| |
| |||||||
Log-Analyse und Auswertung: Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.06.2013, 14:56
| #1 |
 |  Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! Hallo liebe Forums-Betreiber, seit ca. 5 Tagen poppt ein Fenster der Benutzerkontensteuerung nach, ob ich folgendes Programm ändern möchte: Programname: wwsetup.exe Verifizierter Herausgeber: Perion Network Ltld Dateiursprung: Festplatte auf Computer (Window 7 als Benutzeroberfläche!) Ich war irritiert und habe aus Versehen auf ja geklickt! Dann tauchte dieses Fenster im wieder beim Arbeiten online und mit Programmen auf und nach dem Starten des Laptops und ich habe nein geklickt! Irgendwie habe ich dann Panik bekommen und Online recherchiert und bin auf Eurer Forum gestoßen! Dann habe ich meine Festplatte nach der Datei suchen lassen und mit Macfee Security Programm schreddern lassen. Es taucht weiterhin auf beim Booten des Laptops! Was mache ich?? Meine Laptop Hotline (Mein Laptop ist erst 9 Monate alt) möchte viel Geld für eine professionelle Beratung und/oder empfiehlt, die Festplatte mit den Sicherheits-CD neu zu konfigurien Sicherheits-CDs! Das habe ich aber noch nie gemacht! Bevor ich das in Anspruch nehme, möchte ich gerne wissen, ob ich das Problem mit Ihnen zusammen nicht alleine lösen kann. Ich bin nicht der PC-Profi, auch wenn ich einiges selber machen kann. Ich weiß nicht, wie ein SCREENSHOT mache oder einen Logfile erstelle! Das nur als Hinweis .. vielleicht ist es dann leichter für Sie, mir zu helfen. Ich würde auch gerne wissen, wie dieses Programm sich trotz MacFee reinschleichen konnte? Kann ich so etwas in Zukunft verhindern? Ah, ich habe grade mehr bezüglich Logfiles auf Ihrer Homepage recherchiert, jetzt gerade Malwarebytes Anti-Malware installiert und lasse den vollen PC-Scan laufen! Dann kann ich hier auch ein Logfile hinzufügen! Vielen Dank für Ihre Hilfe und Zeit schon jetzt!!! Lieben Gruß solonia Logfile: Soll ich das gefundene File löschen, entfernen? Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.10.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 smenz :: NOTEBOOK-N5050 [Administrator] Schutz: Aktiviert 10.06.2013 14:11:37 MBAM-log-2013-06-10 (15-51-07).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 351808 Laufzeit: 1 Stunde(n), 12 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
10.06.2013, 14:57
| #2 |
| /// Malware-holic   | Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! Hi
__________________fund löschen. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
10.06.2013, 15:40
| #3 |
| | Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! Hallo markusg,
__________________super schnell! Also, habe 1. Fund bei Malware gelöscht und PC neugestartet, 2. ich habe den Quickscan durchgeführt und nicht auf scannen gedrückt und hoffe, das war richtig. Hier sind die Logfiles: 1. OTL.text:OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.06.2013 16:24:31 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\smenz\Desktop\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 62,24% Memory free 7,82 Gb Paging File | 5,90 Gb Available in Paging File | 75,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 446,13 Gb Total Space | 396,52 Gb Free Space | 88,88% Space Free | Partition Type: NTFS Computer Name: NOTEBOOK-N5050 | User Name: smenz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.10 16:19:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\smenz\Desktop\Downloads\OTL.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.01.31 21:21:01 | 000,042,784 | ---- | M] (Yontoo LLC) -- C:\Users\smenz\AppData\Roaming\Yontoo\YontooDesktop.exe PRC - [2012.10.04 17:34:36 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe PRC - [2012.08.21 15:20:02 | 000,067,496 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe PRC - [2012.08.15 20:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe PRC - [2012.07.27 13:51:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.09 17:31:12 | 000,577,536 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe PRC - [2012.02.16 19:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE PRC - [2012.02.01 18:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe PRC - [2012.01.27 23:30:16 | 000,465,216 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe PRC - [2012.01.27 04:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE PRC - [2012.01.27 04:47:36 | 004,293,952 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE PRC - [2011.11.25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011.06.29 15:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe PRC - [2011.06.28 02:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe PRC - [2011.05.20 11:16:10 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2011.02.01 20:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.02.01 20:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.01.13 01:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.01.13 01:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.11.17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ========== Modules (No Company Name) ========== MOD - [2013.06.10 16:13:24 | 000,013,600 | ---- | M] () -- C:\Users\smenz\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll MOD - [2013.05.16 20:28:06 | 000,401,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\990123c5701a26f1d724150839811bce\System.Xml.Linq.ni.dll MOD - [2013.05.16 20:27:03 | 001,084,928 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\1e8f7367eaa08c5057d78c093982f8f0\System.IdentityModel.ni.dll MOD - [2013.05.16 20:27:01 | 017,478,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e698a866fd16973a24ca6697218028ad\System.ServiceModel.ni.dll MOD - [2013.05.16 20:26:34 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll MOD - [2013.05.16 14:50:12 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll MOD - [2013.05.16 14:49:52 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.16 14:49:42 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll MOD - [2013.05.16 14:49:31 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll MOD - [2013.05.16 14:49:24 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.02.17 13:30:32 | 001,358,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\9266d6e1f8057b5b62b460cbf33cda21\System.WorkflowServices.ni.dll MOD - [2013.02.17 10:45:12 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2013.01.15 17:05:09 | 001,707,008 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll MOD - [2013.01.15 17:03:02 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll MOD - [2013.01.15 17:03:02 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll MOD - [2013.01.11 18:34:23 | 002,347,008 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll MOD - [2013.01.11 18:34:18 | 000,256,000 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll MOD - [2013.01.11 18:28:37 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll MOD - [2013.01.11 18:28:17 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.11 18:27:27 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.11 18:27:03 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.11 18:26:57 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.11 18:26:44 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.10.05 12:53:24 | 003,198,976 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012.08.21 15:20:02 | 000,067,496 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe MOD - [2012.07.04 19:30:28 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll MOD - [2012.07.04 19:30:07 | 000,167,936 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2012.07.04 19:30:03 | 000,212,992 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2012.07.04 19:29:52 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2012.02.01 18:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe MOD - [2012.02.01 18:44:34 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll MOD - [2012.02.01 18:44:34 | 002,278,400 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll MOD - [2012.01.27 04:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE MOD - [2011.12.25 22:42:15 | 005,255,168 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll MOD - [2011.06.29 15:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe MOD - [2011.06.28 02:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe MOD - [2011.06.28 02:25:30 | 000,058,944 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\DataService.dll MOD - [2011.06.25 06:32:36 | 000,323,136 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\de-DE\UI\ManagerUI.dll MOD - [2011.06.25 06:20:26 | 000,565,968 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll MOD - [2010.11.25 05:44:02 | 000,375,280 | ---- | M] () -- c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll MOD - [2010.11.21 05:24:32 | 000,425,984 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2010.11.21 05:24:25 | 000,385,024 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2010.11.21 05:23:56 | 000,114,688 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll MOD - [2010.11.21 05:23:48 | 002,048,000 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2010.11.17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.03.22 22:52:42 | 006,776,832 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll MOD - [2010.03.17 03:28:28 | 000,326,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll MOD - [2010.03.17 03:28:16 | 000,635,904 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll MOD - [2010.03.17 03:28:04 | 001,926,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll MOD - [2010.03.12 02:52:34 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll MOD - [2010.03.12 02:52:34 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll MOD - [2010.03.05 22:07:58 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll MOD - [2010.03.05 22:07:58 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.02.19 14:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2013.02.19 14:53:32 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2013.02.19 14:51:54 | 000,241,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV - [2013.05.15 11:58:20 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.19 10:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012.11.16 22:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\mcafee\virusscan\mcods.exe -- (McODS) SRV - [2012.07.27 13:51:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.16 19:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService) SRV - [2011.11.25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011.05.27 21:06:16 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2011.05.20 11:16:10 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2011.05.20 11:15:20 | 000,080,032 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2011.03.09 00:00:50 | 000,224,704 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Programme\mcafee\msc\McAWFwk.exe -- (McAWFwk) SRV - [2011.02.01 20:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.02.01 20:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.01.13 01:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.11.25 12:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12) SRV - [2010.11.25 12:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM) SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.09.23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 21:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.08.26 03:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU) SRV - [2010.03.18 20:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.03 12:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013.02.19 14:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2013.02.19 14:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2013.02.19 14:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2013.02.19 14:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2013.02.19 14:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2013.02.19 14:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2013.02.19 14:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012.11.09 16:33:30 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2012.11.09 16:33:30 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2012.11.09 16:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2012.11.09 16:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2012.10.17 14:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.04.20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.06.16 15:40:20 | 000,176,000 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.27 21:06:16 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011.05.20 11:15:34 | 000,282,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011.05.20 11:15:34 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011.05.20 11:15:34 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011.05.20 11:15:34 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011.05.20 11:15:34 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011.05.20 11:15:34 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011.05.20 11:15:32 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011.05.20 11:15:32 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU) DRV:64bit: - [2011.04.01 05:35:12 | 000,355,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2011.03.26 04:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.24 14:41:24 | 002,700,288 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.01.13 00:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.11.21 05:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.10.30 02:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.15 11:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.03.19 10:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2006.11.01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={77BF8531-4462-11E2-A5A0-844BF557795C} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2732600908-1742709287-786376233-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Cafe Astrology: Astrology Signs, Horoscopes, Love IE - HKU\S-1-5-21-2732600908-1742709287-786376233-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2732600908-1742709287-786376233-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-2732600908-1742709287-786376233-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={77BF8531-4462-11E2-A5A0-844BF557795C} IE - HKU\S-1-5-21-2732600908-1742709287-786376233-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\smenz\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013.03.08 21:00:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013.05.03 15:14:33 | 000,000,000 | ---D | M] [2012.12.12 15:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\smenz\AppData\Roaming\mozilla\Firefox\Profiles\extensions [2012.11.29 16:47:10 | 000,197,580 | ---- | M] () (No name found) -- C:\Users\smenz\AppData\Roaming\mozilla\firefox\profiles\extensions\ftdownloader@ftdownloader.com.xpi ========== Chrome ========== CHR - default_search_provider: SweetIM Search (Enabled) CHR - default_search_provider: search_url = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={77BF8531-4462-11E2-A5A0-844BF557795C} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://home.sweetim.com/?st=6&barid={77BF8531-4462-11E2-A5A0-844BF557795C} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll CHR - Extension: YouTube = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: YouTube = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Google-Suche = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: FTdownloader = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjoindjjcmbdpbfppabdgflnkgbbcli\1.0_0\ CHR - Extension: SweetIM for Facebook = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\ CHR - Extension: Yontoo = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\ CHR - Extension: SweetPacks Chrome Extension = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\ CHR - Extension: Google Mail = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: YouTube = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: YouTube = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Google-Suche = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: FTdownloader = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjoindjjcmbdpbfppabdgflnkgbbcli\1.0_0\ CHR - Extension: SweetIM for Facebook = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\ CHR - Extension: Yontoo = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\ CHR - Extension: SweetPacks Chrome Extension = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\ CHR - Extension: Google Mail = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20121019190708.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121019190708.dll (McAfee, Inc.) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe () O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe () O4 - HKLM..\Run: [RoxWatchTray] c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2732600908-1742709287-786376233-1000..\Run: [Yontoo Desktop] C:\Users\smenz\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF8049F2-D056-4D77-BBD9-9A4E94121408}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.10 16:17:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013.06.10 16:13:22 | 000,000,000 | R--D | C] -- C:\Users\smenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2013.06.10 14:10:46 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Roaming\Malwarebytes [2013.06.10 14:10:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.06.10 14:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.10 14:09:52 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013.06.10 14:09:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.06.10 14:09:28 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\Programs [2013.06.10 12:03:10 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{C7D57F9F-AC30-486B-91DC-2DA4BE273A0B} [2013.06.10 11:33:20 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program [2013.06.10 11:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Atheros [2013.06.10 11:32:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.06.09 13:58:50 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{611D7DAD-53D3-4DE9-9C4B-830757327AF8} [2013.06.09 12:49:25 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{1B15C7C8-CFE7-4EFC-8144-2BC4EC941DD7} [2013.06.08 19:56:41 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{709CD044-0FC4-4C81-A9F2-3C83376F46E3} [2013.06.08 01:51:20 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{271A1423-9442-4B4A-BC7D-C26645279328} [2013.06.07 11:19:34 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{12EBC70D-40B4-4919-89C3-00C832D819DA} [2013.06.06 23:54:36 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{2143C710-40B1-4A7B-9A1A-AE3EF5867B89} [2013.06.06 09:30:58 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{16512E56-DEE7-47F3-A78F-4C82F34E60D6} [2013.06.05 09:39:15 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{D06639DF-6B4F-40B9-92E9-906E89F57CCD} [2013.06.04 09:24:08 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{AF7F07C9-948F-47D2-B871-60A66004B1F2} [2013.06.03 13:16:50 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{2D9393DF-0BDD-4F07-BF6E-17F0F03930FC} [2013.06.02 15:27:57 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\jmdp [2013.06.02 15:27:57 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\ARFC [2013.06.02 15:27:54 | 000,033,792 | ---- | C] (IncrediMail, Ltd.) -- C:\windows\SysNative\ImHttpComm.dll [2013.06.02 15:27:54 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\WNLT [2013.06.01 19:25:06 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{E137133E-34DF-4263-9583-007908580F25} [2013.06.01 12:10:15 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{AFCB9DCD-C1C1-42E1-A587-B06BE38A724D} [2013.05.31 13:26:45 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{C67DDA40-A996-494E-8392-004EC3B2E17D} [2013.05.30 23:57:48 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{5449B776-B7DC-40FD-AA53-97DF75C23FBF} [2013.05.30 11:31:34 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{25A24C8A-70D5-4BA8-A333-27E5B83E9168} [2013.05.29 23:30:46 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{D5015153-D854-4D5D-8AFA-7E9154EA66EA} [2013.05.29 20:32:50 | 000,000,000 | R--D | C] -- C:\Users\smenz\Desktop\MySyncUPFiles [2013.05.29 11:04:08 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{610835F2-803D-41BA-81BD-075ECF08F419} [2013.05.28 13:44:05 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{D63B0617-DF12-4B1A-AB35-82251D271D6F} [2013.05.28 00:10:20 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{DD52A04A-E5A2-4F5D-A66F-18387C35E9E8} [2013.05.27 09:46:10 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{585CE5CE-82C4-493B-86AD-669A482D10D1} [2013.05.26 12:32:31 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{E3505BF6-507B-4808-AE5F-AB9020FCFFA7} [2013.05.25 12:22:39 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{F25B712E-F747-4541-B65F-D8C4C3CAE0EB} [2013.05.24 15:23:29 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{19EB7E9E-7772-449E-A8C7-E7C8912AE47A} [2013.05.24 00:45:23 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{989082A7-B267-4C56-8C7D-835E571478AD} [2013.05.23 14:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows [2013.05.23 14:08:35 | 000,000,000 | ---D | C] -- C:\Program Files\My Dell [2013.05.23 10:07:48 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{2AA45AA8-434B-4504-B6BE-FDCB871134BC} [2013.05.22 21:59:48 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{C2F6918A-DE67-47AA-8CB1-E940689B0A5F} [2013.05.22 09:39:48 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{9F70A087-61A5-4B1A-82F5-509053AF7F3E} [2013.05.21 11:54:25 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{20682498-3E62-489E-983F-07C6DE9A7300} [2013.05.20 21:07:41 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{C4FFF70D-E69C-4228-9A02-BDD4A954F979} [2013.05.19 16:02:34 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{3A0B1281-EC1A-4D92-BA3B-39079EF575E9} [2013.05.17 15:03:42 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{40363E5E-84DE-450A-98AC-ABDCABDFC788} [2013.05.16 14:47:45 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{A36EBE10-EF2C-4790-BAA7-759F0755E082} [2013.05.15 09:11:41 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{A6A659E8-08F9-4E49-9BC6-DF3B362CB74C} [2013.05.14 10:34:04 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{51649E44-F733-4727-AE78-47D0EEEFEF8C} [2013.05.13 10:26:30 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{163E1F8A-F4A9-474E-9A4E-3B9D930448DC} [2013.05.12 16:58:56 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{8A130DC7-D2D0-41F3-93CF-7891980566E5} [2012.10.30 00:15:44 | 001,222,144 | ---- | C] (Amazon.com, Inc.) -- C:\Users\smenz\npAmazonMP3DownloaderPlugin101753.dll [2012.10.30 00:07:00 | 004,814,848 | ---- | C] (Amazon.com) -- C:\Users\smenz\AmazonMP3Downloader.exe ========== Files - Modified Within 30 Days ========== [2013.06.10 16:20:01 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.10 16:20:01 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.10 16:12:55 | 000,001,104 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.10 16:12:22 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.06.10 16:12:15 | 3149,086,720 | -HS- | M] () -- C:\hiberfil.sys [2013.06.10 16:02:00 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.10 15:58:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.06.10 14:10:00 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.10 13:36:22 | 001,612,484 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.06.10 13:36:22 | 000,696,870 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.06.10 13:36:22 | 000,652,148 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.06.10 13:36:22 | 000,148,134 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.06.10 13:36:22 | 000,121,080 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.06.10 11:33:37 | 000,246,804 | ---- | M] () -- C:\windows\SysNative\drivers\AtherosBt.bin [2013.06.06 09:02:33 | 000,001,342 | ---- | M] () -- C:\Users\smenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2013.05.21 15:31:12 | 001,447,728 | ---- | M] () -- C:\windows\SysNative\dmwu.exe [2013.05.21 15:30:18 | 000,033,792 | ---- | M] (IncrediMail, Ltd.) -- C:\windows\SysNative\ImHttpComm.dll [2013.05.16 14:45:10 | 000,461,776 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.06.10 14:10:00 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.02 15:27:54 | 001,447,728 | ---- | C] () -- C:\windows\SysNative\dmwu.exe [2012.11.26 19:17:34 | 