| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: wssetup.exe bei jedem Computer StartWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.06.2013, 14:50
| #1 |
 |  wssetup.exe bei jedem Computer Start Hallo Trojaner-Board Community, leider habe ich seit einigen Tagen das Problem, dass sich bei jedem Start WSS Setup öffnet und ich jetzt angst habe mir etwas eingefangen zu haben. Ich habe zwar auch mein Anti Virus Programm (Avast, kostenlose Version) bereits durchlaufen lassen leider hat das nichts gebracht. Unter diesem Topic: http://www.trojaner-board.de/136207-...stalliert.html habe ich bereits nach einer Lösung gesucht aber eure Goldene Regel wollte ich nicht verletzen, daher bitte ich euch mir zu helfen. Ich habe bereits AdwCleaner durchlaufen lassen hier der Bericht: ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\Program Files (x86)\SweetIM Ordner Gelöscht : C:\ProgramData\DeviceVM Ordner Gelöscht : C:\ProgramData\SweetIM Ordner Gelöscht : C:\Users\2Face\AppData\Roaming\DeviceVM Ordner Gelöscht : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4} Ordner Gelöscht : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D} Ordner Gelöscht : C:\Windows\SysWOW64\WNLT ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\BI Schlüssel Gelöscht : HKCU\Software\IM Schlüssel Gelöscht : HKCU\Software\ImInstaller Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKCU\Software\WNLT Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3 Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3 Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0E5680D1-BF44-4929-94AF-FD30D784AD1D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll] Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}] ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16576 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v14.0.1 (de) Datei : C:\Users\2Face\AppData\Roaming\Mozilla\Firefox\Profiles\0srcexbt.default\prefs.js Gelöscht : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,wrc%40avast.com:8.0.1489,%[...] -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\2Face\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [7775 octets] - [09/06/2013 15:33:52] ########## EOF - C:\AdwCleaner[S1].txt - [7835 octets] ########## Hier auch der OTL Bericht: OTL logfile created on: 09.06.2013 15:46:00 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\2Face\Desktop\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,90 Gb Total Physical Memory | 13,64 Gb Available Physical Memory | 85,83% Memory free 31,79 Gb Paging File | 29,28 Gb Available in Paging File | 92,11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 19,89 Gb Free Space | 16,69% Space Free | Partition Type: NTFS Drive D: | 2,85 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 931,51 Gb Total Space | 744,92 Gb Free Space | 79,97% Space Free | Partition Type: NTFS Computer Name: 2FACE-PC | User Name: 2Face | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.09 15:36:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\2Face\Desktop\Downloads\OTL.exe PRC - [2013.05.23 23:15:21 | 000,920,472 | ---- | M] (Mozilla Corporation) -- E:\Programme unter Windows\Mozilla Firefox\firefox.exe PRC - [2013.05.16 21:53:11 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- E:\Programme unter Windows\Avast Free Antivirus\AvastUI.exe PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- E:\Programme unter Windows\Avast Free Antivirus\AvastSvc.exe PRC - [2013.02.27 12:24:29 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.08.19 00:28:01 | 005,019,360 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUSB\XFastUsb.exe PRC - [2012.02.07 17:53:34 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.02.07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.02.07 17:52:04 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.02.07 17:27:24 | 000,121,344 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.01.26 19:40:44 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.11.29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.05.19 11:10:22 | 000,909,824 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe PRC - [2011.03.22 10:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe PRC - [2010.11.20 14:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe PRC - [2010.11.15 13:21:56 | 000,841,544 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe PRC - [2010.11.15 13:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe ========== Modules (No Company Name) ========== MOD - [2013.05.23 23:15:21 | 003,128,728 | ---- | M] () -- E:\Programme unter Windows\Mozilla Firefox\mozjs.dll MOD - [2013.05.16 21:53:11 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll MOD - [2013.05.16 10:49:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.16 10:49:08 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll MOD - [2013.05.16 10:49:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.02.27 15:51:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.02.27 15:51:39 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\389a1832a3da11e1b409cd6ae60cb9fa\IAStorCommon.ni.dll MOD - [2013.02.27 15:51:37 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c37cad9880fd222acaca3e78c3c19741\IAStorUtil.ni.dll MOD - [2013.02.27 15:51:32 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.02.27 15:51:24 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.02.27 15:51:21 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.02.27 15:51:17 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2013.01.28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2013.01.28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.12.12 07:32:26 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2012.10.05 12:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012.10.05 12:53:24 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2012.08.31 12:59:19 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll MOD - [2012.02.11 01:31:42 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll MOD - [2012.02.11 01:31:41 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll MOD - [2012.02.11 01:31:40 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll MOD - [2011.05.04 16:32:20 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\de-DE\THXAudNB.resources.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 03:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2010.11.05 03:58:10 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2010.11.05 03:58:04 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2010.11.05 03:57:46 | 000,610,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2009.06.10 23:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.05.16 21:53:11 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- E:\Programme unter Windows\Avast Free Antivirus\AvastSvc.exe -- (avast! Antivirus) SRV - [2013.02.27 12:24:29 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.12.14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.02.09 16:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent) SRV - [2012.02.07 17:53:34 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.02.07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.02.07 17:52:04 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.02.07 17:27:24 | 000,121,344 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.02.02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.10.19 16:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Programme\ASRock\XFast LAN\spd.exe -- (cFosSpeedS) SRV - [2011.03.22 10:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE) SRV - [2010.11.15 13:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe -- (SCBackService) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.06.09 15:34:52 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001) DRV:64bit: - [2013.05.30 13:15:50 | 000,032,320 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305) DRV:64bit: - [2013.05.09 10:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2013.05.09 10:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2013.05.09 10:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.12.14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.09.10 10:41:06 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.08.19 00:28:01 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX) DRV:64bit: - [2012.07.17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.09 16:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT) DRV:64bit: - [2012.02.09 16:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent) DRV:64bit: - [2012.02.09 16:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent) DRV:64bit: - [2012.01.26 19:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.01.26 19:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.01.26 19:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.01.13 12:52:38 | 000,031,016 | ---- | M] (ASRock Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AsrRamDisk.sys -- (AsrRamDisk) DRV:64bit: - [2011.11.29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.09.21 17:56:24 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64) DRV:64bit: - [2011.07.04 15:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed) DRV:64bit: - [2011.05.10 16:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger) DRV:64bit: - [2011.05.09 21:42:14 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.04 16:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.03.04 16:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.11.18 01:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:splashtopconnect IE - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 56 FD AB AC 7E CD 01 [binary data] IE - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH IE - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000\..\SearchScopes\{4D4BC5BC-AE86-4df4-A3C2-A62C2D07295D}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=PROTOSV IE - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000\..\SearchScopes\{51EFA4E9-8137-4aea-BF9D-3EBFB42DAA4A}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4107735745&ie=UTF-8&q=&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4107735745&q={searchTerms} IE - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Programme unter Windows\Itunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.4: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: E:\Programme unter Windows\Avast Free Antivirus\WebRep\FF [2013.05.23 23:12:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: E:\Programme unter Windows\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: E:\Programme unter Windows\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: E:\Programme unter Windows\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: E:\Programme unter Windows\Mozilla Firefox\plugins [2012.08.20 10:33:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\2Face\AppData\Roaming\mozilla\Extensions [2013.05.30 13:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\2Face\AppData\Roaming\mozilla\Firefox\Profiles\0srcexbt.default\extensions [2013.05.30 13:16:42 | 000,000,000 | ---D | M] (DDBAC Plug-In) -- C:\Users\2Face\AppData\Roaming\mozilla\Firefox\Profiles\0srcexbt.default\extensions\{271A3CF5-5A54-447B-A08F-BE805F0DA60A} [2012.11.16 15:01:56 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\2Face\AppData\Roaming\mozilla\firefox\profiles\0srcexbt.default\extensions\DivXWebPlayer@divx.com.xpi [2013.05.23 23:12:02 | 000,000,000 | ---D | M] (avast! Online Security) -- E:\PROGRAMME UNTER WINDOWS\AVAST FREE ANTIVIRUS\WEBREP\FF ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - Extension: Docs = C:\Users\2Face\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\2Face\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\2Face\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\2Face\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\2Face\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - E:\Programme unter Windows\Avast Free Antivirus\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Programme unter Windows\Avast Free Antivirus\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - E:\Programme unter Windows\Avast Free Antivirus\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Programme unter Windows\Avast Free Antivirus\aswWebRepIE.dll (AVAST Software) O3 - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [XFast LAN] C:\Programme\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] E:\Programme unter Windows\Avast Free Antivirus\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [StartCCC] E:\Programme unter Windows\ATI.ACE\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [STCAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe (Splashtop Inc.) O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKLM..\Run: [XFastUSB] C:\Program Files (x86)\XFastUSB\XFastUsb.exe (FNet Co., Ltd.) O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000..\Run: [ASRockXTU] File not found O4 - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000..