01-09 12:19 - 2014-01-09 12:18 - 02953728 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd821_all_incr.msp
2014-01-09 12:18 - 2014-01-09 12:17 - 03162624 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd815_all_incr.msp
2014-01-09 12:18 - 2014-01-09 12:16 - 10935296 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd814_all_incr.msp
2014-01-09 12:17 - 2014-01-09 12:16 - 04498944 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd814_all_ce_incr.msp
2014-01-09 12:17 - 2014-01-09 12:16 - 04436992 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd814_all_me_incr.msp
2014-01-09 12:11 - 2014-01-09 12:07 - 40293888 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd813_all_incr.msp
2014-01-09 12:06 - 2013-08-04 00:09 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-01-09 12:05 - 2014-01-09 12:04 - 02251776 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatReaderUpd812_SU1_all.msi
2014-01-09 12:05 - 2014-01-09 12:03 - 20783104 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd812_all_incr.msp
2014-01-09 12:02 - 2014-01-09 12:01 - 11395584 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd811_all_incr.msp
2014-01-09 11:57 - 2014-01-09 11:54 - 37983232 _____ () C:\Users\Admin_Mirko\Downloads\AcrobatUpd810_efgj_incr.msp
2014-01-09 10:35 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-01-09 10:23 - 2013-08-04 00:09 - 00000000 ____D () C:\ProgramData\Adobe
2014-01-09 10:14 - 2014-01-09 10:14 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-01-09 09:37 - 2014-01-27 14:13 - 00147456 _____ (Bullzip) C:\Windows\SysWOW64\bzpdfc.dll
2014-01-07 13:31 - 2013-08-19 19:03 - 00117416 _____ () C:\Users\Admin_Mirko\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-07 12:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-01-06 16:49 - 2014-01-06 16:49 - 00000175 _____ () C:\ProgramData\OutlookFail.20140106.log
2014-01-06 16:43 - 2014-01-06 16:43 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\EDrawings
2014-01-06 16:41 - 2014-01-06 16:38 - 00000000 ____D () C:\Users\Mirko\AppData\Local\TempSWSicherungsverzeichnis
2014-01-06 16:38 - 2014-01-06 16:38 - 00000000 ____D () C:\Users\Mirko\AppData\Local\SolidWorks
2014-01-06 16:38 - 2013-11-13 09:30 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\NVIDIA
2014-01-06 16:34 - 2013-08-29 09:47 - 00117416 _____ () C:\Users\Mirko\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-06 16:34 - 2009-07-14 05:45 - 00404232 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-06 16:32 - 2014-01-06 16:32 - 00000000 ____D () C:\ProgramData\Simpoe
2014-01-06 16:32 - 2014-01-06 16:07 - 00000000 ____D () C:\Program Files\SolidWorks Corp
2014-01-06 16:31 - 2014-01-06 16:31 - 00000000 ____D () C:\Program Files (x86)\SolidWorks Corp
2014-01-06 16:31 - 2014-01-06 16:07 - 00000000 ____D () C:\Program Files\Common Files\SolidWorks Shared
2014-01-06 16:29 - 2014-01-06 16:29 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\help_images_otherUI
2014-01-06 16:29 - 2014-01-06 16:29 - 00000000 _____ () C:\Windows\eDrawingOfficeAutomator.INI
2014-01-06 16:28 - 2014-01-06 16:28 - 00000000 ____D () C:\Users\Admin_Mirko\Documents\SolidWorks Visual Studio Tools for Applications
2014-01-06 16:28 - 2014-01-06 16:28 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\DassaultSystemes
2014-01-06 16:28 - 2014-01-06 16:28 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Local\DassaultSystemes
2014-01-06 16:28 - 2014-01-06 16:28 - 00000000 ____D () C:\ProgramData\DassaultSystemes
2014-01-06 16:28 - 2013-08-27 23:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-06 16:10 - 2014-01-06 16:05 - 00000000 ____D () C:\SolidWorks Data
2014-01-06 16:07 - 2014-01-06 16:07 - 00000000 ____D () C:\ProgramData\SolidWorks