000,077,225 | ---- | C] () -- C:\Users\smenz\Uninstall.exe [2012.10.29 23:58:40 | 000,010,578 | ---- | C] () -- C:\Users\smenz\cacert.pem [2012.10.29 23:54:34 | 000,010,982 | ---- | C] () -- C:\Users\smenz\Readme.html [2012.10.21 19:02:48 | 000,001,752 | ---- | C] () -- C:\Users\smenz\Browserwahl.lnk [2012.10.19 15:38:50 | 000,103,272 | ---- | C] () -- C:\Users\smenz\GoToAssistDownloadHelper.exe [2012.07.04 19:06:41 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2012.07.04 19:06:41 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2012.07.04 19:06:41 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2012.07.04 16:50:12 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll [2012.06.08 12:59:19 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini [2012.06.08 12:59:17 | 000,000,324 | ---- | C] () -- C:\windows\Prelaunch.ini [2012.06.08 12:59:17 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini [2012.06.08 12:59:17 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini [2012.06.08 12:59:17 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini [2012.06.08 12:59:17 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini [2012.06.08 12:59:17 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini [2012.06.08 12:59:17 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini [2012.06.08 10:48:16 | 001,590,378 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.19 13:27:10 | 000,000,000 | ---D | M] -- C:\Users\smenz\AppData\Roaming\Fingertapps [2013.05.08 12:52:44 | 000,000,000 | ---D | M] -- C:\Users\smenz\AppData\Roaming\GlarySoft [2013.05.08 12:44:25 | 000,000,000 | ---D | M] -- C:\Users\smenz\AppData\Roaming\Nokia [2013.05.08 12:44:25 | 000,000,000 | ---D | M] -- C:\Users\smenz\AppData\Roaming\Nokia Suite [2012.10.21 20:07:27 | 000,000,000 | ---D | M] -- C:\Users\smenz\AppData\Roaming\PC Suite [2012.11.05 12:47:29 | 000,000,000 | ---D | M] -- C:\Users\smenz\AppData\Roaming\PCDr [2013.05.08 12:28:20 | 000,000,000 | ---D | M] -- C:\Users\smenz\AppData\Roaming\Similarity [2013.01.23 14:30:41 | 000,000,000 | ---D | M] -- C:\Users\smenz\AppData\Roaming\Windows Live Writer [2013.06.10 16:13:25 | 000,000,000 | ---D | M] -- C:\Users\smenz\AppData\Roaming\Yontoo [2012.10.21 20:04:30 | 000,000,000 | ---D | M] -- C:\Users\smenz\AppData\Roaming\ZinioReader4 ========== Purity Check ========== < End of report > 2. Extra.text:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.06.2013 16:24:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\smenz\Desktop\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,91 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 62,24% Memory free
7,82 Gb Paging File | 5,90 Gb Available in Paging File | 75,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446,13 Gb Total Space | 396,52 Gb Free Space | 88,88% Space Free | Partition Type: NTFS
Computer Name: NOTEBOOK-N5050 | User Name: smenz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0068B183-036C-445C-AF38-67791C843CB8}" = lport=139 | protocol=6 | dir=in | app=system |
"{1A45F29C-A023-46F5-833E-F7F9F8518CCE}" = lport=137 | protocol=17 | dir=in | app=system |
"{1FE94176-DD75-4551-AAAE-C7B9C08E7518}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2BA42CC4-A9BD-4FCA-9A28-75142D9DE33A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{37CC9C39-8AC8-4C35-B862-B38EC0F38701}" = lport=445 | protocol=6 | dir=in | app=system |
"{4C2D7A28-B2A0-4049-80BA-327A0A0ED2D0}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 |
"{5B5AC33E-2639-40EE-8BDB-B8EA465351E9}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 |
"{5EF88D3A-86F6-42C1-9513-C9E729D8B248}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{62C83ECE-C666-4624-8EB5-D461AA234906}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{645EF0BC-0936-4918-82BD-5473613694B6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6796B9B7-616F-4E2B-AC88-321C40BFB1B8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6E9ECEAB-04DE-4CF5-B248-05FAFCE51250}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{7988F7CC-E852-4292-8849-D365308F6B1C}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 |
"{7B2ABBF3-2B8F-4AF2-8898-3E766869BA82}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A425D726-55DF-4341-AFB8-06814E1105C9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD311DE2-CBA3-4C7A-9D9E-509F22439A5F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AD828451-810E-4B6F-8F27-4FB04D36DD7E}" = rport=445 | protocol=6 | dir=out | app=system |
"{BE422E72-3D81-4A25-A15C-CB83F4ED5557}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BEAA9B77-3E66-4407-89AB-7674F434E957}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C29A02C2-7779-45A9-B040-3E4FC9A38F55}" = lport=138 | protocol=17 | dir=in | app=system |
"{C7719405-648E-45AF-918D-469B5010F3FD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D07C923C-3665-4772-98BC-A1CA41134406}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D0E2A237-D1DE-43BF-9BC9-1C5378381881}" = rport=138 | protocol=17 | dir=out | app=system |
"{DB25ED65-A82D-46C3-9AC1-6F3D5C377960}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E5526404-C750-4B90-8C5F-7C117D1C07AA}" = rport=139 | protocol=6 | dir=out | app=system |
"{EBDBE26B-267D-4F46-B520-E7B3907D7DE5}" = rport=137 | protocol=17 | dir=out | app=system |
"{EEA7D873-B183-446E-8596-553A8EB7FDF4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F0E11838-1508-4000-80B5-199E2DC98A3A}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09EEAA3F-F769-4527-8F11-E1EC65B643A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0B524D5B-7013-4C8C-A6ED-E3E18FA517A6}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{0B9BAA5F-746D-459D-A715-9ED1C0A1695D}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{14A535B2-70AB-4D8E-836E-02EA1AD91E59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{157AB060-5786-4508-9F75-FDCC91354422}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero blu-ray player\blu-rayplayer.exe |
"{16B51A39-9D98-4664-8B46-95AA5B495776}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{188CD4D0-020C-460D-B710-EC3652955DA9}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero blu-ray player\blu-rayplayer.exe |
"{1BD6DFA1-EC04-4CDF-B311-55D7926CCC54}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{1CA14873-5CFD-4BB6-BD4B-F765244095B1}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{1D96B4DB-DFC3-41C1-8023-477B08D4A62F}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{1ECD6CBB-2AA5-43C9-8ECE-FE1958AA6405}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{1EF74F79-CFD1-48EC-AF63-B80807A12925}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{231F1258-BA1E-4ABE-A63D-0BCBCD8640DB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{25504C76-7FEF-4F00-A8CA-3610E21D9E63}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
"{29BDDEF2-1D6A-4799-A472-D1E6C90EFB5C}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{2F64EA03-7D12-41D9-87CD-CA12744B7AEF}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{329D8120-5C39-4B39-9E93-4D91A00BD513}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{33E9EFBD-D6C7-4054-8021-B4F3397F9654}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{346ECFFE-147D-4A66-851E-01CBC804427B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3EA77141-2235-4818-BE1A-474608679C92}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4512D263-D98C-4D07-AD5E-3234433483F8}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{515F4D34-1EED-4930-9462-7C09B2576E7C}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{545D3947-7969-4287-9D2B-86BCAED913F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{56B60133-3047-4B69-881D-6E28125F2CAA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5E3DBF76-6584-420D-ADB1-4472641B97E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6612785E-9B35-4254-BA87-0477745DEED8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{67364BA1-BC9C-4E96-B3C9-8D56AAF9EE21}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6CF4BF08-0344-48F9-AD1F-EBB94AD61AF6}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{71479164-AD79-4502-9507-57DACF726FC6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7177D2DF-3BE7-47B3-A64B-6EC4AF5753F8}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{7F8FB72E-3D7B-4D3F-BE47-7686AE124DE9}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
"{8F70AF71-1F29-4D5D-ACF8-CBCB68750B97}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8FDC61EC-A995-4E4D-BD0B-B1CADF264AFC}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
"{9237CB5A-E25D-4144-93CB-DDA0F8ACEC89}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{93251BFF-D2AC-48EA-9D83-1FD963786499}" = protocol=6 | dir=out | app=system |
"{988968B5-495C-41C9-8E97-987BC9C8DDD8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{99DA974B-A2FB-4DFF-973E-B83934FACCAB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A3B9D52C-3D25-4E17-8B5A-0C11F0C3DEC9}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{A4A408A3-6B30-4B69-899E-D6E464694A97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A932D2BA-AF9C-4A98-A5D5-1BBB718AB3F3}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{B5FE6105-B8A5-4E66-A509-01E2404E70C7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B824F7DE-4B5D-4FC3-B8D4-DD148C1F3720}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BBCBB7DA-D695-4AEB-BA0D-08C0EAE95A45}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{C0555001-2F3D-463E-A307-BD90BB05F37A}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{C346BD50-463C-41CE-9DEF-B79CFEB4CC3E}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
"{C37F9E3A-2429-44D2-9D09-2E72C0FE5B69}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C6634E21-F5C7-4D8F-808B-4365C04600CF}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{C7BAEC82-EAE2-4DCC-A814-F49CBA280B62}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{C97B19FF-4056-4A65-B505-9E1353EDE7CA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{CBB62232-FCF6-4340-91E0-B198509163BD}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
"{D0CC3606-01C0-4F2D-BB45-FFBFE3835995}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{D6A4BB25-A42C-4B31-B837-86177C62383B}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{D7F45D40-77DA-4542-BA8A-F0E9A93D9E66}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E9778D99-0049-4A01-B227-74067F8AD6EC}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{EC2A9A24-8BA2-458B-B80B-DBE30068B928}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{F199B868-150F-4562-8395-FE3A2DAE364D}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{F45F8380-B06B-4C4A-BE26-5EF14E7376E2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{68F250EA-9638-4DCF-96C4-D68CC340EC48}" = Google Chrome Extension Updater 1.12.02
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.03
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PC-Doctor for Windows" = My Dell
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E90B7F4-1817-4405-B4A5-E4EA5EC0E2B3}" = Dell MusicStage
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AF7A3DF-581E-4AB7-ACAF-2051FF7E8ACF}" = Similarity 1.8.1
"{6B722793-E77B-41F5-BAB3-6C9832274E75}" = PC Connectivity Solution
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}" = Nokia Connectivity Cable Driver
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF4D3C63-009B-4A17-B02E-D395065DD3F0}" = Dell Stage Remote
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F57269-065E-4B19-8CDA-AB6C401FAF1A}" = Dell Stage
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"1ClickDownload" = FTDownloader
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Dell Webcam Central" = Dell Webcam Central
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MSC" = McAfee SecurityCenter
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"WildTangent dell Master Uninstall" = WildTangent-Spiele
"WinLiveSuite" = Windows Live Essentials
"WNLT" = IB Updater Service
"WT089409" = Bejeweled 2 Deluxe
"WT089411" = Build-a-lot 2
"WT089412" = Cake Mania
"WT089413" = Chuzzle Deluxe
"WT089414" = Diner Dash 2 Restaurant Rescue
"WT089415" = Dora's World Adventure
"WT089418" = FATE
"WT089420" = Jewel Quest
"WT089422" = Jewel Quest Solitaire 2
"WT089433" = Polar Golfer
"WT089434" = Escape Whisper Valley (TM)
"WT089440" = Namco All-Stars PAC-MAN
"WT089444" = Final Drive Nitro
"WT089445" = Penguins!