\Run: [zASRockInstantBoot] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\2Face\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk = C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{345874A7-9D59-49CD-8BED-BAC6E98A70D0}: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BC42012-CBD0-4161-92E7-1D3CDB3E56D1}: DhcpNameServer = 10.74.210.210 10.74.210.211 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.01.05 21:30:20 | 000,000,039 | R--- | M] () - D:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{fe67fd91-e9b2-11e1-8276-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{fe67fd91-e9b2-11e1-8276-806e6f6e6963}\Shell\AutoRun\command - "" = D:\ASRSetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.03 00:11:06 | 000,000,000 | ---D | C] -- C:\Users\2Face\Documents\IAmAlive [2013.06.03 00:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield [2013.06.02 23:47:51 | 000,000,000 | ---D | C] -- C:\Users\2Face\Documents\Amazon Downloader Logs [2013.06.02 16:04:08 | 000,000,000 | ---D | C] -- C:\Users\2Face\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft [2013.06.02 15:59:30 | 000,033,792 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll [2013.06.02 15:59:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\jmdp [2013.06.02 15:59:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ARFC [2013.06.01 14:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.06.01 14:59:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.06.01 14:59:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.06.01 14:59:28 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.05.30 13:17:41 | 000,000,000 | ---D | C] -- C:\Users\2Face\AppData\Roaming\DataDesign [2013.05.30 13:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DataDesign [2013.05.23 23:14:36 | 000,000,000 | ---D | C] -- C:\Users\2Face\AppData\Local\Google [2013.05.23 23:13:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.05.17 00:15:17 | 000,000,000 | ---D | C] -- C:\Users\2Face\AppData\Local\Chromium [2013.05.17 00:15:13 | 000,000,000 | ---D | C] -- C:\Users\2Face\Documents\Rockstar Games [2013.05.16 23:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games [2013.05.16 22:26:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Rockstar Games [2013.05.16 18:29:47 | 000,000,000 | ---D | C] -- C:\Users\2Face\AppData\Roaming\elsterformular [2013.05.16 18:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular [2013.05.16 18:29:21 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.09 15:41:55 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.09 15:41:55 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.09 15:40:45 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.09 15:40:45 | 000,654,072 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.09 15:40:45 | 000,615,954 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.09 15:40:45 | 000,129,944 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.09 15:40:45 | 000,106,334 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.09 15:34:52 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys [2013.06.09 15:34:52 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2013.06.09 15:34:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.09 15:34:44 | 4211,900,414 | -HS- | M] () -- C:\hiberfil.sys [2013.06.09 14:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.09 14:41:04 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.06.09 14:41:04 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.06.09 13:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2013.06.09 02:16:07 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.06.02 16:04:08 | 000,000,798 | ---- | M] () -- C:\Users\2Face\Desktop\Uplay.lnk [2013.06.01 14:59:34 | 000,001,594 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.30 13:15:50 | 000,032,320 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS [2013.05.23 23:12:02 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.05.21 15:31:12 | 001,447,728 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe [2013.05.21 15:30:18 | 000,033,792 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll [2013.05.16 19:24:55 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI [2013.05.16 10:48:40 | 000,276,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.02 16:04:08 | 000,000,798 | ---- | C] () -- C:\Users\2Face\Desktop\Uplay.lnk [2013.06.02 15:59:30 | 001,447,728 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe [2013.06.01 14:59:34 | 000,001,594 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.16 19:24:55 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.12.14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.12.14 03:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.12.14 03:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.10.03 16:57:02 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.08.24 18:05:01 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.08.24 18:05:00 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.08.20 11:19:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.08.20 11:17:38 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.08.20 11:17:38 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.08.20 11:17:38 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.08.19 00:28:59 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2012.08.19 00:28:59 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2012.08.19 00:28:59 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2012.08.19 00:28:58 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012.08.19 00:28:58 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012.08.19 00:28:06 | 000,000,003 | ---- | C] () -- C:\Users\2Face\AppData\Local\user_data.ini [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.03.19 23:37:12 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.03.19 23:37:12 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.10 12:04:37 | 000,000,000 | ---D | M] -- C:\Users\2Face\AppData\Roaming\Bioshock2 [2013.05.30 13:17:41 | 000,000,000 | ---D | M] -- C:\Users\2Face\AppData\Roaming\DataDesign [2013.05.16 18:30:05 | 000,000,000 | ---D | M] -- C:\Users\2Face\AppData\Roaming\elsterformular [2013.03.03 17:28:09 | 000,000,000 | ---D | M] -- C:\Users\2Face\AppData\Roaming\Fatshark [2012.08.20 21:58:11 | 000,000,000 | ---D | M] -- C:\Users\2Face\AppData\Roaming\LolClient [2013.06.09 01:48:25 | 000,000,000 | ---D | M] -- C:\Users\2Face\AppData\Roaming\Origin [2012.08.20 10:35:51 | 000,000,000 | ---D | M] -- C:\Users\2Face\AppData\Roaming\Splashtop ========== Purity Check ========== < End of report > Schon mal vorab vielen Dank für eure Zeit! MFG x2Facex |
|
09.06.2013, 14:56
| #2 |
| /// Malware-holic   | wssetup.exe bei jedem Computer Start hi,
__________________Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
09.06.2013, 15:16
| #3 |
| | wssetup.exe bei jedem Computer Start Hallo Markusg,
__________________Danke für deine schnelle Hilfe: da ich zwei Reports bekommen habe poste ich dir beide: 1. 16:13:19.0886 1700 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 16:13:20.0006 1700 ============================================================ 16:13:20.0006 1700 Current date / time: 2013/06/09 16:13:20.0006 16:13:20.0006 1700 SystemInfo: 16:13:20.0006 1700 16:13:20.0006 1700 OS Version: 6.1.7601 ServicePack: 1.0 16:13:20.0006 1700 Product type: Workstation 16:13:20.0006 1700 ComputerName: 2FACE-PC 16:13:20.0006 1700 UserName: 2Face 16:13:20.0006 1700 Windows directory: C:\Windows 16:13:20.0006 1700 System windows directory: C:\Windows 16:13:20.0006 1700 Running under WOW64 16:13:20.0006 1700 Processor architecture: Intel x64 16:13:20.0006 1700 Number of processors: 4 16:13:20.0006 1700 Page size: 0x1000 16:13:20.0006 1700 Boot type: Normal boot 16:13:20.0007 1700 ============================================================ 16:13:20.0207 1700 Drive \Device\Harddisk1\DR1 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 16:13:20.0216 1700 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 16:13:20.0220 1700 ============================================================ 16:13:20.0220 1700 \Device\Harddisk1\DR1: 16:13:20.0220 1700 MBR partitions: 16:13:20.0220 1700 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 16:13:20.0220 1700 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000 16:13:20.0220 1700 \Device\Harddisk0\DR0: 16:13:20.0220 1700 MBR partitions: 16:13:20.0220 1700 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800 16:13:20.0220 1700 ============================================================ 16:13:20.0221 1700 C: <-> \Device\Harddisk1\DR1\Partition2 16:13:20.0248 1700 E: <-> \Device\Harddisk0\DR0\Partition1 16:13:20.0248 1700 ============================================================ 16:13:20.0248 1700 Initialize success 16:13:20.0248 1700 ============================================================ 16:13:38.0699 0204 Deinitialize success 2. 16:13:53.0489 4876 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 16:13:53.0611 4876 ============================================================ 16:13:53.0611 4876 Current date / time: 2013/06/09 16:13:53.0611 16:13:53.0611 4876 SystemInfo: 16:13:53.0611 4876 16:13:53.0611 4876 OS Version: 6.1.7601 ServicePack: 1.0 16:13:53.0611 4876 Product type: Workstation 16:13:53.0611 4876 ComputerName: 2FACE-PC 16:13:53.0611 4876 UserName: 2Face 16:13:53.0611 4876 Windows directory: C:\Windows 16:13:53.0611 4876 System windows directory: C:\Windows 16:13:53.0611 4876 Running under WOW64 16:13:53.0611 4876 Processor architecture: Intel x64 16:13:53.0611 4876 Number of processors: 4 16:13:53.0611 4876 Page size: 0x1000 16:13:53.0611 4876 Boot type: Normal boot 16:13:53.0611 4876 ============================================================ 16:13:53.0784 4876 Drive \Device\Harddisk1\DR1 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 16:13:53.0784 4876 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 16:13:53.0787 4876 ============================================================ 16:13:53.0787 4876 \Device\Harddisk1\DR1: 16:13:53.0787 4876 MBR partitions: 16:13:53.0787 4876 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 16:13:53.0787 4876 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000 16:13:53.0787 4876 \Device\Harddisk0\DR0: 16:13:53.0787 4876 MBR partitions: 16:13:53.0787 4876 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800 16:13:53.0787 4876 ============================================================ 16:13:53.0789 4876 C: <-> \Device\Harddisk1\DR1\Partition2 16:13:53.0789 4876 E: <-> \Device\Harddisk0\DR0\Partition1 16:13:53.0789 4876 ============================================================ 16:13:53.0789 4876 Initialize success 16:13:53.0789 4876 ============================================================ 16:14:06.0494 5696 ============================================================ 16:14:06.0494 5696 Scan started 16:14:06.0494 5696 Mode: Manual; SigCheck; TDLFS; 16:14:06.0494 5696 ============================================================ 16:14:06.0582 5696 ================ Scan system memory ======================== 16:14:06.0582 5696 System memory - ok 16:14:06.0583 5696 ================ Scan services ============================= 16:14:06.0613 5696 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 16:14:06.0651 5696 1394ohci - ok 16:14:06.0656 5696 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 16:14:06.0666 5696 ACPI - ok 16:14:06.0668 5696 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 16:14:06.0678 5696 AcpiPmi - ok 16:14:06.0701 5696 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 16:14:06.0708 5696 AdobeFlashPlayerUpdateSvc - ok 16:14:06.0715 5696 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 16:14:06.0728 5696 adp94xx - ok 16:14:06.0733 5696 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 16:14:06.0744 5696 adpahci - ok 16:14:06.0747 5696 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 16:14:06.0756 5696 adpu320 - ok 16:14:06.0759 5696 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 16:14:06.0780 5696 AeLookupSvc - ok 16:14:06.0786 5696 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 16:14:06.0798 5696 AFD - ok 16:14:06.0801 5696 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 16:14:06.0808 5696 agp440 - ok 16:14:06.0811 5696 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 16:14:06.0820 5696 ALG - ok 16:14:06.0822 5696 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 16:14:06.0828 5696 aliide - ok 16:14:06.0833 5696 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 16:14:06.0844 5696 AMD External Events Utility - ok 16:14:06.0847 5696 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 16:14:06.0853 5696 amdide - ok 16:14:06.0856 5696 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 16:14:06.0864 5696 AmdK8 - ok 16:14:06.0937 5696 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 16:14:07.0040 5696 amdkmdag - ok 16:14:07.0048 5696 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 16:14:07.0061 5696 amdkmdap - ok 16:14:07.0063 5696 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 16:14:07.0072 5696 AmdPPM - ok 16:14:07.0075 5696 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 16:14:07.0082 5696 amdsata - ok 16:14:07.0086 5696 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 16:14:07.0094 5696 amdsbs - ok 16:14:07.0096 5696 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 16:14:07.0102 5696 amdxata - ok 16:14:07.0105 5696 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 16:14:07.0125 5696 AppID - ok 16:14:07.0127 5696 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 16:14:07.0149 5696 AppIDSvc - ok 16:14:07.0152 5696 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll 16:14:07.0161 5696 Appinfo - ok 16:14:07.0165 5696 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 16:14:07.0173 5696 Apple Mobile Device - ok 16:14:07.0176 5696 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 16:14:07.0183 5696 arc - ok 16:14:07.0186 5696 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 16:14:07.0193 5696 arcsas - ok 16:14:07.0195 5696 [ 4DFF4312661F54EE87DC9A13CAEE60E0 ] asahci64 C:\Windows\system32\DRIVERS\asahci64.sys 16:14:07.0205 5696 asahci64 - ok 16:14:07.0208 5696 [ 6FE3237C1177E66437E7AD0E8AC1A6E5 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys 16:14:07.0218 5696 asmthub3 - ok 16:14:07.0223 5696 [ C4043E39A2ABBC56581CA25DF161E9F7 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys 16:14:07.0234 5696 asmtxhci - ok 16:14:07.0236 5696 [ E1AFEE1584C74050DE0DD16DE2A54BF3 ] AsrAppCharger C:\Windows\system32\DRIVERS\AsrAppCharger.sys 16:14:07.0242 5696 AsrAppCharger - ok 16:14:07.0245 5696 [ 0C3F9E39C0B10D351026D580D9FF6F86 ] AsrRamDisk C:\Windows\system32\DRIVERS\AsrRamDisk.sys 16:14:07.0250 5696 AsrRamDisk - ok 16:14:07.0253 