2014-01-06 16:07 - 2014-01-06 16:07 - 00000000 ____D () C:\Program Files\Common Files\Macrovision Shared
2014-01-06 16:06 - 2014-01-06 16:06 - 00000000 ____D () C:\Users\Admin_Mirko\Documents\Visual Studio 2005
2014-01-06 16:06 - 2014-01-06 16:06 - 00000000 ____D () C:\ProgramData\Apple
2014-01-06 16:06 - 2014-01-06 16:06 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2014-01-06 16:06 - 2014-01-06 16:06 - 00000000 ____D () C:\Program Files\Bonjour
2014-01-06 16:06 - 2014-01-06 16:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-01-06 16:06 - 2014-01-06 16:06 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-01-06 16:06 - 2013-08-27 23:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-01-06 16:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-01-06 16:05 - 2014-01-06 16:05 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-01-06 16:05 - 2014-01-06 15:48 - 00000000 ____D () C:\Windows\SolidWorks
2014-01-06 16:05 - 2013-11-18 14:08 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-01-06 15:48 - 2014-01-06 15:48 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\SolidWorks
2014-01-06 15:38 - 2014-01-06 15:38 - 00000000 ____D () C:\Users\Mirko\AppData\Roaming\DAEMON Tools Lite
2014-01-06 15:33 - 2014-01-06 15:17 - 00000000 ____D () C:\Users\Admin_Mirko\AppData\Roaming\DAEMON Tools Lite
2014-01-06 15:33 - 2014-01-06 15:16 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
Files to move or delete:
====================
C:\Windows\SysWOW64\nvinit.dll
Some content of TEMP:
====================
C:\Users\Admin_Mirko\AppData\Local\Temp\AcDeltree.exe
C:\Users\Admin_Mirko\AppData\Local\Temp\htmlayout.dll
C:\Users\Admin_Mirko\AppData\Local\Temp\mdi064.dll
C:\Users\Admin_Mirko\AppData\Local\Temp\mdi164.dll
C:\Users\Admin_Mirko\AppData\Local\Temp\mdi264.dll
C:\Users\Admin_Mirko\AppData\Local\Temp\mdi364.dll
C:\Users\Admin_Mirko\AppData\Local\Temp\mdi464.dll
C:\Users\Admin_Mirko\AppData\Local\Temp\mdi564.dll
C:\Users\Admin_Mirko\AppData\Local\Temp\toolbar2603500.exe
C:\Users\Admin_Mirko\AppData\Local\Temp\uninstall2911743.exe
C:\Users\Admin_Mirko\AppData\Local\Temp\uninstall2912881.exe
C:\Users\Admin_Mirko\AppData\Local\Temp\Updater.exe
C:\Users\Mirko\AppData\Local\Temp\mdi064.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2014
Ran by Mirko at 2014-02-04 15:32:45
Running from C:\Users\Mirko\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Trend Micro Titanium (Enabled - Up to date) {B7599298-8445-728A-A5C7-A26A082C8BDA}
AS: Trend Micro Titanium (Enabled - Up to date) {0C38737C-A27F-7D04-9F77-991873ABC167}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Acrobat 8 Professional - English, Français, Deutsch (x32 Version: 8.3.1 - Adobe Systems) Hidden
Adobe Acrobat 8.3.1 - CPSID_83708 (x32 Version: - Adobe Systems Incorporated)
Adobe Acrobat 8.3.1 Professional (x32 Version: 8.3.1 - Adobe Systems)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (x32 Version: 8.1.2 - Adobe Systems, Inc) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Bullzip PDF Printer 10.2.0.2141 (Version: 10.2.0.2141 - Bullzip)
Canon MP Navigator EX 1.0 (x32 Version: - )
Canon MP210 series (Version: - )
Canon MP210 series Benutzerregistrierung (x32 Version: - )
Canon My Printer (Version: - )
Canon Utilities Easy-PhotoPrint EX (x32 Version: - )
Canon Utilities Solution Menu (x32 Version: - )
Custom (Version: 01.00.00.002 - Wave Systems Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
Dell Client System Update (x32 Version: 1.3.0 - Dell Inc.)
Dell Data Protection | Access (Version: 2.3.00003.072 - Dell Inc.)
Dell Digital Delivery (x32 Version: 2.8.1000.0 - Dell Products, LP)
Dell Edoc Viewer (Version: 1.0.0 - Dell Inc)
Dell Feature Enhancement Pack (Version: 2.2.1 - Dell)
Dell Protected Workspace (x32 Version: 2.3.15502 - Invincea, Inc.)