"WT089446" = Wedding Dash - Ready, Aim, Love!
"WT089448" = Zuma Deluxe
"WT089450" = Farm Frenzy
"WT089452" = Plants vs. Zombies - Game of the Year
"WT089499" = Final Drive Fury
"WT089503" = Samantha Swift
"WT089507" = Luxor
"WT089508" = Polar Bowler
"ZinioReader4" = Zinio Reader 4
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2732600908-1742709287-786376233-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.04.2013 13:27:34 | Computer Name = notebook-n5050 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Kindle.exe, Version: 1.10.5.40382,
Zeitstempel: 0x50bd934d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x6e6f6974 ID des fehlerhaften
Prozesses: 0xe1c Startzeit der fehlerhaften Anwendung: 0x01ce3f7e998c0430 Pfad der
fehlerhaften Anwendung: C:\Users\smenz\AppData\Local\Amazon\Kindle\application\Kindle.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: eae894c5-ab71-11e2-8111-844bf557795c
Error - 23.04.2013 03:58:53 | Computer Name = notebook-n5050 | Source = WinMgmt | ID = 10
Description =
Error - 23.04.2013 17:46:58 | Computer Name = notebook-n5050 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.17859,
Zeitstempel: 0x4fd2dfec Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000179aac
ID
des fehlerhaften Prozesses: 0xb00 Startzeit der fehlerhaften Anwendung: 0x01ce3ff84e970d67
Pfad
der fehlerhaften Anwendung: C:\windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\windows\system32\SHELL32.dll Berichtskennung: 52430078-ac5f-11e2-84db-844bf557795c
Error - 24.04.2013 06:39:03 | Computer Name = notebook-n5050 | Source = WinMgmt | ID = 10
Description =
Error - 24.04.2013 11:23:21 | Computer Name = notebook-n5050 | Source = WinMgmt | ID = 10
Description =
Error - 25.04.2013 04:03:06 | Computer Name = notebook-n5050 | Source = WinMgmt | ID = 10
Description =
Error - 25.04.2013 04:17:41 | Computer Name = notebook-n5050 | Source = WinMgmt | ID = 10
Description =
Error - 25.04.2013 08:28:12 | Computer Name = notebook-n5050 | Source = WinMgmt | ID = 10
Description =
Error - 26.04.2013 10:06:22 | Computer Name = notebook-n5050 | Source = WinMgmt | ID = 10
Description =
Error - 27.04.2013 04:45:52 | Computer Name = notebook-n5050 | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 12.05.2013 13:46:21 | Computer Name = notebook-n5050 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 12.05.2013 13:46:21 | Computer Name = notebook-n5050 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 12.05.2013 13:46:22 | Computer Name = notebook-n5050 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 14.05.2013 11:53:32 | Computer Name = notebook-n5050 | Source = DCOM | ID = 10010
Description =
Error - 15.05.2013 04:03:27 | Computer Name = notebook-n5050 | Source = DCOM | ID = 10010
Description =
Error - 15.05.2013 12:26:51 | Computer Name = notebook-n5050 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde nicht
richtig gestartet.
Error - 19.05.2013 15:36:56 | Computer Name = notebook-n5050 | Source = Service Control Manager | ID = 7034
Description = Dienst "McAfee Scanner" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 30.05.2013 10:27:47 | Computer Name = notebook-n5050 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Atheros Bt&Wlan Coex Agent erreicht.
Error - 05.06.2013 11:13:21 | Computer Name = notebook-n5050 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 10.06.2013 07:35:08 | Computer Name = notebook-n5050 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst eventlog erreicht.
< End of report >
Sollte ich diese Berichte noch irgendwo anders speichern? Jetzt geht es wohl weiter, oder? Danke, Solonia |
|
10.06.2013, 17:57
| #4 |
| /// Malware-holic | Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! Hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.06.2013, 18:19
| #5 |
| | Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! Hallo markusg, hier sind die Ergebnisse! Zwei Bedrohungen sind gefunden worden: 1. Logfile: 19:07:51.0960 6788 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 19:07:53.0575 6788 ============================================================ 19:07:53.0575 6788 Current date / time: 2013/06/10 19:07:53.0575 19:07:53.0575 6788 SystemInfo: 19:07:53.0575 6788 19:07:53.0575 6788 OS Version: 6.1.7601 ServicePack: 1.0 19:07:53.0575 6788 Product type: Workstation 19:07:53.0575 6788 ComputerName: NOTEBOOK-N5050 19:07:53.0575 6788 UserName: smenz 19:07:53.0575 6788 Windows directory: C:\windows 19:07:53.0575 6788 System windows directory: C:\windows 19:07:53.0575 6788 Running under WOW64 19:07:53.0575 6788 Processor architecture: Intel x64 19:07:53.0575 6788 Number of processors: 2 19:07:53.0575 6788 Page size: 0x1000 19:07:53.0575 6788 Boot type: Normal boot 19:07:53.0575 6788 ============================================================ 19:07:54.0340 6788 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 19:07:54.0355 6788 ============================================================ 19:07:54.0355 6788 \Device\Harddisk0\DR0: 19:07:54.0355 6788 MBR partitions: 19:07:54.0355 6788 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x2710000 19:07:54.0355 6788 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2742800, BlocksNum 0x37C43030 19:07:54.0355 6788 ============================================================ 19:07:54.0387 6788 C: <-> \Device\Harddisk0\DR0\Partition2 19:07:54.0387 6788 ============================================================ 19:07:54.0387 6788 Initialize success 19:07:54.0387 6788 ============================================================ 19:08:59.0969 6320 Deinitialize success 2. Logfile: 19:09:19.0509 7604 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 19:09:19.0680 7604 ============================================================ 19:09:19.0680 7604 Current date / time: 2013/06/10 19:09:19.0680 19:09:19.0680 7604 SystemInfo: 19:09:19.0680 7604 19:09:19.0680 7604 OS Version: 6.1.7601 ServicePack: 1.0 19:09:19.0680 7604 Product type: Workstation 19:09:19.0680 7604 ComputerName: NOTEBOOK-N5050 19:09:19.0680 7604 UserName: smenz 19:09:19.0680 7604 Windows directory: C:\windows 19:09:19.0680 7604 System windows directory: C:\windows 19:09:19.0680 7604 Running under WOW64 19:09:19.0680 7604 Processor architecture: Intel x64 19:09:19.0680 7604 Number of processors: 2 19:09:19.0680 7604 Page size: 0x1000 19:09:19.0680 7604 Boot type: Normal boot 19:09:19.0680 7604 ============================================================ 19:09:20.0180 7604 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 19:09:20.0195 7604 ============================================================ 19:09:20.0195 7604 \Device\Harddisk0\DR0: 19:09:20.0195 7604 MBR partitions: 19:09:20.0195 7604 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x2710000 19:09:20.0195 7604 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2742800, BlocksNum 0x37C43030 19:09:20.0195 7604 ============================================================ 19:09:20.0211 7604 C: <-> \Device\Harddisk0\DR0\Partition2 19:09:20.0211 7604 ============================================================ 19:09:20.0211 7604 Initialize success 19:09:20.0211 7604 ============================================================ 19:11:51.0063 6480 ============================================================ 19:11:51.0063 6480 Scan started 19:11:51.0063 6480 Mode: Manual; SigCheck; TDLFS; 19:11:51.0063 6480 ============================================================ 19:11:51.0734 6480 ================ Scan system memory ======================== 19:11:51.0734 6480 System memory - ok 19:11:51.0734 6480 ================ Scan services ============================= 19:11:52.0233 6480 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys 19:11:52.0420 6480 1394ohci - ok 19:11:52.0451 6480 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys 19:11:52.0483 6480 ACPI - ok 19:11:52.0514 6480 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys 19:11:52.0607 6480 AcpiPmi - ok 19:11:52.0810 6480 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 19:11:52.0826 6480 AdobeARMservice - ok 19:11:53.0278 6480 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 19:11:53.0309 6480 AdobeFlashPlayerUpdateSvc - ok 19:11:53.0372 6480 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys 19:11:53.0419 6480 adp94xx - ok 19:11:53.0481 6480 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys 19:11:53.0512 6480 adpahci - ok 19:11:53.0543 6480 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys 19:11:53.0590 6480 adpu320 - ok 19:11:53.0637 6480 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll 19:11:53.0777 6480 AeLookupSvc - ok 19:11:53.0887 6480 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe 19:11:53.0949 6480 AESTFilters - ok 19:11:54.0152 6480 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys 19:11:54.0199 6480 AFD - ok 19:11:54.0214 6480 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys 19:11:54.0261 6480 agp440 - ok 19:11:54.0261 6480 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe 19:11:54.0323 6480 ALG - ok 19:11:54.0323 6480 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys 19:11:54.0339 6480 aliide - ok 19:11:54.0339 6480 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys 19:11:54.0355 6480 amdide - ok 19:11:54.0355 6480 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys 19:11:54.0370 6480 AmdK8 - ok 19:11:54.0386 6480 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys 19:11:54.0401 6480 AmdPPM - ok 19:11:54.0401 6480 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys 19:11:54.0417 6480 amdsata - ok 19:11:54.0433 6480 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys 19:11:54.0448 6480 amdsbs - ok 19:11:54.0448 6480 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys 19:11:54.0464 6480 amdxata - ok 19:11:54.0495 6480 [ 6690E42CED5D067233ABAD42DA141213 ] ApfiltrService C:\windows\system32\DRIVERS\Apfiltr.sys 19:11:54.0589 6480 ApfiltrService - ok 19:11:54.0604 6480 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys 19:11:54.0791 6480 AppID - ok 19:11:54.0823 6480 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll 19:11:54.0901 6480 AppIDSvc - ok 19:11:54.0947 6480 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\windows\System32\appinfo.dll 