5696 [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys 16:14:07.0259 5696 aswFsBlk - ok 16:14:07.0262 5696 [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys 16:14:07.0269 5696 aswMonFlt - ok 16:14:07.0271 5696 [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys 16:14:07.0278 5696 aswRdr - ok 16:14:07.0281 5696 [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys 16:14:07.0287 5696 aswRvrt - ok 16:14:07.0298 5696 [ 10ED1CAB84AA65983C41A11F60294C9B ] aswSnx C:\Windows\system32\drivers\aswSnx.sys 16:14:07.0312 5696 aswSnx - ok 16:14:07.0318 5696 [ 00E5253353717D3CA12A0F5A6F9991EC ] aswSP C:\Windows\system32\drivers\aswSP.sys 16:14:07.0327 5696 aswSP - ok 16:14:07.0330 5696 [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys 16:14:07.0336 5696 aswTdi - ok 16:14:07.0340 5696 [ 6359B99C955DB9F40B653159A0EED261 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys 16:14:07.0347 5696 aswVmm - ok 16:14:07.0349 5696 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 16:14:07.0370 5696 AsyncMac - ok 16:14:07.0373 5696 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 16:14:07.0379 5696 atapi - ok 16:14:07.0383 5696 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 16:14:07.0391 5696 AtiHDAudioService - ok 16:14:07.0399 5696 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 16:14:07.0424 5696 AudioEndpointBuilder - ok 16:14:07.0430 5696 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 16:14:07.0453 5696 AudioSrv - ok 16:14:07.0576 5696 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus E:\Programme unter Windows\Avast Free Antivirus\AvastSvc.exe 16:14:07.0590 5696 avast! Antivirus - ok 16:14:07.0595 5696 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 16:14:07.0616 5696 AxInstSV - ok 16:14:07.0623 5696 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 16:14:07.0636 5696 b06bdrv - ok 16:14:07.0642 5696 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 16:14:07.0654 5696 b57nd60a - ok 16:14:07.0659 5696 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 16:14:07.0669 5696 BDESVC - ok 16:14:07.0671 5696 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 16:14:07.0692 5696 Beep - ok 16:14:07.0701 5696 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 16:14:07.0726 5696 BFE - ok 16:14:07.0736 5696 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 16:14:07.0765 5696 BITS - ok 16:14:07.0767 5696 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 16:14:07.0776 5696 blbdrive - ok 16:14:07.0783 5696 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 16:14:07.0793 5696 Bonjour Service - ok 16:14:07.0796 5696 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 16:14:07.0804 5696 bowser - ok 16:14:07.0807 5696 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 16:14:07.0816 5696 BrFiltLo - ok 16:14:07.0818 5696 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 16:14:07.0827 5696 BrFiltUp - ok 16:14:07.0831 5696 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 16:14:07.0840 5696 Browser - ok 16:14:07.0844 5696 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 16:14:07.0855 5696 Brserid - ok 16:14:07.0857 5696 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 16:14:07.0867 5696 BrSerWdm - ok 16:14:07.0869 5696 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 16:14:07.0878 5696 BrUsbMdm - ok 16:14:07.0880 5696 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 16:14:07.0889 5696 BrUsbSer - ok 16:14:07.0891 5696 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 16:14:07.0901 5696 BTHMODEM - ok 16:14:07.0904 5696 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 16:14:07.0925 5696 bthserv - ok 16:14:07.0928 5696 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 16:14:07.0949 5696 cdfs - ok 16:14:07.0952 5696 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 16:14:07.0962 5696 cdrom - ok 16:14:07.0965 5696 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 16:14:07.0985 5696 CertPropSvc - ok 16:14:08.0000 5696 [ 33B82CF69E41B38A2EC0C3CABDE80D6E ] cFosSpeed C:\Windows\system32\DRIVERS\cfosspeed6.sys 16:14:08.0019 5696 cFosSpeed - ok 16:14:08.0025 5696 [ A469854CD303A39162931FA770EA45A2 ] cFosSpeedS C:\Program Files\ASRock\XFast LAN\spd.exe 16:14:08.0034 5696 cFosSpeedS - ok 16:14:08.0037 5696 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 16:14:08.0047 5696 circlass - ok 16:14:08.0052 5696 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 16:14:08.0062 5696 CLFS - ok 16:14:08.0068 5696 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:14:08.0075 5696 clr_optimization_v2.0.50727_32 - ok 16:14:08.0080 5696 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 16:14:08.0087 5696 clr_optimization_v2.0.50727_64 - ok 16:14:08.0095 5696 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 16:14:08.0102 5696 clr_optimization_v4.0.30319_32 - ok 16:14:08.0108 5696 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 16:14:08.0115 5696 clr_optimization_v4.0.30319_64 - ok 16:14:08.0117 5696 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 16:14:08.0125 5696 CmBatt - ok 16:14:08.0128 5696 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 16:14:08.0134 5696 cmdide - ok 16:14:08.0140 5696 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys 16:14:08.0154 5696 CNG - ok 16:14:08.0157 5696 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 16:14:08.0163 5696 Compbatt - ok 16:14:08.0165 5696 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 16:14:08.0175 5696 CompositeBus - ok 16:14:08.0177 5696 COMSysApp - ok 16:14:08.0182 5696 [ 815F3180B5117E42E422188E9CCC89C6 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe 16:14:08.0191 5696 cphs - ok 16:14:08.0193 5696 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 16:14:08.0200 5696 crcdisk - ok 16:14:08.0204 5696 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 16:14:08.0214 5696 CryptSvc - ok 16:14:08.0221 5696 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 16:14:08.0247 5696 DcomLaunch - ok 16:14:08.0251 5696 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 16:14:08.0275 5696 defragsvc - ok 16:14:08.0278 5696 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 16:14:08.0298 5696 DfsC - ok 16:14:08.0303 5696 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 16:14:08.0315 5696 Dhcp - ok 16:14:08.0317 5696 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 16:14:08.0338 5696 discache - ok 16:14:08.0341 5696 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 16:14:08.0347 5696 Disk - ok 16:14:08.0351 5696 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 16:14:08.0362 5696 Dnscache - ok 16:14:08.0366 5696 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 16:14:08.0388 5696 dot3svc - ok 16:14:08.0392 5696 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 16:14:08.0413 5696 DPS - ok 16:14:08.0415 5696 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 16:14:08.0424 5696 drmkaud - ok 16:14:08.0434 5696 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 16:14:08.0448 5696 DXGKrnl - ok 16:14:08.0451 5696 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 16:14:08.0473 5696 EapHost - ok 16:14:08.0498 5696 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 16:14:08.0534 5696 ebdrv - ok 16:14:08.0537 5696 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 16:14:08.0546 5696 EFS - ok 16:14:08.0555 5696 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 16:14:08.0570 5696 ehRecvr - ok 16:14:08.0573 5696 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 16:14:08.0582 5696 ehSched - ok 16:14:08.0588 5696 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 16:14:08.0600 5696 elxstor - ok 16:14:08.0603 5696 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 16:14:08.0611 5696 ErrDev - ok 16:14:08.0618 5696 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 16:14:08.0642 5696 EventSystem - ok 16:14:08.0646 5696 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 16:14:08.0668 5696 exfat - ok 16:14:08.0672 5696 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 16:14:08.0694 5696 fastfat - ok 16:14:08.0702 5696 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 16:14:08.0716 5696 Fax - ok 16:14:08.0719 5696 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 16:14:08.0728 5696 fdc - ok 16:14:08.0730 5696 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 16:14:08.0751 5696 fdPHost - ok 16:14:08.0753 5696 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 16:14:08.0775 5696 FDResPub - ok 16:14:08.0777 5696 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 16:14:08.0784 5696 FileInfo - ok 16:14:08.0786 5696 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 16:14:08.0807 5696 Filetrace - ok 16:14:08.0809 5696 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 16:14:08.0816 5696 flpydisk - ok 16:14:08.0821 5696 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 16:14:08.0830 5696 FltMgr - ok 16:14:08.0833 5696 [ 508401A63E6B1CBF0B9C9A011498731F ] FNETTBOH_305 C:\Windows\system32\drivers\FNETTBOH_305.SYS 16:14:08.0839 5696 FNETTBOH_305 - ok 16:14:08.0841 5696 [ 7C3C4B4C951EC1BDFD4F769D05E2CC68 ] FNETURPX C:\Windows\system32\drivers\FNETURPX.SYS 16:14:08.0846 5696 FNETURPX - ok 16:14:08.0857 5696 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 16:14:08.0875 5696 FontCache - ok 16:14:08.0878 5696 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 16:14:08.0883 5696 FontCache3.0.0.0 - ok 16:14:08.0886 5696 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 16:14:08.0893 5696 FsDepends - ok 16:14:08.0895 5696 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 16:14:08.0901 5696 Fs_Rec - ok 16:14:08.0905 5696 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 16:14:08.0915 5696 fvevol - ok 16:14:08.0917 5696 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 16:14:08.0924 5696 gagp30kx - ok 16:14:08.0927 5696 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 16:14:08.0932 5696 GEARAspiWDM - ok 16:14:08.0941 5696 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 16:14:08.0967 5696 gpsvc - ok 16:14:08.0970 5696 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 16:14:08.0978 5696 hcw85cir - ok 16:14:08.0983 5696 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 16:14:08.0995 5696 HdAudAddService - ok 16:14:08.0998 5696 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 16:14:09.0008 5696 HDAudBus - ok 16:14:09.0010 5696 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 16:14:09.0019 5696 HidBatt - ok 16:14:09.0021 5696 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 16:14:09.0032 5696 HidBth - ok 16:14:09.0034 5696 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 16:14:09.0043 5696 HidIr - ok 16:14:09.0046 5696 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 16:14:09.0067 5696 hidserv - ok 16:14:09.0069 5696 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 16:14:09.0077 5696 HidUsb - ok 16:14:09.0080 5696 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 16:14:09.0101 5696 hkmsvc - ok 16:14:09.0105 5696 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 16:14:09.0115 5696 HomeGroupListener - ok 16:14:09.0120 5696 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 16:14:09.0137 5696 HomeGroupProvider - ok 16:14:09.0150 5696 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 16:14:09.0158 5696 HpSAMD - ok 16:14:09.0166 5696 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 16:14:09.0192 5696 HTTP - ok 16:14:09.0194 5696 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 16:14:09.0200 5696 hwpolicy - ok 16:14:09.0203 5696 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 16:14:09.0212 5696 i8042prt - ok 16:14:09.0219 5696 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 16:14:09.0229 5696 iaStor - ok 16:14:09.0233 5696 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 16:14:09.0239 5696 IAStorDataMgrSvc - ok 16:14:09.0244 5696 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 16:14:09.0255 5696 iaStorV - ok 16:14:09.0264 5696 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 16:14:09.0279 5696 idsvc - ok 16:14:09.0315 5696 [ 348214F96642FD4FEF630DE021BA3540 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 16:14:09.0368 5696 igfx - ok 16:14:09.0371 5696 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 16:14:09.0377 5696 iirsp - ok 16:14:09.0380 5696 [ 67999A9D34A0B2479381E7A61AFC37AB ] ikbevent C:\Windows\system32\DRIVERS\ikbevent.sys 16:14:09.0386 5696 ikbevent - ok 16:14:09.0395 5696 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 16:14:09.0423 5696 IKEEXT - ok 16:14:09.0425 5696 [ DDAE90DD5BDAC53C8C5CD5B82FC1F1B4 ] imsevent C:\Windows\system32\DRIVERS\imsevent.sys 16:14:09.0431 5696 imsevent - ok 16:14:09.0464 5696 [ F242E36CDA231701CFA702641C20FAEC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 16:14:09.0507 5696 IntcAzAudAddService - ok 16:14:09.0517 5696 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe 16:14:09.0529 5696 Intel(R) Capability Licensing Service Interface - ok 16:14:09.0532 5696 [ 709C8623721A1F1EF388EA75A07EC33B ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe 16:14:09.0536 5696 Intel(R) ME Service ( UnsignedFile.Multi.Generic ) - warning 16:14:09.0536 5696 Intel(R) ME Service - detected UnsignedFile.Multi.Generic (1) 16:14:09.0538 5696 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 16:14:09.0545 5696 intelide - ok 16:14:09.0547 5696 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 16:14:09.0555 5696 intelppm - ok 16:14:09.0558 5696 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 16:14:09.0580 5696 IPBusEnum - ok 16:14:09.0583 5696 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:14:09.0603 5696 IpFilterDriver - ok 16:14:09.0609 5696 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 16:14:09.0622 5696 iphlpsvc - ok 16:14:09.0625 5696 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 16:14:09.0634 5696 IPMIDRV - ok 16:14:09.0637 5696 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 