Dell Touchpad (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (x32 Version: 1.40.54 - Creative Technology Ltd)
DellAccess (Version: 01.03.00.078 - Wave Systems Corp.) Hidden
EMBASSY Client Core (Version: 01.03.00.123 - Wave Systems Corp.) Hidden
ERAS Connector (Version: 02.09.05.0335 - Wave Systems Corp) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
GemPcCCID (Version: 2.0.1 - Gemalto) Hidden
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Control Center (x32 Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 8.1.20.1337 - Intel Corporation)
Intel(R) Network Connections 17.2.154.0 (Version: 17.2.154.0 - Intel)
Intel(R) Network Connections 17.2.154.0 (Version: 17.2.154.0 - Intel) Hidden
Intel(R) Processor Graphics (x32 Version: 8.15.10.2639 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.2.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.8.251 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (Version: 15.03.1000.1637 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.26.242.3 - Intel Corporation) Hidden
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Logitech Unifying-Software 2.10 (Version: 2.10.37 - Logitech)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
MergeModule_x64 (Version: 8.0.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (x32 Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Online Services-Anmeldeassistent (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual Basic for Applications 7.1 (x64) (Version: 7.1.00.00 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) English (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.57232 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: 8.0.50727.146 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 327.62 (Version: 327.62 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.62 (Version: 327.62 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.23.1 (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.141.953 - NVIDIA Corporation) Hidden
NVIDIA nView 140.75 (Version: 140.75 - NVIDIA Corporation)
NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2762 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.62 (Version: 327.62 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
NVIDIA WMI 2.14.0 (Version: 2.14.0 - NVIDIA Corporation)
Paint.NET v3.5.11 (Version: 3.61.0 - dotPDN LLC)
PBA Driver-x64 (Version: 1.0.1.8 - Dell Inc.) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PIXMA Extended Survey Program (x32 Version: - )
PlayMemories Home (x32 Version: 8.0.10.10290 - Sony Corporation)
Preboot Manager (Version: 03.05.00.043 - Wave Systems Corp.) Hidden
PremierColor (x32 Version: 2.00.053 - Portrait Displays, Inc.)
Private Information Manager (Version: 07.03.00.032 - Wave Systems Corp.) Hidden
ScanSoft OmniPage SE 4 (x32 Version: 15.2.0020 - Nuance Communications, Inc.)
SDK (x32 Version: 2.31.009 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
SI TSS (Version: 2.1.41 - Security Innovation) Hidden
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
SOHLib for PlayMemories Home (Version: 1.0.0.09130 - Sony Corporation) Hidden
SolidWorks 2013 x64 Edition SP0 (Version: 21.100.5024 - SolidWorks) Hidden
SolidWorks 2013 x64 Edition SP0 (x32 Version: 21.0.0.5024 - SolidWorks Corporation)
SolidWorks 2013 x64 German Resources (Version: 21.100.5024 - SolidWorks Corporation) Hidden
SolidWorks eDrawings 2013 x64 Edition SP0 (Version: 13.0.5016 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Explorer 2013 SP0 x64 Edition (Version: 21.00.5024 - SolidWorks Corporation) Hidden
SolidWorks Plastics 2013 SP0 x64 Edition (Version: 21.00.5024 - SolidWorks Corporation) Hidden
SPBA (WBF) 5.9 (Version: 5.9.7.7232 - Authentec Inc.) Hidden
ST Microelectronics 3 Axis Digital Accelerometer Solution (x32 Version: 4.10.0036 - ST Microelectronics)
toolkit32for64bit (x32 Version: 7.70.13.0001 - Wave Systems Corp) Hidden
Trend Micro Titanium (Version: 6.0 - Trend Micro Inc.)
Trend Micro Titanium (Version: 6.00 - Trend Micro Inc.) Hidden
Trusted Drive Manager (Version: 5.0.2.24 - Wave Systems Corp.) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
VBA (2627.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VBA (2701.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VNC Viewer 5.0.5 (Version: 5.0.5 - RealVNC Ltd)
Wave Crypto Runtime 2.0.9.0 x64 (Version: 02.00.09.0000 - Wave Systems Corp) Hidden
Wave Crypto Runtime 2.0.9.0 x86 (x32 Version: 02.00.09.0000 - Wave Systems Corp) Hidden
Wave Infrastructure Installer (Version: 07.70.13.0001 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.15.00.024 - Wave Systems Corp) Hidden
WIDCOMM Bluetooth Software (Version: 6.5.1.2410 - Broadcom Corporation)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Small Business Server 2008 ClientAgent (Version: 6.0.5601.6 - Microsoft Corporation)
Windows XP Mode (Version: 1.3.7600.16422 - Microsoft Corporation)
WinRAR 5.01 (64-Bit) (Version: 5.01.0 - win.rar GmbH)
==================== Restore Points =========================
Could not list Restore Points. Check WMI.