19:11:54.0994 6480 Appinfo - ok 19:11:55.0025 6480 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys 19:11:55.0041 6480 arc - ok 19:11:55.0057 6480 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys 19:11:55.0057 6480 arcsas - ok 19:11:55.0400 6480 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 19:11:55.0431 6480 aspnet_state - ok 19:11:55.0447 6480 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys 19:11:55.0509 6480 AsyncMac - ok 19:11:55.0525 6480 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys 19:11:55.0540 6480 atapi - ok 19:11:55.0571 6480 [ CBE61B4494165F458BD87E37181EE934 ] AthBTPort C:\windows\system32\DRIVERS\btath_flt.sys 19:11:55.0634 6480 AthBTPort - ok 19:11:55.0681 6480 [ 4119870B90E1B5E7797D6433D21F9216 ] ATHDFU C:\windows\system32\Drivers\AthDfu.sys 19:11:55.0805 6480 ATHDFU - ok 19:11:55.0915 6480 [ 650F111D5CDA64C10AE4B9D1BA9D4FFF ] Atheros Bt&Wlan Coex Agent C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe 19:11:55.0930 6480 Atheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - warning 19:11:55.0930 6480 Atheros Bt&Wlan Coex Agent - detected UnsignedFile.Multi.Generic (1) 19:11:55.0977 6480 [ 44FB485B94A8332D877F659366CEDBC8 ] AtherosSvc C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe 19:11:55.0993 6480 AtherosSvc ( UnsignedFile.Multi.Generic ) - warning 19:11:55.0993 6480 AtherosSvc - detected UnsignedFile.Multi.Generic (1) 19:11:56.0086 6480 [ 80D6820DDB5427363A9D3F2137441C83 ] athr C:\windows\system32\DRIVERS\athrx.sys 19:11:56.0195 6480 athr - ok 19:11:56.0414 6480 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll 19:11:56.0476 6480 AudioEndpointBuilder - ok 19:11:56.0492 6480 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll 19:11:56.0539 6480 AudioSrv - ok 19:11:56.0570 6480 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll 19:11:56.0648 6480 AxInstSV - ok 19:11:56.0710 6480 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys 19:11:56.0757 6480 b06bdrv - ok 19:11:56.0773 6480 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys 19:11:56.0835 6480 b57nd60a - ok 19:11:56.0866 6480 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll 19:11:56.0897 6480 BDESVC - ok 19:11:56.0897 6480 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys 19:11:56.0944 6480 Beep - ok 19:11:56.0991 6480 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll 19:11:57.0038 6480 BFE - ok 19:11:57.0069 6480 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll 19:11:57.0178 6480 BITS - ok 19:11:57.0209 6480 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys 19:11:57.0241 6480 blbdrive - ok 19:11:57.0272 6480 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys 19:11:57.0319 6480 bowser - ok 19:11:57.0350 6480 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys 19:11:57.0397 6480 BrFiltLo - ok 19:11:57.0412 6480 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys 19:11:57.0428 6480 BrFiltUp - ok 19:11:57.0506 6480 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll 19:11:57.0553 6480 Browser - ok 19:11:57.0553 6480 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys 19:11:57.0599 6480 Brserid - ok 19:11:57.0599 6480 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys 19:11:57.0631 6480 BrSerWdm - ok 19:11:57.0631 6480 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys 19:11:57.0662 6480 BrUsbMdm - ok 19:11:57.0662 6480 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys 19:11:57.0693 6480 BrUsbSer - ok 19:11:57.0755 6480 [ FE70889A85C57A9268101B2DB0474509 ] BTATH_A2DP C:\windows\system32\drivers\btath_a2dp.sys 19:11:57.0818 6480 BTATH_A2DP - ok 19:11:57.0849 6480 [ A9DF22429E8D69ED849B0BBBE16BD327 ] BTATH_BUS C:\windows\system32\DRIVERS\btath_bus.sys 19:11:57.0880 6480 BTATH_BUS - ok 19:11:57.0896 6480 [ C864FF85EE16D61C2BDD5EF76824625F ] BTATH_HCRP C:\windows\system32\DRIVERS\btath_hcrp.sys 19:11:57.0911 6480 BTATH_HCRP - ok 19:11:57.0958 6480 [ 0DEA505EFB5D771826D177EF8B8A208F ] BTATH_LWFLT C:\windows\system32\DRIVERS\btath_lwflt.sys 19:11:58.0005 6480 BTATH_LWFLT - ok 19:11:58.0036 6480 [ 724C8088C96EFE7A3E63FEC21D4681C0 ] BTATH_RCP C:\windows\system32\DRIVERS\btath_rcp.sys 19:11:58.0099 6480 BTATH_RCP - ok 19:11:58.0145 6480 [ FF59EE1DDAC776246F43BF434194650F ] BtFilter C:\windows\system32\DRIVERS\btfilter.sys 19:11:58.0208 6480 BtFilter - ok 19:11:58.0255 6480 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\DRIVERS\BthEnum.sys 19:11:58.0301 6480 BthEnum - ok 19:11:58.0348 6480 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys 19:11:58.0395 6480 BTHMODEM - ok 19:11:58.0395 6480 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys 19:11:58.0426 6480 BthPan - ok 19:11:58.0457 6480 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\system32\Drivers\BTHport.sys 19:11:58.0598 6480 BTHPORT - ok 19:11:58.0645 6480 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll 19:11:58.0676 6480 bthserv - ok 19:11:58.0754 6480 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\system32\Drivers\BTHUSB.sys 19:11:58.0785 6480 BTHUSB - ok 19:11:58.0801 6480 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys 19:11:58.0832 6480 cdfs - ok 19:11:58.0847 6480 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys 19:11:58.0925 6480 cdrom - ok 19:11:58.0957 6480 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll 19:11:59.0019 6480 CertPropSvc - ok 19:11:59.0050 6480 [ D2B3252AD4EB499C935A56467997AA3C ] cfwids C:\windows\system32\drivers\cfwids.sys 19:11:59.0081 6480 cfwids - ok 19:11:59.0113 6480 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys 19:11:59.0144 6480 circlass - ok 19:11:59.0159 6480 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys 19:11:59.0175 6480 CLFS - ok 19:11:59.0315 6480 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:11:59.0347 6480 clr_optimization_v2.0.50727_32 - ok 19:11:59.0409 6480 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 19:11:59.0440 6480 clr_optimization_v2.0.50727_64 - ok 19:11:59.0627 6480 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 19:11:59.0674 6480 clr_optimization_v4.0.30319_32 - ok 19:11:59.0705 6480 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 19:11:59.0737 6480 clr_optimization_v4.0.30319_64 - ok 19:11:59.0893 6480 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys 19:11:59.0939 6480 CmBatt - ok 19:11:59.0955 6480 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys 19:11:59.0955 6480 cmdide - ok 19:11:59.0986 6480 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\windows\system32\Drivers\cng.sys 19:12:00.0033 6480 CNG - ok 19:12:00.0049 6480 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys 19:12:00.0064 6480 Compbatt - ok 19:12:00.0064 6480 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys 19:12:00.0095 6480 CompositeBus - ok 19:12:00.0111 6480 COMSysApp - ok 19:12:00.0111 6480 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys 19:12:00.0127 6480 crcdisk - ok 19:12:00.0158 6480 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll 19:12:00.0189 6480 CryptSvc - ok 19:12:00.0236 6480 [ DF214BFF646880D0EB31BDC86136B29B ] CtClsFlt C:\windows\system32\DRIVERS\CtClsFlt.sys 19:12:00.0298 6480 CtClsFlt - ok 19:12:00.0329 6480 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll 19:12:00.0407 6480 DcomLaunch - ok 19:12:00.0423 6480 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll 19:12:00.0517 6480 defragsvc - ok 19:12:00.0517 6480 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys 19:12:00.0563 6480 DfsC - ok 19:12:00.0579 6480 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll 19:12:00.0657 6480 Dhcp - ok 19:12:00.0657 6480 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys 19:12:00.0751 6480 discache - ok 19:12:00.0766 6480 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys 19:12:00.0782 6480 Disk - ok 19:12:00.0813 6480 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll 19:12:00.0860 6480 Dnscache - ok 19:12:00.0875 6480 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll 19:12:00.0922 6480 dot3svc - ok 19:12:01.0094 6480 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll 19:12:01.0172 6480 DPS - ok 19:12:01.0203 6480 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys 19:12:01.0250 6480 drmkaud - ok 19:12:01.0297 6480 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys 19:12:01.0343 6480 DXGKrnl - ok 19:12:01.0375 6480 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll 19:12:01.0437 6480 EapHost - ok 19:12:01.0515 6480 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys 19:12:01.0640 6480 ebdrv - ok 19:12:01.0655 6480 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe 19:12:01.0702 6480 EFS - ok 19:12:01.0780 6480 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe 19:12:01.0858 6480 ehRecvr - ok 19:12:01.0858 6480 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe 19:12:01.0889 6480 ehSched - ok 19:12:01.0936 6480 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys 19:12:01.0999 6480 elxstor - ok 19:12:01.0999 6480 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys 19:12:02.0061 6480 ErrDev - ok 19:12:02.0217 6480 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll 19:12:02.0311 6480 EventSystem - ok 19:12:02.0326 6480 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys 19:12:02.0357 6480 exfat - ok 19:12:02.0373 6480 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys 19:12:02.0420 6480 fastfat - ok 19:12:02.0467 6480 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe 19:12:02.0498 6480 Fax - ok 19:12:02.0513 6480 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys 19:12:02.0529 6480 fdc - ok 19:12:02.0545 6480 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll 19:12:02.0607 6480 fdPHost - ok 19:12:02.0623 6480 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll 19:12:02.0654 6480 FDResPub - ok 19:12:02.0685 6480 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys 19:12:02.0685 6480 FileInfo - ok 19:12:02.0701 6480 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys 19:12:02.0732 6480 Filetrace - ok 19:12:02.0732 6480 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys 19:12:02.0747 6480 flpydisk - ok 19:12:02.0763 6480 