16:14:09.0658 5696 IPNAT - ok 16:14:09.0666 5696 [ 2872B90D57C8310194A78A9787406467 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 16:14:09.0677 5696 iPod Service - ok 16:14:09.0680 5696 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 16:14:09.0690 5696 IRENUM - ok 16:14:09.0692 5696 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 16:14:09.0699 5696 isapnp - ok 16:14:09.0703 5696 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 16:14:09.0712 5696 iScsiPrt - ok 16:14:09.0714 5696 [ 970995B7C36F4408ED31C3BF204FE1F5 ] ISCT C:\Windows\system32\DRIVERS\ISCTD64.sys 16:14:09.0720 5696 ISCT - ok 16:14:09.0724 5696 [ 6F60B7AD044924B8C1E32D692C593612 ] ISCTAgent C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe 16:14:09.0730 5696 ISCTAgent - ok 16:14:09.0732 5696 [ 6BCEF45131C8B8E1C558BE540B190B3C ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys 16:14:09.0738 5696 iusb3hcs - ok 16:14:09.0743 5696 [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys 16:14:09.0751 5696 iusb3hub - ok 16:14:09.0760 5696 [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys 16:14:09.0771 5696 iusb3xhc - ok 16:14:09.0774 5696 [ C44B44E24B929631D9D7368F5B2B40CF ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe 16:14:09.0781 5696 jhi_service - ok 16:14:09.0787 5696 [ 455B75C19BF3F1F2EE3AC10E1169826C ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys 16:14:09.0796 5696 k57nd60a - ok 16:14:09.0798 5696 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 16:14:09.0805 5696 kbdclass - ok 16:14:09.0807 5696 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 16:14:09.0815 5696 kbdhid - ok 16:14:09.0817 5696 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 16:14:09.0825 5696 KeyIso - ok 16:14:09.0828 5696 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 16:14:09.0835 5696 KSecDD - ok 16:14:09.0838 5696 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 16:14:09.0846 5696 KSecPkg - ok 16:14:09.0848 5696 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 16:14:09.0869 5696 ksthunk - ok 16:14:09.0874 5696 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 16:14:09.0898 5696 KtmRm - ok 16:14:09.0903 5696 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 16:14:09.0926 5696 LanmanServer - ok 16:14:09.0929 5696 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 16:14:09.0951 5696 LanmanWorkstation - ok 16:14:09.0955 5696 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 16:14:09.0975 5696 lltdio - ok 16:14:09.0979 5696 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 16:14:10.0004 5696 lltdsvc - ok 16:14:10.0005 5696 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 16:14:10.0027 5696 lmhosts - ok 16:14:10.0031 5696 [ 75F29D77B0540FCF47EE3BE000BBABDA ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 16:14:10.0040 5696 LMS - ok 16:14:10.0043 5696 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 16:14:10.0051 5696 LSI_FC - ok 16:14:10.0054 5696 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 16:14:10.0061 5696 LSI_SAS - ok 16:14:10.0064 5696 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 16:14:10.0070 5696 LSI_SAS2 - ok 16:14:10.0073 5696 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 16:14:10.0081 5696 LSI_SCSI - ok 16:14:10.0084 5696 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 16:14:10.0105 5696 luafv - ok 16:14:10.0107 5696 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys 16:14:10.0113 5696 MBfilt - ok 16:14:10.0116 5696 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 16:14:10.0126 5696 Mcx2Svc - ok 16:14:10.0128 5696 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 16:14:10.0135 5696 megasas - ok 16:14:10.0139 5696 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 16:14:10.0148 5696 MegaSR - ok 16:14:10.0151 5696 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 16:14:10.0157 5696 MEIx64 - ok 16:14:10.0159 5696 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 16:14:10.0181 5696 MMCSS - ok 16:14:10.0183 5696 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 16:14:10.0203 5696 Modem - ok 16:14:10.0205 5696 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 16:14:10.0214 5696 monitor - ok 16:14:10.0216 5696 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 16:14:10.0223 5696 mouclass - ok 16:14:10.0225 5696 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 16:14:10.0234 5696 mouhid - ok 16:14:10.0236 5696 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 16:14:10.0244 5696 mountmgr - ok 16:14:10.0247 5696 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 16:14:10.0255 5696 mpio - ok 16:14:10.0257 5696 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 16:14:10.0278 5696 mpsdrv - ok 16:14:10.0287 5696 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 16:14:10.0315 5696 MpsSvc - ok 16:14:10.0318 5696 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 16:14:10.0330 5696 MRxDAV - ok 16:14:10.0334 5696 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 16:14:10.0342 5696 mrxsmb - ok 16:14:10.0347 5696 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:14:10.0357 5696 mrxsmb10 - ok 16:14:10.0360 5696 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:14:10.0368 5696 mrxsmb20 - ok 16:14:10.0370 5696 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 16:14:10.0377 5696 msahci - ok 16:14:10.0380 5696 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 16:14:10.0388 5696 msdsm - ok 16:14:10.0391 5696 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 16:14:10.0402 5696 MSDTC - ok 16:14:10.0405 5696 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 16:14:10.0426 5696 Msfs - ok 16:14:10.0428 5696 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 16:14:10.0448 5696 mshidkmdf - ok 16:14:10.0450 5696 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 16:14:10.0456 5696 msisadrv - ok 16:14:10.0460 5696 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 16:14:10.0482 5696 MSiSCSI - ok 16:14:10.0484 5696 msiserver - ok 16:14:10.0486 5696 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 16:14:10.0507 5696 MSKSSRV - ok 16:14:10.0509 5696 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 16:14:10.0530 5696 MSPCLOCK - ok 16:14:10.0532 5696 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 16:14:10.0552 5696 MSPQM - ok 16:14:10.0557 5696 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 16:14:10.0567 5696 MsRPC - ok 16:14:10.0570 5696 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 16:14:10.0576 5696 mssmbios - ok 16:14:10.0579 5696 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 16:14:10.0599 5696 MSTEE - ok 16:14:10.0601 5696 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 16:14:10.0609 5696 MTConfig - ok 16:14:10.0611 5696 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 16:14:10.0617 5696 Mup - ok 16:14:10.0623 5696 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 16:14:10.0647 5696 napagent - ok 16:14:10.0652 5696 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 16:14:10.0665 5696 NativeWifiP - ok 16:14:10.0675 5696 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 16:14:10.0691 5696 NDIS - ok 16:14:10.0694 5696 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 16:14:10.0714 5696 NdisCap - ok 16:14:10.0716 5696 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 16:14:10.0737 5696 NdisTapi - ok 16:14:10.0739 5696 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 16:14:10.0759 5696 Ndisuio - ok 16:14:10.0763 5696 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 16:14:10.0784 5696 NdisWan - ok 16:14:10.0787 5696 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 16:14:10.0806 5696 NDProxy - ok 16:14:10.0809 5696 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys 16:14:10.0816 5696 Netaapl - ok 16:14:10.0818 5696 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 16:14:10.0839 5696 NetBIOS - ok 16:14:10.0843 5696 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 16:14:10.0865 5696 NetBT - ok 16:14:10.0867 5696 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 16:14:10.0875 5696 Netlogon - ok 16:14:10.0880 5696 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 16:14:10.0904 5696 Netman - ok 16:14:10.0910 5696 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 16:14:10.0936 5696 netprofm - ok 16:14:10.0938 5696 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 16:14:10.0945 5696 NetTcpPortSharing - ok 16:14:10.0948 5696 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 16:14:10.0954 5696 nfrd960 - ok 16:14:10.0959 5696 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 16:14:10.0970 5696 NlaSvc - ok 16:14:10.0972 5696 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 16:14:10.0993 5696 Npfs - ok 16:14:10.0995 5696 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 16:14:11.0017 5696 nsi - ok 16:14:11.0019 5696 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 16:14:11.0039 5696 nsiproxy - ok 16:14:11.0054 5696 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 16:14:11.0078 5696 Ntfs - ok 16:14:11.0080 5696 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 16:14:11.0101 5696 Null - ok 16:14:11.0104 5696 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 16:14:11.0112 5696 nvraid - ok 16:14:11.0115 5696 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 16:14:11.0123 5696 nvstor - ok 16:14:11.0126 5696 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 16:14:11.0134 5696 nv_agp - ok 16:14:11.0136 5696 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 16:14:11.0145 5696 ohci1394 - ok 16:14:11.0150 5696 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 16:14:11.0161 5696 p2pimsvc - ok 16:14:11.0167 5696 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 16:14:11.0179 5696 p2psvc - ok 16:14:11.0182 5696 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 16:14:11.0190 5696 Parport - ok 16:14:11.0193 5696 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 16:14:11.0200 5696 partmgr - ok 16:14:11.0203 5696 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 16:14:11.0216 5696 PcaSvc - ok 16:14:11.0219 5696 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 16:14:11.0228 5696 pci - ok 16:14:11.0230 5696 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 16:14:11.0236 5696 pciide - ok 16:14:11.0240 5696 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 16:14:11.0249 5696 pcmcia - ok 16:14:11.0251 5696 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 16:14:11.0258 5696 pcw - ok 16:14:11.0265 5696 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 16:14:11.0291 5696 PEAUTH - ok 16:14:11.0311 5696 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 16:14:11.0320 5696 PerfHost - ok 16:14:11.0335 5696 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 16:14:11.0369 5696 pla - ok 16:14:11.0375 5696 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 16:14:11.0387 5696 PlugPlay - ok 16:14:11.0390 5696 PnkBstrA - ok 16:14:11.0392 5696 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 16:14:11.0401 5696 PNRPAutoReg - ok 16:14:11.0406 5696 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 16:14:11.0416 5696 PNRPsvc - ok 16:14:11.0422 5696 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 16:14:11.0447 5696 PolicyAgent - ok 16:14:11.0451 5696 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 16:14:11.0474 5696 Power - ok 16:14:11.0477 5696 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 16:14:11.0498 5696 PptpMiniport - ok 16:14:11.0500 5696 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 16:14:11.0509 5696 Processor - ok 16:14:11.0513 5696 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 16:14:11.0523 5696 ProfSvc - ok 16:14:11.0525 5696 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 16:14:11.0533 5696 ProtectedStorage - ok 16:14:11.0536 5696 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 16:14:11.0557 5696 Psched - ok 16:14:11.0570 5696 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 16:14:11.0593 5696 ql2300 - ok 16:14:11.0596 5696 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 16:14:11.0604 5696 ql40xx - ok 16:14:11.0608 5696 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 16:14:11.0622 5696 QWAVE - ok 16:14:11.0624 5696 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 16:14:11.0635 5696 QWAVEdrv - ok 16:14:11.0637 5696 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 16:14:11.0657 5696 RasAcd - ok 16:14:11.0660 5696 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 16:14:11.0681 5696 RasAgileVpn - ok 16:14:11.0684 5696 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 16:14:11.0706 5696 RasAuto - ok 16:14:11.0710 5696 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 16:14:11.0731 5696 Rasl2tp - ok 16:14:11.0736 5696 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 16:14:11.0761 5696 RasMan - ok 16:14:11.0764 5696 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 16:14:11.0785 5696 RasPppoe - ok 16:14:11.0788 5696 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 16:14:11.0810 5696 RasSstp - ok 16:14:11.0815 5696 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 16:14:11.0838 5696 rdbss - ok 16:14:11.0840 5696 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 16:14:11.0850 5696 rdpbus - ok 16:14:11.0852 5696 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 16:14:11.0873 5696 RDPCDD - ok 16:14:11.0877 5696 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 16:14:11.0897 5696 RDPENCDD - ok 16:14:11.0900 5696 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 16:14:11.0920 5696 RDPREFMP - ok 16:14:11.0924 5696 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 16:14:11.0932 5696 RdpVideoMiniport - ok 16:14:11.0935 5696 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 16:14:11.0945 5696 RDPWD - ok 16:14:11.0949 5696 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 16:14:11.0957 5696 rdyboost - ok 16:14:11.0960 5696 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 