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
==================== Loaded Modules (whitelisted) =============
2013-08-04 00:01 - 2012-07-23 22:42 - 00080976 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\msgHook64.dll
2013-08-03 23:59 - 2013-12-04 02:22 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-08-04 00:01 - 2012-07-23 22:42 - 00268368 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dthook.dll
2013-08-04 01:40 - 2012-02-01 19:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-08-27 22:51 - 2012-05-02 20:27 - 00049664 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_49.dll
2013-08-27 22:51 - 2012-05-02 20:24 - 00064512 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_49.dll
2012-09-28 05:50 - 2012-09-28 05:50 - 00272488 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sldBodyDiffu.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:517
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:569
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:670
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/04/2014 03:22:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2014 02:49:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2014 02:01:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2014 01:06:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2014 00:59:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2014 00:43:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2014 11:49:06 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2014 11:47:30 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: key.exe, Version: 0.0.0.0, Zeitstempel: 0x52e3653e
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x030f2553
ID des fehlerhaften Prozesses: 0x17ec
Startzeit der fehlerhaften Anwendung: 0xkey.exe0
Pfad der fehlerhaften Anwendung: key.exe1
Pfad des fehlerhaften Moduls: key.exe2
Berichtskennung: key.exe3
Error: (02/04/2014 08:02:37 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/03/2014 01:38:26 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: key.exe, Version: 0.0.0.0, Zeitstempel: 0x52e3653e
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x02f02553
ID des fehlerhaften Prozesses: 0x13b4
Startzeit der fehlerhaften Anwendung: 0xkey.exe0
Pfad der fehlerhaften Anwendung: key.exe1
Pfad des fehlerhaften Moduls: key.exe2
Berichtskennung: key.exe3
System errors:
=============
Error: (02/04/2014 03:24:45 PM) (Source: TermService) (User: )
Description: Der Terminalserver kann den Dienstprinzipalnamen "TERMSRV", der für die Serverauthentifizierung verwendet werden soll, nicht registrieren. Der folgende Fehler ist aufgetreten: Die angegebene Domäne ist nicht vorhanden, oder es konnte keine Verbindung hergestellt werden.
.
Error: (02/04/2014 03:22:48 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT-AUTORITÄT)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error: (02/04/2014 03:22:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WvPCR" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Error: (02/04/2014 03:22:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SI TSS v1.2.1.41 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Error: (02/04/2014 03:22:44 PM) (Source: NETLOGON) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne SEMTEC aufgrund der folgenden
Ursache nicht einrichten:
%%1311
Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.
ZUSÄTZLICHE INFORMATIONEN
Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error: (02/04/2014 02:51:51 PM) (Source: TermService) (User: )
Description: Der Terminalserver kann den Dienstprinzipalnamen "TERMSRV", der für die Serverauthentifizierung verwendet werden soll, nicht registrieren. Der folgende Fehler ist aufgetreten: Die angegebene Domäne ist nicht vorhanden, oder es konnte keine Verbindung hergestellt werden.
.
Error: (02/04/2014 02:49:54 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT-AUTORITÄT)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error: (02/04/2014 02:49:50 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WvPCR" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Error: (02/04/2014 02:49:50 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SI TSS v1.2.1.41 TCS" ist vom Dienst "TPM-Basisdienste" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Error: (02/04/2014 02:49:50 PM) (Source: NETLOGON) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne SEMTEC aufgrund der folgenden
Ursache nicht einrichten:
%%1311
Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.