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys 19:12:02.0779 6480 FltMgr - ok 19:12:02.0825 6480 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\windows\system32\FntCache.dll 19:12:02.0888 6480 FontCache - ok 19:12:02.0919 6480 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 19:12:02.0935 6480 FontCache3.0.0.0 - ok 19:12:02.0966 6480 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys 19:12:02.0966 6480 FsDepends - ok 19:12:02.0981 6480 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys 19:12:02.0981 6480 Fs_Rec - ok 19:12:03.0013 6480 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys 19:12:03.0028 6480 fvevol - ok 19:12:03.0044 6480 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys 19:12:03.0059 6480 gagp30kx - ok 19:12:03.0122 6480 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 19:12:03.0169 6480 GamesAppService - ok 19:12:03.0340 6480 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll 19:12:03.0387 6480 gpsvc - ok 19:12:03.0481 6480 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 19:12:03.0512 6480 gupdate - ok 19:12:03.0512 6480 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 19:12:03.0527 6480 gupdatem - ok 19:12:03.0574 6480 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 19:12:03.0590 6480 gusvc - ok 19:12:03.0621 6480 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys 19:12:03.0652 6480 hcw85cir - ok 19:12:03.0683 6480 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys 19:12:03.0730 6480 HdAudAddService - ok 19:12:03.0730 6480 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys 19:12:03.0793 6480 HDAudBus - ok 19:12:03.0808 6480 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys 19:12:03.0824 6480 HidBatt - ok 19:12:03.0824 6480 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys 19:12:03.0855 6480 HidBth - ok 19:12:03.0871 6480 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys 19:12:03.0886 6480 HidIr - ok 19:12:03.0902 6480 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll 19:12:03.0980 6480 hidserv - ok 19:12:03.0995 6480 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys 19:12:04.0042 6480 HidUsb - ok 19:12:04.0105 6480 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\windows\system32\drivers\HipShieldK.sys 19:12:04.0105 6480 HipShieldK - ok 19:12:04.0136 6480 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll 19:12:04.0198 6480 hkmsvc - ok 19:12:04.0214 6480 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll 19:12:04.0245 6480 HomeGroupListener - ok 19:12:04.0276 6480 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll 19:12:04.0401 6480 HomeGroupProvider - ok 19:12:04.0479 6480 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys 19:12:04.0526 6480 HpSAMD - ok 19:12:04.0541 6480 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys 19:12:04.0588 6480 HTTP - ok 19:12:04.0604 6480 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys 19:12:04.0604 6480 hwpolicy - ok 19:12:04.0635 6480 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys 19:12:04.0651 6480 i8042prt - ok 19:12:04.0682 6480 [ D469B77687E12FE43E344806740B624D ] iaStor C:\windows\system32\DRIVERS\iaStor.sys 19:12:04.0697 6480 iaStor - ok 19:12:04.0791 6480 [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 19:12:04.0807 6480 IAStorDataMgrSvc - ok 19:12:04.0838 6480 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys 19:12:04.0869 6480 iaStorV - ok 19:12:04.0931 6480 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 19:12:04.0994 6480 idsvc - ok 19:12:05.0275 6480 [ 795C99DC4F574C97C03D0BB39CF099EE ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys 19:12:05.0602 6480 igfx - ok 19:12:05.0649 6480 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys 19:12:05.0680 6480 iirsp - ok 19:12:05.0711 6480 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll 19:12:05.0836 6480 IKEEXT - ok 19:12:05.0914 6480 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys 19:12:05.0977 6480 IntcDAud - ok 19:12:05.0992 6480 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys 19:12:06.0008 6480 intelide - ok 19:12:06.0023 6480 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys 19:12:06.0055 6480 intelppm - ok 19:12:06.0070 6480 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll 19:12:06.0117 6480 IPBusEnum - ok 19:12:06.0117 6480 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys 19:12:06.0195 6480 IpFilterDriver - ok 19:12:06.0226 6480 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll 19:12:06.0273 6480 iphlpsvc - ok 19:12:06.0289 6480 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys 19:12:06.0320 6480 IPMIDRV - ok 19:12:06.0335 6480 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys 19:12:06.0382 6480 IPNAT - ok 19:12:06.0398 6480 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys 19:12:06.0429 6480 IRENUM - ok 19:12:06.0429 6480 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys 19:12:06.0445 6480 isapnp - ok 19:12:06.0460 6480 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys 19:12:06.0476 6480 iScsiPrt - ok 19:12:06.0491 6480 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys 19:12:06.0491 6480 kbdclass - ok 19:12:06.0507 6480 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys 19:12:06.0523 6480 kbdhid - ok 19:12:06.0538 6480 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe 19:12:06.0538 6480 KeyIso - ok 19:12:06.0569 6480 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys 19:12:06.0585 6480 KSecDD - ok 19:12:06.0679 6480 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys 19:12:06.0725 6480 KSecPkg - ok 19:12:06.0913 6480 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys 19:12:06.0991 6480 ksthunk - ok 19:12:07.0022 6480 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll 19:12:07.0115 6480 KtmRm - ok 19:12:07.0147 6480 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll 19:12:07.0193 6480 LanmanServer - ok 19:12:07.0209 6480 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll 19:12:07.0271 6480 LanmanWorkstation - ok 19:12:07.0287 6480 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys 19:12:07.0349 6480 lltdio - ok 19:12:07.0365 6480 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll 19:12:07.0412 6480 lltdsvc - ok 19:12:07.0427 6480 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll 19:12:07.0474 6480 lmhosts - ok 19:12:07.0537 6480 [ 98B16E756243BEA9410E32025B19C06F ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 19:12:07.0583 6480 LMS - ok 19:12:07.0599 6480 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys 19:12:07.0630 6480 LSI_FC - ok 19:12:07.0646 6480 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys 19:12:07.0661 6480 LSI_SAS - ok 19:12:07.0661 6480 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys 19:12:07.0677 6480 LSI_SAS2 - ok 19:12:07.0677 6480 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys 19:12:07.0693 6480 LSI_SCSI - ok 19:12:07.0708 6480 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys 19:12:07.0739 6480 luafv - ok 19:12:07.0942 6480 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\windows\system32\drivers\mbam.sys 19:12:07.0973 6480 MBAMProtector - ok 19:12:08.0036 6480 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 19:12:08.0051 6480 MBAMScheduler - ok 19:12:08.0083 6480 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 19:12:08.0098 6480 MBAMService - ok 19:12:08.0239 6480 [ 9504F1DDA1B67FB8D526FD4F8CC882F3 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe 19:12:08.0270 6480 McAWFwk - ok 19:12:08.0363 6480 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 19:12:08.0410 6480 McMPFSvc - ok 19:12:08.0410 6480 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 19:12:08.0426 6480 mcmscsvc - ok 19:12:08.0457 6480 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 19:12:08.0488 6480 McNaiAnn - ok 19:12:08.0519 6480 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 19:12:08.0535 6480 McNASvc - ok 19:12:08.0660 6480 [ 1814532DB0404C5FB65AA3EB051B2BE5 ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe 19:12:08.0691 6480 McODS - ok 19:12:08.0691 6480 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 19:12:08.0707 6480 McOobeSv - ok 19:12:08.0722 6480 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 19:12:08.0722 6480 McProxy - ok 19:12:08.0816 6480 [ 21F81090A00932C5E96700EDF2977582 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe 19:12:08.0847 6480 McShield - ok 19:12:08.0878 6480 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll 19:12:08.0925 6480 Mcx2Svc - ok 19:12:09.0159 6480 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys 19:12:09.0190 6480 megasas - ok 19:12:09.0237 6480 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys 19:12:09.0284 6480 MegaSR - ok 19:12:09.0299 6480 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys 19:12:09.0315 6480 MEIx64 - ok 19:12:09.0331 6480 [ B1720E97FABBDF7D30B36DAF19C3DEE8 ] mfeapfk C:\windows\system32\drivers\mfeapfk.sys 19:12:09.0346 6480 mfeapfk - ok 19:12:09.0377 6480 [ 113F1534B80D65DFDCA660F19967A3B7 ] mfeavfk C:\windows\system32\drivers\mfeavfk.sys 19:12:09.0393 6480 mfeavfk - ok 19:12:09.0424 6480 mfeavfk01 - ok 19:12:09.0455 6480 [ C4F521310E40327BBC8E8E71DA344F48 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe 19:12:09.0502 6480 mfefire - ok 19:12:09.0533 6480 [ CECC9841D036EE008091825272D91331 ] mfefirek C:\windows\system32\drivers\mfefirek.sys 19:12:09.0549 6480 mfefirek - ok 19:12:09.0596 6480 [ EF0F85EDBDF6C0AB467E88E0CEE2B346 ] mfehidk C:\windows\system32\drivers\mfehidk.sys 19:12:09.0643 6480 mfehidk - ok 19:12:09.0658 6480 [ 6E3A46BF6CBB80450CC24F80FE03ED5A ] mferkdet C:\windows\system32\drivers\mferkdet.sys 19:12:09.0674 6480 mferkdet - ok 19:12:09.0721 6480 [ 341BFCAA3A55C08E8C9ECB1654ACA905 ] mfevtp C:\Windows\system32\mfevtps.exe 19:12:09.0752 6480 mfevtp - ok 19:12:09.0799 6480 [ 2802D09F1B6ED502237539563F3C4992 ] mfewfpk C:\windows\system32\drivers\mfewfpk.sys 19:12:09.0830 6480 mfewfpk - ok 19:12:09.0955 6480 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll 19:12:10.0017 6480 MMCSS - ok 19:12:10.0033 6480 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys 19:12:10.0079 6480 Modem - ok 19:12:10.0157 6480 