16:14:11.0982 5696 RemoteAccess - ok 16:14:11.0985 5696 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 16:14:12.0008 5696 RemoteRegistry - ok 16:14:12.0011 5696 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 16:14:12.0034 5696 RpcEptMapper - ok 16:14:12.0036 5696 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 16:14:12.0045 5696 RpcLocator - ok 16:14:12.0051 5696 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 16:14:12.0074 5696 RpcSs - ok 16:14:12.0077 5696 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 16:14:12.0098 5696 rspndr - ok 16:14:12.0100 5696 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 16:14:12.0108 5696 SamSs - ok 16:14:12.0111 5696 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 16:14:12.0118 5696 sbp2port - ok 16:14:12.0122 5696 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 16:14:12.0145 5696 SCardSvr - ok 16:14:12.0152 5696 [ 8475E746EB72D04F1015E6F091F50E09 ] SCBackService C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe 16:14:12.0162 5696 SCBackService - ok 16:14:12.0165 5696 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 16:14:12.0185 5696 scfilter - ok 16:14:12.0195 5696 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 16:14:12.0226 5696 Schedule - ok 16:14:12.0229 5696 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 16:14:12.0248 5696 SCPolicySvc - ok 16:14:12.0252 5696 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 16:14:12.0263 5696 SDRSVC - ok 16:14:12.0265 5696 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 16:14:12.0285 5696 secdrv - ok 16:14:12.0288 5696 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 16:14:12.0309 5696 seclogon - ok 16:14:12.0312 5696 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 16:14:12.0334 5696 SENS - ok 16:14:12.0336 5696 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 16:14:12.0346 5696 SensrSvc - ok 16:14:12.0348 5696 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 16:14:12.0356 5696 Serenum - ok 16:14:12.0358 5696 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 16:14:12.0367 5696 Serial - ok 16:14:12.0369 5696 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 16:14:12.0378 5696 sermouse - ok 16:14:12.0383 5696 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 16:14:12.0405 5696 SessionEnv - ok 16:14:12.0407 5696 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 16:14:12.0415 5696 sffdisk - ok 16:14:12.0417 5696 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 16:14:12.0425 5696 sffp_mmc - ok 16:14:12.0427 5696 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 16:14:12.0437 5696 sffp_sd - ok 16:14:12.0439 5696 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 16:14:12.0447 5696 sfloppy - ok 16:14:12.0452 5696 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 16:14:12.0476 5696 SharedAccess - ok 16:14:12.0481 5696 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 16:14:12.0505 5696 ShellHWDetection - ok 16:14:12.0508 5696 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 16:14:12.0515 5696 SiSRaid2 - ok 16:14:12.0517 5696 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 16:14:12.0524 5696 SiSRaid4 - ok 16:14:12.0527 5696 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 16:14:12.0548 5696 Smb - ok 16:14:12.0552 5696 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 16:14:12.0562 5696 SNMPTRAP - ok 16:14:12.0565 5696 [ 0FFE35F0B0CD5A324BBE22F02569AE3B ] speedfan C:\Windows\syswow64\speedfan.sys 16:14:12.0572 5696 speedfan - ok 16:14:12.0574 5696 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 16:14:12.0581 5696 spldr - ok 16:14:12.0587 5696 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 16:14:12.0601 5696 Spooler - ok 16:14:12.0626 5696 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 16:14:12.0677 5696 sppsvc - ok 16:14:12.0680 5696 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 16:14:12.0702 5696 sppuinotify - ok 16:14:12.0708 5696 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 16:14:12.0720 5696 srv - ok 16:14:12.0725 5696 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 16:14:12.0737 5696 srv2 - ok 16:14:12.0740 5696 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 16:14:12.0750 5696 srvnet - ok 16:14:12.0753 5696 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 16:14:12.0776 5696 SSDPSRV - ok 16:14:12.0779 5696 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 16:14:12.0801 5696 SstpSvc - ok 16:14:12.0803 5696 Steam Client Service - ok 16:14:12.0805 5696 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 16:14:12.0812 5696 stexstor - ok 16:14:12.0818 5696 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 16:14:12.0835 5696 stisvc - ok 16:14:12.0837 5696 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 16:14:12.0844 5696 swenum - ok 16:14:12.0850 5696 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 16:14:12.0876 5696 swprv - ok 16:14:12.0890 5696 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 16:14:12.0917 5696 SysMain - ok 16:14:12.0920 5696 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 16:14:12.0933 5696 TabletInputService - ok 16:14:12.0937 5696 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 16:14:12.0960 5696 TapiSrv - ok 16:14:12.0963 5696 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 16:14:12.0985 5696 TBS - ok 16:14:13.0001 5696 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 16:14:13.0027 5696 Tcpip - ok 16:14:13.0041 5696 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 16:14:13.0063 5696 TCPIP6 - ok 16:14:13.0066 5696 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 16:14:13.0074 5696 tcpipreg - ok 16:14:13.0077 5696 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 16:14:13.0085 5696 TDPIPE - ok 16:14:13.0087 5696 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 16:14:13.0095 5696 TDTCP - ok 16:14:13.0098 5696 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 16:14:13.0118 5696 tdx - ok 16:14:13.0121 5696 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 16:14:13.0127 5696 TermDD - ok 16:14:13.0135 5696 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 16:14:13.0162 5696 TermService - ok 16:14:13.0164 5696 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 16:14:13.0177 5696 Themes - ok 16:14:13.0179 5696 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 16:14:13.0200 5696 THREADORDER - ok 16:14:13.0203 5696 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 16:14:13.0226 5696 TrkWks - ok 16:14:13.0230 5696 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 16:14:13.0251 5696 TrustedInstaller - ok 16:14:13.0254 5696 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 16:14:13.0274 5696 tssecsrv - ok 16:14:13.0276 5696 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 16:14:13.0285 5696 TsUsbFlt - ok 16:14:13.0288 5696 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 16:14:13.0309 5696 tunnel - ok 16:14:13.0312 5696 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 16:14:13.0319 5696 uagp35 - ok 16:14:13.0324 5696 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 16:14:13.0347 5696 udfs - ok 16:14:13.0351 5696 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 16:14:13.0361 5696 UI0Detect - ok 16:14:13.0364 5696 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 16:14:13.0371 5696 uliagpkx - ok 16:14:13.0373 5696 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 16:14:13.0381 5696 umbus - ok 16:14:13.0384 5696 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 16:14:13.0391 5696 UmPass - ok 16:14:13.0398 5696 [ 193AD338F2A64D17300AD640ADFA5D0A ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 16:14:13.0407 5696 UNS - ok 16:14:13.0412 5696 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 16:14:13.0436 5696 upnphost - ok 16:14:13.0439 5696 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 16:14:13.0446 5696 USBAAPL64 - ok 16:14:13.0449 5696 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 16:14:13.0457 5696 usbccgp - ok 16:14:13.0460 5696 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 16:14:13.0470 5696 usbcir - ok 16:14:13.0472 5696 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 16:14:13.0480 5696 usbehci - ok 16:14:13.0485 5696 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 16:14:13.0496 5696 usbhub - ok 16:14:13.0498 5696 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 16:14:13.0506 5696 usbohci - ok 16:14:13.0508 5696 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 16:14:13.0518 5696 usbprint - ok 16:14:13.0521 5696 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 16:14:13.0530 5696 usbscan - ok 16:14:13.0532 5696 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:14:13.0540 5696 USBSTOR - ok 16:14:13.0543 5696 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 16:14:13.0551 5696 usbuhci - ok 16:14:13.0553 5696 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 16:14:13.0575 5696 UxSms - ok 16:14:13.0577 5696 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 16:14:13.0586 5696 VaultSvc - ok 16:14:13.0588 5696 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 16:14:13.0594 5696 vdrvroot - ok 16:14:13.0601 5696 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 16:14:13.0626 5696 vds - ok 16:14:13.0628 5696 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 16:14:13.0638 5696 vga - ok 16:14:13.0640 5696 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 16:14:13.0660 5696 VgaSave - ok 16:14:13.0664 5696 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 16:14:13.0673 5696 vhdmp - ok 16:14:13.0675 5696 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 16:14:13.0682 5696 viaide - ok 16:14:13.0684 5696 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 16:14:13.0691 5696 volmgr - ok 16:14:13.0696 5696 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 16:14:13.0706 5696 volmgrx - ok 16:14:13.0711 5696 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 16:14:13.0720 5696 volsnap - ok 16:14:13.0724 5696 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 16:14:13.0732 5696 vsmraid - ok 16:14:13.0746 5696 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 16:14:13.0780 5696 VSS - ok 16:14:13.0782 5696 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 16:14:13.0792 5696 vwifibus - ok 16:14:13.0797 5696 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 16:14:13.0821 5696 W32Time - ok 16:14:13.0825 5696 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 16:14:13.0833 5696 WacomPen - ok 16:14:13.0836 5696 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 16:14:13.0856 5696 WANARP - ok 16:14:13.0858 5696 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 16:14:13.0877 5696 Wanarpv6 - ok 16:14:13.0890 5696 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 16:14:13.0912 5696 wbengine - ok 16:14:13.0916 5696 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 16:14:13.0929 5696 WbioSrvc - ok 16:14:13.0934 5696 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 16:14:13.0949 5696 wcncsvc - ok 16:14:13.0952 5696 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 16:14:13.0961 5696 WcsPlugInService - ok 16:14:13.0969 5696 [ 147C60622CB53E901EFD8BB6D44A4C46 ] WCUService_STC_IE C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe 16:14:13.0978 5696 WCUService_STC_IE - ok 16:14:13.0980 5696 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 16:14:13.0987 5696 Wd - ok 16:14:13.0996 5696 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 16:14:14.0011 5696 Wdf01000 - ok 16:14:14.0014 5696 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 16:14:14.0027 5696 WdiServiceHost - ok 16:14:14.0029 5696 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 16:14:14.0041 5696 WdiSystemHost - ok 16:14:14.0045 5696 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 16:14:14.0059 5696 WebClient - ok 16:14:14.0063 5696 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 16:14:14.0087 5696 Wecsvc - ok 16:14:14.0090 5696 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 16:14:14.0113 5696 wercplsupport - ok 16:14:14.0116 5696 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 16:14:14.0138 5696 WerSvc - ok 16:14:14.0140 5696 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 16:14:14.0160 5696 WfpLwf - ok 16:14:14.0163 5696 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 16:14:14.0170 5696 WIMMount - ok 16:14:14.0171 5696 WinDefend - ok 16:14:14.0174 5696 WinHttpAutoProxySvc - ok 16:14:14.0184 5696 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 16:14:14.0206 5696 Winmgmt - ok 16:14:14.0223 5696 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 16:14:14.0262 5696 WinRM - ok 16:14:14.0266 5696 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 16:14:14.0276 5696 WinUsb - ok 16:14:14.0286 5696 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 16:14:14.0305 5696 Wlansvc - ok 16:14:14.0326 5696 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 16:14:14.0355 5696 wlidsvc - ok 16:14:14.0358 5696 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 16:14:14.0366 5696 WmiAcpi - ok 16:14:14.0371 5696 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 16:14:14.0381 5696 wmiApSrv - ok 16:14:14.0382 5696 WMPNetworkSvc - ok 16:14:14.0385 5696 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 16:14:14.0394 5696 WPCSvc - ok 16:14:14.0397 5696 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 16:14:14.0408 5696 WPDBusEnum - ok 16:14:14.0410 5696 [ 7CA09731EB7FC99B910C7F239E57720F ] WPRO_41_2001 C:\Windows\system32\drivers\WPRO_41_2001.sys 16:14:14.0416 5696 WPRO_41_2001 - ok 16:14:14.0418 5696 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 16:14:14.0439 5696 ws2ifsl - ok 16:14:14.0442 5696 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 16:14:14.0454 5696 wscsvc - ok 16:14:14.0456 5696 WSearch - ok 16:14:14.0475 5696 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 16:14:14.0509 5696 wuauserv - ok 16:14:14.0512 