ZUSÄTZLICHE INFORMATIONEN
Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Microsoft Office Sessions:
=========================
Error: (02/04/2014 03:22:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2014 02:49:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2014 02:01:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2014 01:06:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2014 00:59:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2014 00:43:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2014 11:49:06 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/04/2014 11:47:30 AM) (Source: Application Error)(User: )
Description: key.exe0.0.0.052e3653eunknown0.0.0.000000000c0000005030f255317ec01cf21967fb1e32aC:\Users\ADMIN_~1\AppData\Local\Temp\7zE692FA50\key.exeunknownbe91806e-8d89-11e3-ad0e-f01faf30a743
Error: (02/04/2014 08:02:37 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/03/2014 01:38:26 PM) (Source: Application Error)(User: )
Description: key.exe0.0.0.052e3653eunknown0.0.0.000000000c000000502f0255313b401cf20dcd53a4cd5C:\Users\ADMIN_~1\AppData\Local\Temp\7z64BB73B0\key.exeunknown133c8940-8cd0-11e3-83a7-6c8814f7dfa8
==================== Memory info ===========================
Percentage of memory in use: 16%
Total physical RAM: 16267.77 MB
Available physical RAM: 13541.88 MB
Total Pagefile: 32533.72 MB
Available Pagefile: 29674.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:237.7 GB) (Free:122.13 GB) NTFS
Drive j: (Kingston) (Removable) (Total:0.96 GB) (Free:0.4 GB) FAT
==================== MBR & Partition Table ==================
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-04 15:40:26
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 LITEONIT rev.DC81 238,47GB
Running: 03_Gmer-19357.exe; Driver: C:\Users\ADMIN_~1\AppData\Local\Temp\uwdyiuoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077811465 2 bytes [81, 77]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778114bb 2 bytes [81, 77]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077811465 2 bytes [81, 77]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778114bb 2 bytes [81, 77]
.text ... * 2
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077811465 2 bytes [81, 77]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[4480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778114bb 2 bytes [81, 77]
.text ... * 2
.text C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007754af40 7 bytes JMP 000000016fff0260
.text C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077554a60 5 bytes JMP 000000016fff01b8
.text C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077572990 5 bytes JMP 000000016fff01f0
.text C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007757efe0 5 bytes JMP 000000016fff0148
.text C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775a99b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775b94d0 5 bytes JMP 000000016fff0180
.text C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000775b9640 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000775da500 7 bytes JMP 000000016fff0228
.text C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd732db0 5 bytes JMP 000007fffd720180
.text C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd7337d0 7 bytes JMP 000007fffd7200d8
.text C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd738ef0 6 bytes JMP 000007fffd720148
.text C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd74af60 5 bytes JMP 000007fffd720110
.text C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe4a89e0 8 bytes JMP 000007fffd7201f0
.text C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe4abe40 8 bytes JMP 000007fffd7201b8
.text C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef336dc88 5 bytes JMP 000007fff31600d8
.text C:\Windows\system32\Dwm.exe[4496] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef336de10 5 bytes JMP 000007fff3160110
.text C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077811465 2 bytes [81, 77]
.text C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778114bb 2 bytes [81, 77]
.text ... * 2
.text C:\Windows\SysWOW64\rundll32.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077811465 2 bytes [81, 77]
.text C:\Windows\SysWOW64\rundll32.exe[4336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778114bb 2 bytes [81, 77]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077811465 2 bytes [81, 77]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778114bb 2 bytes [81, 77]
.text ... * 2
.text C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe[4548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077811465 2 bytes [81, 77]
.text C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe[4548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778114bb 2 bytes [81, 77]
.text ... * 2
.text C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[4864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077811465 2 bytes [81, 77]
.text C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe[4864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778114bb 2 bytes [81, 77]
.text ... * 2
.text C:\Program Files (x86)\Portrait Displays\PremierColor\DTHtml.exe[4712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077811465 2 bytes [81, 77]
.text C:\Program Files (x86)\Portrait Displays\PremierColor\DTHtml.exe[4712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778114bb 2 bytes [81, 77]
.text ... * 2
.text C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077811465 2 bytes [81, 77]
.text C:\Windows\SysWOW64\RunDll32.exe[5664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778114bb 2 bytes [81, 77]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe[5448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077811465 2 bytes [81, 77]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe[5448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778114bb 2 bytes [81, 77]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077811465 2 bytes [81, 77]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778114bb 2 bytes [81, 77]
.text ... * 2
.text c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077811465 2 bytes [81, 77]
.text c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[4884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778114bb 2 bytes [81, 77]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077811465 2 bytes [81, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778114bb 2 bytes [81, 77]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077811465 2 bytes [81, 77]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778114bb 2 bytes [81, 77]
.text ... * 2
.text C:\Users\Mirko\Desktop\03_Gmer-19357.exe[6304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077811465 2 bytes [81, 77]
.text C:\Users\Mirko\Desktop\03_Gmer-19357.exe[6304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778114bb 2 bytes [81, 77]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6308:6808] 000007fefb492a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6308:6980] 000007fee0ca4830
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6308:7112] 000007fef78f5124
---- Processes - GMER 2.1 ----
Library C:\Users\Mirko\AppData\Local\Temp\mdi064.dll (*** suspicious ***) @ C:\Windows\SysWOW64\rundll32.exe [4336](2014-02-03 10:39:40) 00000000732d0000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\24fd5237bd0c
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\24fd5237bd0c (not active ControlSet)
---- EOF - GMER 2.1 ----
newi |
| Themen zu Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen |
| administrator, browser, defender, excel, explorer, firewall, flash player, home, homepage, malware, mobogenie, mobogenie entfernen, mozilla, nvidia, registry, rundll, security, services.exe, svchost.exe, system, win32/adware.kazaa.a, windows, winlogon.exe |
Baum-Darstellung