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys 19:12:10.0251 6480 monitor - ok 19:12:10.0267 6480 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys 19:12:10.0267 6480 mouclass - ok 19:12:10.0282 6480 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\drivers\mouhid.sys 19:12:10.0329 6480 mouhid - ok 19:12:10.0329 6480 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys 19:12:10.0345 6480 mountmgr - ok 19:12:10.0345 6480 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys 19:12:10.0360 6480 mpio - ok 19:12:10.0360 6480 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys 19:12:10.0407 6480 mpsdrv - ok 19:12:10.0438 6480 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll 19:12:10.0485 6480 MpsSvc - ok 19:12:10.0501 6480 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys 19:12:10.0516 6480 MRxDAV - ok 19:12:10.0563 6480 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys 19:12:10.0641 6480 mrxsmb - ok 19:12:10.0657 6480 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys 19:12:10.0672 6480 mrxsmb10 - ok 19:12:10.0688 6480 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys 19:12:10.0703 6480 mrxsmb20 - ok 19:12:10.0703 6480 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys 19:12:10.0719 6480 msahci - ok 19:12:10.0719 6480 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys 19:12:10.0735 6480 msdsm - ok 19:12:10.0750 6480 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe 19:12:10.0781 6480 MSDTC - ok 19:12:10.0797 6480 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys 19:12:10.0844 6480 Msfs - ok 19:12:10.0844 6480 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys 19:12:10.0891 6480 mshidkmdf - ok 19:12:10.0906 6480 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys 19:12:10.0906 6480 msisadrv - ok 19:12:10.0922 6480 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll 19:12:10.0969 6480 MSiSCSI - ok 19:12:10.0984 6480 msiserver - ok 19:12:11.0000 6480 [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 19:12:11.0015 6480 MSK80Service - ok 19:12:11.0047 6480 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys 19:12:11.0109 6480 MSKSSRV - ok 19:12:11.0125 6480 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys 19:12:11.0187 6480 MSPCLOCK - ok 19:12:11.0187 6480 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys 19:12:11.0218 6480 MSPQM - ok 19:12:11.0234 6480 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys 19:12:11.0249 6480 MsRPC - ok 19:12:11.0265 6480 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys 19:12:11.0265 6480 mssmbios - ok 19:12:11.0312 6480 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys 19:12:11.0405 6480 MSTEE - ok 19:12:11.0421 6480 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys 19:12:11.0483 6480 MTConfig - ok 19:12:11.0515 6480 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys 19:12:11.0530 6480 Mup - ok 19:12:11.0577 6480 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll 19:12:11.0639 6480 napagent - ok 19:12:11.0686 6480 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys 19:12:11.0717 6480 NativeWifiP - ok 19:12:11.0811 6480 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe 19:12:11.0842 6480 NAUpdate - ok 19:12:11.0905 6480 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys 19:12:11.0983 6480 NDIS - ok 19:12:12.0014 6480 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys 19:12:12.0061 6480 NdisCap - ok 19:12:12.0061 6480 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys 19:12:12.0107 6480 NdisTapi - ok 19:12:12.0107 6480 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys 19:12:12.0139 6480 Ndisuio - ok 19:12:12.0139 6480 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys 19:12:12.0185 6480 NdisWan - ok 19:12:12.0185 6480 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys 19:12:12.0279 6480 NDProxy - ok 19:12:12.0279 6480 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys 19:12:12.0326 6480 NetBIOS - ok 19:12:12.0341 6480 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys 19:12:12.0373 6480 NetBT - ok 19:12:12.0435 6480 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe 19:12:12.0451 6480 Netlogon - ok 19:12:12.0529 6480 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll 19:12:12.0607 6480 Netman - ok 19:12:12.0622 6480 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:12:12.0638 6480 NetMsmqActivator - ok 19:12:12.0653 6480 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:12:12.0669 6480 NetPipeActivator - ok 19:12:12.0685 6480 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll 19:12:12.0778 6480 netprofm - ok 19:12:12.0778 6480 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:12:12.0778 6480 NetTcpActivator - ok 19:12:12.0794 6480 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:12:12.0809 6480 NetTcpPortSharing - ok 19:12:12.0825 6480 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys 19:12:12.0841 6480 nfrd960 - ok 19:12:12.0872 6480 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll 19:12:12.0887 6480 NlaSvc - ok 19:12:12.0934 6480 [ 4903177FC90E77ABEB19021451E9475E ] nmwcd C:\windows\system32\drivers\ccdcmbx64.sys 19:12:13.0012 6480 nmwcd - ok 19:12:13.0028 6480 [ E6844A4C97E5409BBE24BB4ED000320D ] nmwcdc C:\windows\system32\drivers\ccdcmbox64.sys 19:12:13.0059 6480 nmwcdc - ok 19:12:13.0199 6480 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe 19:12:13.0309 6480 NOBU - ok 19:12:13.0324 6480 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys 19:12:13.0355 6480 Npfs - ok 19:12:13.0387 6480 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll 19:12:13.0449 6480 nsi - ok 19:12:13.0465 6480 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys 19:12:13.0511 6480 nsiproxy - ok 19:12:13.0667 6480 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\windows\system32\drivers\Ntfs.sys 19:12:13.0730 6480 Ntfs - ok 19:12:13.0730 6480 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys 19:12:13.0777 6480 Null - ok 19:12:13.0777 6480 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys 19:12:13.0792 6480 nvraid - ok 19:12:13.0808 6480 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys 19:12:13.0823 6480 nvstor - ok 19:12:13.0823 6480 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys 19:12:13.0839 6480 nv_agp - ok 19:12:13.0855 6480 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys 19:12:13.0901 6480 ohci1394 - ok 19:12:13.0948 6480 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 19:12:13.0979 6480 ose - ok 19:12:14.0151 6480 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 19:12:14.0291 6480 osppsvc - ok 19:12:14.0323 6480 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll 19:12:14.0369 6480 p2pimsvc - ok 19:12:14.0401 6480 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll 19:12:14.0416 6480 p2psvc - ok 19:12:14.0432 6480 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys 19:12:14.0447 6480 Parport - ok 19:12:14.0463 6480 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys 19:12:14.0479 6480 partmgr - ok 19:12:14.0479 6480 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll 19:12:14.0525 6480 PcaSvc - ok 19:12:14.0557 6480 [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd C:\windows\system32\DRIVERS\pccsmcfdx64.sys 19:12:14.0603 6480 pccsmcfd - ok 19:12:14.0666 6480 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys 19:12:14.0681 6480 pci - ok 19:12:14.0697 6480 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys 19:12:14.0713 6480 pciide - ok 19:12:14.0728 6480 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys 19:12:14.0744 6480 pcmcia - ok 19:12:14.0744 6480 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys 19:12:14.0759 6480 pcw - ok 19:12:14.0775 6480 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys 19:12:14.0822 6480 PEAUTH - ok 19:12:15.0040 6480 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe 19:12:15.0087 6480 PerfHost - ok 19:12:15.0181 6480 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll 19:12:15.0274 6480 pla - ok 19:12:15.0305 6480 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll 19:12:15.0368 6480 PlugPlay - ok 19:12:15.0383 6480 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll 19:12:15.0430 6480 PNRPAutoReg - ok 19:12:15.0430 6480 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll 19:12:15.0446 6480 PNRPsvc - ok 19:12:15.0477 6480 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll 19:12:15.0555 6480 PolicyAgent - ok 19:12:15.0586 6480 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\windows\system32\umpo.dll 19:12:15.0633 6480 Power - ok 19:12:15.0664 6480 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys 19:12:15.0727 6480 PptpMiniport - ok 19:12:15.0742 6480 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys 19:12:15.0773 6480 Processor - ok 19:12:15.0820 6480 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll 19:12:15.0945 6480 ProfSvc - ok 19:12:15.0976 6480 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe 19:12:16.0007 6480 ProtectedStorage - ok 19:12:16.0023 6480 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys 19:12:16.0117 6480 Psched - ok 19:12:16.0163 6480 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys 19:12:16.0195 6480 PxHlpa64 - ok 19:12:16.0257 6480 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys 19:12:16.0335 6480 ql2300 - ok 19:12:16.0351 6480 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys 19:12:16.0366 6480 ql40xx - ok 19:12:16.0382 6480 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll 19:12:16.0397 6480 QWAVE - ok 19:12:16.0397 6480 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys 19:12:16.0444 6480 QWAVEdrv - ok 19:12:16.0444 6480 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys 19:12:16.0475 6480 RasAcd - ok 19:12:16.0522 6480 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys 19:12:16.0569 6480 RasAgileVpn - ok 19:12:16.0585 6480 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll 19:12:16.0631 6480 RasAuto - ok 19:12:16.0647 6480 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys 19:12:16.0678 6480 Rasl2tp - ok 19:12:16.0694 6480 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll 19:12:16.0741 6480 RasMan - ok 