5696 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 16:14:14.0521 5696 WudfPf - ok 16:14:14.0525 5696 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 16:14:14.0534 5696 WUDFRd - ok 16:14:14.0537 5696 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 16:14:14.0547 5696 wudfsvc - ok 16:14:14.0551 5696 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll 16:14:14.0562 5696 WwanSvc - ok 16:14:14.0565 5696 ================ Scan global =============================== 16:14:14.0567 5696 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 16:14:14.0571 5696 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 16:14:14.0577 5696 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 16:14:14.0581 5696 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 16:14:14.0587 5696 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 16:14:14.0590 5696 [Global] - ok 16:14:14.0590 5696 ================ Scan MBR ================================== 16:14:14.0592 5696 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1 16:14:14.0686 5696 \Device\Harddisk1\DR1 - ok 16:14:14.0689 5696 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 16:14:14.0735 5696 \Device\Harddisk0\DR0 - ok 16:14:14.0736 5696 ================ Scan VBR ================================== 16:14:14.0738 5696 [ D4EF3BDE08F48D40FF78B682C33965D3 ] \Device\Harddisk1\DR1\Partition1 16:14:14.0740 5696 \Device\Harddisk1\DR1\Partition1 - ok 16:14:14.0742 5696 [ BC4C10495C899A65E0CD1EFCA003BC0E ] \Device\Harddisk1\DR1\Partition2 16:14:14.0743 5696 \Device\Harddisk1\DR1\Partition2 - ok 16:14:14.0746 5696 [ A4AD29AEA01A1E9032D91B95E9D394D5 ] \Device\Harddisk0\DR0\Partition1 16:14:14.0748 5696 \Device\Harddisk0\DR0\Partition1 - ok 16:14:14.0749 5696 ============================================================ 16:14:14.0749 5696 Scan finished 16:14:14.0749 5696 ============================================================ 16:14:14.0756 3928 Detected object count: 1 16:14:14.0756 3928 Actual detected object count: 1 16:14:38.0436 3928 Intel(R) ME Service ( UnsignedFile.Multi.Generic ) - skipped by user 16:14:38.0436 3928 Intel(R) ME Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:14:50.0196 4832 Deinitialize success |
|
09.06.2013, 15:17
| #4 |
| /// Malware-holic | wssetup.exe bei jedem Computer Start Passt Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.06.2013, 15:40
| #5 |
| | wssetup.exe bei jedem Computer Start Hier der Combofix Bericht: ein neustart hat Combofix nicht gemacht. Combofix Logfile: Code:
ATTFilter ComboFix 13-06-08.02 - 2Face 09.06.2013 16:36:18.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.16278.14214 [GMT 2:00]
ausgeführt von:: c:\users\2Face\Desktop\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-09 bis 2013-06-09 ))))))))))))))))))))))))))))))
.
.
2013-06-09 14:38 . 2013-06-09 14:38 -------- d-----w- c:\users\hedev\AppData\Local\temp
2013-06-09 14:38 . 2013-06-09 14:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-07 14:19 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3831F00E-CF6D-4A27-97A8-DDDF020EA094}\mpengine.dll
2013-06-02 22:10 . 2013-06-02 22:10 -------- d-----w- c:\programdata\Solidshield
2013-06-02 13:59 . 2013-06-02 13:59 -------- d-----w- c:\windows\SysWow64\jmdp
2013-06-02 13:59 . 2013-06-02 13:59 -------- d-----w- c:\windows\SysWow64\ARFC
2013-06-02 13:59 . 2013-05-21 13:31 1447728 ----a-w- c:\windows\system32\dmwu.exe
2013-06-02 13:59 . 2013-05-21 13:30 33792 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-06-01 12:59 . 2013-06-01 12:59 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-01 12:59 . 2013-06-01 12:59 -------- d-----w- c:\program files\iTunes
2013-06-01 12:59 . 2013-06-01 12:59 -------- d-----w- c:\program files\iPod
2013-05-30 11:17 . 2013-05-30 11:17 -------- d-----w- c:\users\2Face\AppData\Roaming\DataDesign
2013-05-30 11:17 . 2013-05-30 11:17 -------- d-----w- c:\program files (x86)\Common Files\DataDesign
2013-05-30 10:44 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-30 10:44 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-30 10:44 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-05-23 21:14 . 2013-05-23 21:14 -------- d-----w- c:\users\2Face\AppData\Local\Google
2013-05-23 21:13 . 2013-05-23 21:15 -------- d-----w- c:\program files (x86)\Google
2013-05-16 22:15 . 2013-05-16 22:15 -------- d-----w- c:\users\2Face\AppData\Local\Chromium
2013-05-16 21:58 . 2013-05-16 21:58 -------- d-----w- c:\program files (x86)\Rockstar Games
2013-05-16 20:26 . 2013-05-16 20:26 -------- d-----w- c:\programdata\Rockstar Games
2013-05-16 16:29 . 2013-05-16 16:30 -------- d-----w- c:\users\2Face\AppData\Roaming\elsterformular
2013-05-16 16:29 . 2013-05-16 16:29 -------- d-----w- c:\programdata\elsterformular
2013-05-16 08:48 . 2013-06-09 14:21 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
2013-05-15 14:28 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 14:28 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 14:28 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 14:28 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 14:28 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 14:28 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 14:28 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 14:28 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 14:28 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 14:28 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-09 14:21 . 2012-08-18 22:27 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2013-06-09 12:41 . 2012-08-24 17:35 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-06-09 12:41 . 2012-08-24 16:05 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-06-09 00:16 . 2012-08-24 16:05 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-05-30 11:15 . 2012-09-26 00:05 32320 ----a-w- c:\windows\system32\drivers\FNETTBOH_305.SYS
2013-05-16 19:53 . 2012-08-20 08:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-16 19:53 . 2012-08-20 08:21 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 19:16 . 2012-08-20 08:04 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-09 08:59 . 2013-03-06 19:55 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-03-06 19:55 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2012-08-20 09:28 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2012-08-20 09:28 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2012-08-20 09:28 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2012-08-20 09:28 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2012-08-20 09:28 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2012-08-20 09:28 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2012-08-20 09:28 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2012-08-20 09:28 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-02 00:06 . 2012-08-20 08:00 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-30 10:44 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-30 10:44 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-30 10:44 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-30 10:44 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-30 10:44 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-30 10:44 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-25 15:06 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-29 02:01 . 2013-03-29 02:01 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-29 02:01 . 2013-03-29 02:01 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-29 02:01 . 2013-03-29 02:01 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-29 02:01 . 2013-03-29 02:01 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-29 02:01 . 2013-03-29 02:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-29 02:01 . 2013-03-29 02:01 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-29 02:01 . 2013-03-29 02:01 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-29 02:01 . 2013-03-29 02:01 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-29 02:01 . 2013-03-29 02:01 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-29 02:01 . 2013-03-29 02:01 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-29 02:01 . 2013-03-29 02:01 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-29 02:01 . 2013-03-29 02:01 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-29 02:01 . 2013-03-29 02:01 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-29 02:01 . 2013-03-29 02:01 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-29 02:01 . 2013-03-29 02:01 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-29 02:01 . 2013-03-29 02:01 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-29 02:01 . 2013-03-29 02:01 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-29 02:01 . 2013-03-29 02:01 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-29 02:01 . 2013-03-29 02:01 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-29 02:01 . 2013-03-29 02:01 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-29 02:01 . 2013-03-29 02:01 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-29 02:01 . 2013-03-29 02:01 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-29 02:01 . 2013-03-29 02:01 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-29 02:01 . 2013-03-29 02:01 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-29 02:01 . 2013-03-29 02:01 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-29 02:01 . 2013-03-29 02:01 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-29 02:01 . 2013-03-29 02:01 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-29 02:01 . 2013-03-29 02:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-29 02:01 . 2013-03-29 02:01 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-29 02:01 . 2013-03-29 02:01 441856 ----a-w- c:\windows\system32\html.iec
2013-03-29 02:01 . 2013-03-29 02:01 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-29 02:01 . 2013-03-29 02:01 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-29 02:01 . 2013-03-29 02:01 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-29 02:01 . 2013-03-29 02:01 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-29 02:01 . 2013-03-29 02:01 235008 ----a-w- c:\windows\system32\url.dll
2013-03-29 02:01 . 2013-03-29 02:01 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-29 02:01 . 2013-03-29 02:01 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-29 02:01 . 2013-03-29 02:01 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-29 02:01 . 2013-03-29 02:01 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-29 02:01 . 2013-03-29 02:01 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-29 02:01 . 2013-03-29 02:01 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-29 02:01 . 2013-03-29 02:01 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-29 02:01 . 2013-03-29 02:01 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-29 02:01 . 2013-03-29 02:01 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-29 02:01 . 2013-03-29 02:01 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-29 02:01 . 2013-03-29 02:01 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-29 02:01 . 2013-03-29 02:01 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-29 02:01 . 2013-03-29 02:01 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-29 02:01 . 2013-03-29 02:01 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-29 02:00 . 2013-03-29 02:00 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-29 02:00 . 2013-03-29 02:00 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-29 02:00 . 2013-03-29 02:00 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-03-29 02:00 . 2013-03-29 02:00 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-03-29 02:00 . 2013-03-29 02:00 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-29 02:00 . 2013-03-29 02:00 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-29 02:00 . 2013-03-29 02:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-29 02:00 . 2013-03-29 02:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-29 02:00 . 2013-03-29 02:00 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-03-29 02:00 . 2013-03-29 02:00 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-03-29 02:00 . 2013-03-29 02:00 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-03-29 02:00 . 2013-03-29 02:00 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-29 02:00 . 2013-03-29 02:00 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-29 02:00 . 2013-03-29 02:00 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-03-29 02:00 . 2013-03-29 02:00 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-03-29 02:00 . 2013-03-29 02:00 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-03-29 02:00 . 2013-03-29 02:00 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-29 02:00 . 2013-03-29 02:00 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-29 02:00 . 2013-03-29 02:00 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-03-29 02:00 . 2013-03-29 02:00 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-03-29 02:00 . 2013-03-29 02:00 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-29 02:00 . 2013-03-29 02:00 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-29 02:00 . 2013-03-29 02:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-29 02:00 . 2013-03-29 02:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-29 02:00 . 2013-03-29 02:00 296960 ----a-w- c:\windows\system32\d3d10core.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]
"XFastUSB"="c:\program files (x86)\XFastUSB\XFastUsb.exe" [2012-08-18 5019360]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-01-21 776064]
"ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
"avast"="e:\programme unter windows\Avast Free Antivirus\avastUI.exe" [2013-05-09 4858968]
"StartCCC"="e:\programme unter windows\ATI.ACE\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"iTunesHelper"="e:\programme unter windows\Itunes\iTunesHelper.exe" [2013-05-15 152392]
.
c:\users\2Face\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung SSD Magician.lnk - c:\program files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe [2012-8-19 2056192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS;c:\windows\SYSNATIVE\drivers\FNETTBOH_305.SYS [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys;c:\windows\SYSNATIVE\DRIVERS\AsrRamDisk.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS;c:\windows\SYSNATIVE\drivers\FNETURPX.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-20 19:53]
.
2013-06-09 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
2013-06-09 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- e:\programme unter windows\Avast Free Antivirus\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824]
"XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-10-19 1441152]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:splashtopconnect
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-ASRockXTU - (no file)
Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2114312325-3313927327-4253881512-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:60,71,46,47,b0,c3,1c,34,38,0b,20,2c,39,67,a3,b9,f8,2c,97,19,6a,a5,2c,
c7,de,6c,cc,d7,1a,ee,38,92,c8,8b,f3,a4,a5,23,d2,8c,9a,a4,26,a5,8b,75,31,94,\
"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b
.
[HKEY_USERS\S-1-5-21-2114312325-3313927327-4253881512-1000\Software\SecuROM\License information*]
"datasecu"=hex:95,74,f9,92,30,c5,89,27,9e,18,bb,e4,a4,2e,52,8a,3c,74,e2,60,e5,
7b,49,cb,aa,5c,8c,ef,0e,0e,00,8a,a1,ab,27,c0,8b,5a,cd,c8,77,22,2b,e1,38,76,\
"rkeysecu"=hex:42,41,35,b4,96,7f,05,e0,7c,cf,51,84,35,fb,0e,d5
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-09 16:39:20
ComboFix-quarantined-files.txt 2013-06-09 14:39
.
Vor Suchlauf: 10 Verzeichnis(se), 22.553.628.672 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 22.595.407.872 Bytes frei
.
- - End Of File - - B8D44A918092366EB0D4A7775F4778C7
D41D8CD98F00B204E9800998ECF8427E |
|
09.06.2013, 18:05
| #6 |
| /// Malware-holic | wssetup.exe bei jedem Computer Start Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ --> wssetup.exe bei jedem Computer Start |
|
10.06.2013, 10:25
| #7 |
| | wssetup.exe bei jedem Computer Start hi Markusg, habe dir den Bericht von Malwarebytes angehangen: Malwarebytes Anti-Malware 1.75.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.06.09.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 2Face :: 2FACE-PC [Administrator] 09.06.2013 20:19:46 mbam-log-2013-06-09 (20-19-46).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 364245 Laufzeit: 18 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
10.06.2013, 10:44
| #8 |
| /// Malware-holic | wssetup.exe bei jedem Computer Start Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.06.2013, 16:50
| #9 |
| | wssetup.exe bei jedem Computer Start Hallo, anbei die gewünschte Liste Crysis(R) Electronic Arts 03.10.2012 6,40GB 1.00.0000 Notwendig Darksiders II Vigil Games 22.12.2012 Notwendig DDBAC DataDesign 30.05.2013 8,84MB 5.3.0 Unbekannt Diablo III Blizzard Entertainment 09.06.2013 1.0.8.16603 Notwendig ESN Sonar ESN Social Software AB 14.05.2013 0.70.4 Unbekannt Far Cry 3 Ubisoft 27.02.2013 1.05 Notwendig Geeks3D.com FurMark 1.10.6 Geeks3D.com 13.04.2013 7,04MB Unbekannt I Am Alive Ubisoft 03.06.2013 2,01GB 1.01.0 Notwendig Intel(R) Control Center Intel Corporation 19.08.2012 1.2.1.1007 Intel(R) Manageability Engine Firmware Recovery Agent Intel Corporation 19.08.2012 54,8MB 1.0.0.35342 Unbekannt Intel(R) Management Engine Components Intel Corporation 19.08.2012 8.0.2.1410 Unbekannt Intel(R) Processor Graphics Intel Corporation 27.02.2013 9.17.10.2932 Unbekannt Intel(R) Rapid Storage Technology Intel Corporation 19.08.2012 11.0.0.1032 Unbekannt Intel(R) Smart Connect Technology 2.0 x64 Intel 19.08.2012 6,03MB 2.0.1083.0 Unbekannt Intel(R) USB 3.0 eXtensible Host Controller Driver Intel Corporation 26.01.2012 1.0.3.214 Unbekannt Intel® Trusted Connect Service Client Intel Corporation 19.08.2012 10,6MB 1.23.605.1 Unbekannt iTunes Apple Inc. 01.06.2013 187MB 11.0.3.42 Unbekannt League of Legends Riot Games 03.04.2013 1.3 Notwendig Mafia II 2K Czech 20.08.2012 Notwendig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 09.06.2013 19,2MB 1.75.0.1300 Notwendig Max Payne 3 Rockstar Games 16.05.2013 1.0.0.0 Notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 31.10.2012 38,8MB 4.0.30319 Notwendig Microsoft Games for Windows - LIVE Microsoft Corporation 04.04.2013 8,31MB 3.1.186.0 Notwendig Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 23.12.2012 31,3MB 3.5.92.0 Notwendig Microsoft Silverlight Microsoft Corporation 13.03.2013 100MB 5.1.20125.0 Unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 24.12.2012 300KB 8.0.59193 Unbekannt Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 03.10.2012 708KB 8.0.61000 Unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 21.08.2012 252KB 9.0.30729 Unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 19.08.2012 788KB 9.0.30729.4148 Unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 24.12.2012 786KB 9.0.30729.6161 Unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 24.08.2012 240KB 9.0.30729 Unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 19.08.2012 596KB 9.0.30729.4148 Unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 24.12.2012 598KB 9.0.30729.6161 Unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 27.02.2013 13,7MB 10.0.30319 Unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 24.12.2012 12,2MB 10.0.40219 Unbekannt Mozilla Firefox 21.0 (x86 de) Mozilla 24.05.2013 44,5MB 21.0 Notwendig NVIDIA PhysX NVIDIA Corporation 21.08.2012 78,9MB 9.10.0513 Unbekannt Origin Electronic Arts, Inc. 24.08.2012 9.0.2.2065 Notwendig Pando Media Booster Pando Networks Inc. 20.08.2012 5,46MB 2.6.0.8 Unbekannt PlanetSide 2 Sony Online Entertainment 30.11.2012 Nicht notwendig PunkBuster Services Even Balance, Inc. 27.02.2013 0.993 Notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 19.08.2012 6.0.1.6559 Notwendig Rockstar Games Social Club Rockstar Games 16.05.2013 1.1.0.1 Notwendig Samsung SSD Magician Samsung Electronics 19.08.2012 35,4MB 3.1 Notwendig SpeedFan (remove only) 17.04.2013 Notwendig Splashtop Connect IE Splashtop Inc. 20.08.2012 1.1.12.1 Unbekannt Star Wars: The Old Republic Electronic Arts, Inc. 19.01.2013 27,2MB 1.00 Notwendig Steam Valve Corporation 20.08.2012 42,2MB 1.0.0.0 Notwendig TeamSpeak 3 Client TeamSpeak Systems GmbH 21.08.2012 3.0.6 Notwendig The Elder Scrolls V: Skyrim Bethesda Game Studios 24.10.2012 Notwendig THX TruStudio Creative Technology Limited 19.08.2012 1.00.01 Notwendig Uplay Ubisoft 09.06.2013 3.0 Notwendig Warhammer 40,000: Dawn of War - Game of the Year Edition Relic 29.12.2012 Nicht notwendig Warhammer 40,000: Dawn of War – Dark Crusade Relic 29.12.2012 Nicht notwendig Warhammer 40,000: Dawn of War – Winter Assault Relic 29.12.2012 Nicht notwendig Warhammer® 40,000™: Dawn of War® II Relic 22.12.2012 Nicht notwendig Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ Relic 23.12.2012 Nicht notwendig Warhammer® 40,000™: Dawn of War® II – Retribution™ Relic 22.12.2012 Nicht notwendig Windows Live ID Sign-in Assistant Microsoft Corporation 23.12.2012 10,0MB 6.500.3165.0 Nicht notwendig XFast LAN v6.61 cFos Software GmbH, Bonn 19.08.2012 6.61 Notwendig XFastUSB ASRock Inc. 19.08.2012 3.02.28 Notwendig |
|
10.06.2013, 19:12
| #10 |
| /// Malware-holic | wssetup.exe bei jedem Computer Start deine liste is nich vollständig denke ich. beginnt erst ab c
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.06.2013, 19:46
| #11 |
| | wssetup.exe bei jedem Computer Start Acrobat.com Adobe Systems Incorporated 19.08.2012 1.1.377 Notwendig Adobe AIR Adobe Systems Incorporated 17.05.2013 3.7.0.1860 Notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 15.05.2013 6,00MB 11.7.700.202 Notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 16.05.2013 6,00MB 11.7.700.202 Notwendig Adobe Reader 9 Adobe Systems Incorporated 19.08.2012 202MB 9.0.0 AMD Catalyst Install Manager Advanced Micro Devices, Inc. 26.01.2013 26,3MB 8.0.903.0 Notwendig Apple Application Support Apple Inc. 01.06.2013 64,7MB 2.3.4 Notwendig? Apple Mobile Device Support Apple Inc. 17.04.2013 25,2MB 6.1.0.13 Notwendig? Apple Software Update Apple Inc. 17.04.2013 2,38MB 2.1.3.127 Notwendig? Asmedia ASM104x USB 3.0 Host Controller Driver Asmedia Technology 19.08.2012 2,22MB 1.10.1.0 Asmedia ASM106x SATA Host Controller Driver Asmedia Technology 19.08.2012 96,0KB 1.3.1.000 Notwendig? ASRock App Charger v1.0.5 ASRock Inc. 19.08.2012 1,32MB Notwendig ASRock eXtreme Tuner v0.1.181 19.08.2012 21,8MB Notwendig ASRock InstantBoot v1.29 19.08.2012 Unbekannt ASRock SmartConnect v1.0.6 ASRock Inc. 19.08.2012 3,00MB Unbekannt ASRock XFast RAM v2.0.9 ASRock Inc. 19.08.2012 10,6MB Notwendig avast! Free Antivirus AVAST Software 23.05.2013 8.0.1489.0 Notwendig Battlefield 1942™ Electronic Arts 21.11.2012 1,21GB 1.6.20.0 Notwendig Battlefield 3™ Electronic Arts 04.09.2012 1.4.0.0 Notwendig Battlelog Web Plugins EA Digital Illusions CE AB 25.05.2013 2.1.4 BioShock Infinite Irrational Games 10.04.2013 Notwendig Bonjour Apple Inc. 17.04.2013 2,00MB 3.0.0.10 Unbekannt Broadcom NetLink Controller Broadcom Corporation 11.11.2012 508KB 14.8.5.1 Unbekannt CCleaner Piriform 24.05.2013 4.02 Notwendig Crysis(R) Electronic Arts 03.10.2012 6,40GB 1.00.0000 Notwendig Darksiders II Vigil Games 22.12.2012 Notwendig DDBAC DataDesign 30.05.2013 8,84MB 5.3.0 Unbekannt Diablo III Blizzard Entertainment 09.06.2013 1.0.8.16603 Notwendig ESN Sonar ESN Social Software AB 14.05.2013 0.70.4 Unbekannt Far Cry 3 Ubisoft 27.02.2013 1.05 Notwendig Geeks3D.com FurMark 1.10.6 Geeks3D.com 13.04.2013 7,04MB Unbekannt I Am Alive Ubisoft 03.06.2013 2,01GB 1.01.0 Notwendig Intel(R) Control Center Intel Corporation 19.08.2012 1.2.1.1007 Intel(R) Manageability Engine Firmware Recovery Agent Intel Corporation 19.08.2012 54,8MB 1.0.0.35342 Unbekannt Intel(R) Management Engine Components Intel Corporation 19.08.2012 8.0.2.1410 Unbekannt Intel(R) Processor Graphics Intel Corporation 27.02.2013 9.17.10.2932 Unbekannt Intel(R) Rapid Storage Technology Intel Corporation 19.08.2012 11.0.0.1032 Unbekannt Intel(R) Smart Connect Technology 2.0 x64 Intel 19.08.2012 6,03MB 2.0.1083.0 Unbekannt Intel(R) USB 3.0 eXtensible Host Controller Driver Intel Corporation 26.01.2012 1.0.3.214 Unbekannt Intel® Trusted Connect Service Client Intel Corporation 19.08.2012 10,6MB 1.23.605.1 Unbekannt iTunes Apple Inc. 01.06.2013 187MB 11.0.3.42 Unbekannt League of Legends Riot Games 03.04.2013 1.3 Notwendig Mafia II 2K Czech 20.08.2012 Notwendig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 09.06.2013 19,2MB 1.75.0.1300 Notwendig Max Payne 3 Rockstar Games 16.05.2013 1.0.0.0 Notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 31.10.2012 38,8MB 4.0.30319 Notwendig Microsoft Games for Windows - LIVE Microsoft Corporation 04.04.2013 8,31MB 3.1.186.0 Notwendig Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 23.12.2012 31,3MB 3.5.92.0 Notwendig Microsoft Silverlight Microsoft Corporation 13.03.2013 100MB 5.1.20125.0 Unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 24.12.2012 300KB 8.0.59193 Unbekannt Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 03.10.2012 708KB 8.0.61000 Unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 21.08.2012 252KB 9.0.30729 Unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 19.08.2012 788KB 9.0.30729.4148 Unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 24.12.2012 786KB 9.0.30729.6161 Unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 24.08.2012 240KB 9.0.30729 Unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 19.08.2012 596KB 9.0.30729.4148 Unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 24.12.2012 598KB 9.0.30729.6161 Unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 27.02.2013 13,7MB 10.0.30319 Unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 24.12.2012 12,2MB 10.0.40219 Unbekannt Mozilla Firefox 21.0 (x86 de) Mozilla 24.05.2013 44,5MB 21.0 Notwendig NVIDIA PhysX NVIDIA Corporation 21.08.2012 78,9MB 9.10.0513 Unbekannt Origin Electronic Arts, Inc. 24.08.2012 9.0.2.2065 Notwendig Pando Media Booster Pando Networks Inc. 20.08.2012 5,46MB 2.6.0.8 Unbekannt PlanetSide 2 Sony Online Entertainment 30.11.2012 Nicht notwendig PunkBuster Services Even Balance, Inc. 27.02.2013 0.993 Notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 19.08.2012 6.0.1.6559 Notwendig Rockstar Games Social Club Rockstar Games 16.05.2013 1.1.0.1 Notwendig Samsung SSD Magician Samsung Electronics 19.08.2012 35,4MB 3.1 Notwendig SpeedFan (remove only) 17.04.2013 Notwendig Splashtop Connect IE Splashtop Inc. 20.08.2012 1.1.12.1 Unbekannt Star Wars: The Old Republic Electronic Arts, Inc. 19.01.2013 27,2MB 1.00 Notwendig Steam Valve Corporation 20.08.2012 42,2MB 1.0.0.0 Notwendig TeamSpeak 3 Client TeamSpeak Systems GmbH 21.08.2012 3.0.6 Notwendig The Elder Scrolls V: Skyrim Bethesda Game Studios 24.10.2012 Notwendig THX TruStudio Creative Technology Limited 19.08.2012 1.00.01 Notwendig Uplay Ubisoft 09.06.2013 3.0 Notwendig Warhammer 40,000: Dawn of War - Game of the Year Edition Relic 29.12.2012 Nicht notwendig Warhammer 40,000: Dawn of War – Dark Crusade Relic 29.12.2012 Nicht notwendig Warhammer 40,000: Dawn of War – Winter Assault Relic 29.12.2012 Nicht notwendig Warhammer® 40,000™: Dawn of War® II Relic 22.12.2012 Nicht notwendig Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ Relic 23.12.2012 Nicht notwendig Warhammer® 40,000™: Dawn of War® II – Retribution™ Relic 22.12.2012 Nicht notwendig Windows Live ID Sign-in Assistant Microsoft Corporation 23.12.2012 10,0MB 6.500.3165.0 Nicht notwendig XFast LAN v6.61 cFos Software GmbH, Bonn 19.08.2012 6.61 Notwendig XFastUSB ASRock Inc. 19.08.2012 3.02.28 Notwendig Nun aber  |
|
10.06.2013, 21:42
| #12 |
| /// Malware-holic | wssetup.exe bei jedem Computer Start deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: ESN Geeks3D Öffne CCleaner, analysieren, starten, pc neustarten. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2013, 10:53
| #13 |
| | wssetup.exe bei jedem Computer Start Hallo Markusg, anbei der gewünschte Report. Habe alle schritte so befolgt wie du es gesagt hast. Eine Frage bleibt jedoch, wenn ich jetzt videos im Internet schaue, geht das trotzdem mit Adobe Flash player oder habe ich das jetzt komplett unterdrückt? Das Spiel League of Legends verlangt ein Adobe Air Programm. Dann sollte ich das wohl wieder installieren oder? Könntest du mir evtl. erklären was ESN Geeks3D für Programme sind? Laut der Homepage ist ESN ein VOIP Anbieter? Was geeks3D allerdings ist weiß ich nicht.AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 12/06/2013 um 11:47:45 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : 2Face - 2FACE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\2Face\Desktop\System\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\WNLT
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16611
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v14.0.1 (de)
Datei : C:\Users\2Face\AppData\Roaming\Mozilla\Firefox\Profiles\0srcexbt.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\2Face\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [7898 octets] - [09/06/2013 15:33:52]
AdwCleaner[S2].txt - [1009 octets] - [12/06/2013 11:47:45]
########## EOF - C:\AdwCleaner[S2].txt - [1069 octets] ##########
|
|
12.06.2013, 14:14
| #14 |
| /// Malware-holic | wssetup.exe bei jedem Computer Start wenn du flash wieder instaliert hast, passt das, wenn adobe air benötigt wird, drauf damit :-) Adobe - Adobe AIR Geeks3D sollte was mit Grafikbearbeitung zu tun haben esn scheint was mit VoIP zu tun zu haben HitmanPro - Download - Filepony bitte Hitmanpro laden, doppelklicken, scan klicken. nichts löschen, auf weiter klicken, log speichern und posten, bzw packen und anhängen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2013, 15:15
| #15 |
| | wssetup.exe bei jedem Computer Start Wie packe ich dateien zusammen? Habe leider kein passendes Programm dafür auf dem Computer. Kann ich das trotzdem so posten? |
|
| Themen zu wssetup.exe bei jedem Computer Start |
| antivirus, aswrvrt.sys, bho, bonjour, browser, computer, desktop, downloader, firefox, flash player, google, helper, home, internet browser, internet explorer, launch, logfile, mozilla, plug-in, problem, programm, realtek, registrierungsdatenbank, registry, scan, security, software, usb, virus, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