19:12:16.0741 6480 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys 19:12:16.0787 6480 RasPppoe - ok 19:12:16.0787 6480 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys 19:12:16.0834 6480 RasSstp - ok 19:12:16.0850 6480 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys 19:12:16.0897 6480 rdbss - ok 19:12:16.0897 6480 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys 19:12:16.0928 6480 rdpbus - ok 19:12:16.0928 6480 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys 19:12:16.0959 6480 RDPCDD - ok 19:12:16.0975 6480 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys 19:12:17.0068 6480 RDPENCDD - ok 19:12:17.0068 6480 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys 19:12:17.0099 6480 RDPREFMP - ok 19:12:17.0162 6480 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys 19:12:17.0224 6480 RdpVideoMiniport - ok 19:12:17.0271 6480 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys 19:12:17.0318 6480 RDPWD - ok 19:12:17.0333 6480 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys 19:12:17.0349 6480 rdyboost - ok 19:12:17.0365 6480 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll 19:12:17.0411 6480 RemoteAccess - ok 19:12:17.0427 6480 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll 19:12:17.0474 6480 RemoteRegistry - ok 19:12:17.0489 6480 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys 19:12:17.0536 6480 RFCOMM - ok 19:12:17.0692 6480 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe 19:12:17.0755 6480 RoxMediaDB12OEM - ok 19:12:17.0770 6480 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe 19:12:17.0786 6480 RoxWatch12 - ok 19:12:17.0833 6480 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll 19:12:17.0879 6480 RpcEptMapper - ok 19:12:17.0911 6480 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe 19:12:17.0926 6480 RpcLocator - ok 19:12:17.0957 6480 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll 19:12:18.0020 6480 RpcSs - ok 19:12:18.0067 6480 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys 19:12:18.0129 6480 rspndr - ok 19:12:18.0316 6480 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys 19:12:18.0347 6480 RSUSBSTOR - ok 19:12:18.0441 6480 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys 19:12:18.0488 6480 RTL8167 - ok 19:12:18.0503 6480 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe 19:12:18.0535 6480 SamSs - ok 19:12:18.0566 6480 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys 19:12:18.0566 6480 sbp2port - ok 19:12:18.0597 6480 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll 19:12:18.0659 6480 SCardSvr - ok 19:12:18.0659 6480 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys 19:12:18.0706 6480 scfilter - ok 19:12:18.0737 6480 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll 19:12:18.0800 6480 Schedule - ok 19:12:18.0831 6480 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll 19:12:18.0862 6480 SCPolicySvc - ok 19:12:18.0878 6480 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll 19:12:18.0893 6480 SDRSVC - ok 19:12:18.0940 6480 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys 19:12:18.0971 6480 secdrv - ok 19:12:18.0987 6480 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll 19:12:19.0018 6480 seclogon - ok 19:12:19.0034 6480 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll 19:12:19.0112 6480 SENS - ok 19:12:19.0159 6480 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll 19:12:19.0205 6480 SensrSvc - ok 19:12:19.0268 6480 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys 19:12:19.0330 6480 Serenum - ok 19:12:19.0408 6480 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys 19:12:19.0455 6480 Serial - ok 19:12:19.0471 6480 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys 19:12:19.0502 6480 sermouse - ok 19:12:19.0611 6480 [ 289E853881E688286AD24299FCC485D8 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe 19:12:19.0642 6480 ServiceLayer - ok 19:12:19.0673 6480 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll 19:12:19.0736 6480 SessionEnv - ok 19:12:19.0751 6480 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys 19:12:19.0783 6480 sffdisk - ok 19:12:19.0798 6480 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys 19:12:19.0829 6480 sffp_mmc - ok 19:12:19.0845 6480 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys 19:12:19.0907 6480 sffp_sd - ok 19:12:19.0907 6480 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys 19:12:19.0923 6480 sfloppy - ok 19:12:20.0063 6480 [ 4215C271D6E6898C3F4DABAB4F387DC9 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE 19:12:20.0157 6480 SftService - ok 19:12:20.0173 6480 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll 19:12:20.0266 6480 SharedAccess - ok 19:12:20.0282 6480 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll 19:12:20.0344 6480 ShellHWDetection - ok 19:12:20.0422 6480 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys 19:12:20.0453 6480 SiSRaid2 - ok 19:12:20.0500 6480 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys 19:12:20.0531 6480 SiSRaid4 - ok 19:12:20.0578 6480 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 19:12:20.0609 6480 SkypeUpdate - ok 19:12:20.0625 6480 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys 19:12:20.0656 6480 Smb - ok 19:12:20.0703 6480 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe 19:12:20.0734 6480 SNMPTRAP - ok 19:12:20.0750 6480 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys 19:12:20.0765 6480 spldr - ok 19:12:20.0812 6480 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe 19:12:20.0859 6480 Spooler - ok 19:12:20.0953 6480 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe 19:12:21.0093 6480 sppsvc - ok 19:12:21.0093 6480 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll 19:12:21.0140 6480 sppuinotify - ok 19:12:21.0155 6480 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys 19:12:21.0218 6480 srv - ok 19:12:21.0233 6480 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys 19:12:21.0296 6480 srv2 - ok 19:12:21.0311 6480 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys 19:12:21.0327 6480 srvnet - ok 19:12:21.0358 6480 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll 19:12:21.0421 6480 SSDPSRV - ok 19:12:21.0421 6480 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll 19:12:21.0467 6480 SstpSvc - ok 19:12:21.0686 6480 [ A6B2EC3A2B6AD7C3F7B2F3495CADE4C0 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe 19:12:21.0733 6480 STacSV - ok 19:12:21.0748 6480 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys 19:12:21.0764 6480 stexstor - ok 19:12:21.0826 6480 [ EBA98394A7D58F7552C52192BD8FA7E6 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys 19:12:21.0873 6480 STHDA - ok 19:12:21.0920 6480 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll 19:12:21.0967 6480 stisvc - ok 19:12:22.0013 6480 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe 19:12:22.0045 6480 stllssvr - ok 19:12:22.0076 6480 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys 19:12:22.0076 6480 swenum - ok 19:12:22.0123 6480 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll 19:12:22.0232 6480 swprv - ok 19:12:22.0263 6480 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll 19:12:22.0372 6480 SysMain - ok 19:12:22.0372 6480 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll 19:12:22.0403 6480 TabletInputService - ok 19:12:22.0419 6480 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll 19:12:22.0497 6480 TapiSrv - ok 19:12:22.0513 6480 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll 19:12:22.0544 6480 TBS - ok 19:12:22.0793 6480 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\windows\system32\drivers\tcpip.sys 19:12:22.0856 6480 Tcpip - ok 19:12:22.0887 6480 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys 19:12:22.0918 6480 TCPIP6 - ok 19:12:22.0949 6480 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys 19:12:22.0996 6480 tcpipreg - ok 19:12:23.0012 6480 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys 19:12:23.0059 6480 TDPIPE - ok 19:12:23.0059 6480 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys 19:12:23.0074 6480 TDTCP - ok 19:12:23.0090 6480 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys 19:12:23.0152 6480 tdx - ok 19:12:23.0168 6480 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys 19:12:23.0168 6480 TermDD - ok 19:12:23.0230 6480 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll 19:12:23.0293 6480 TermService - ok 19:12:23.0293 6480 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll 19:12:23.0308 6480 Themes - ok 19:12:23.0355 6480 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll 19:12:23.0402 6480 THREADORDER - ok 19:12:23.0433 6480 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll 19:12:23.0495 6480 TrkWks - ok 19:12:23.0527 6480 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe 19:12:23.0589 6480 TrustedInstaller - ok 19:12:23.0605 6480 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys 19:12:23.0651 6480 tssecsrv - ok 19:12:23.0683 6480 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys 19:12:23.0745 6480 TsUsbFlt - ok 19:12:23.0776 6480 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys 19:12:23.0792 6480 TsUsbGD - ok 19:12:23.0885 6480 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys 19:12:23.0932 6480 tunnel - ok 19:12:23.0932 6480 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys 19:12:23.0948 6480 uagp35 - ok 19:12:23.0948 6480 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys 19:12:24.0010 6480 udfs - ok 19:12:24.0041 6480 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe 19:12:24.0057 6480 UI0Detect - ok 19:12:24.0057 6480 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys 19:12:24.0073 6480 uliagpkx - ok 19:12:24.0088 6480 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys 19:12:24.0104 6480 umbus - ok 19:12:24.0104 6480 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys 19:12:24.0135 6480 UmPass - ok 19:12:24.0260 6480 [ 7A78ED1088890114DFDE2C4AB038D6B6 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 19:12:24.0369 6480 UNS - ok 19:12:24.0400 6480 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll 19:12:24.0478 6480 upnphost - ok 19:12:24.0509 6480 [ 907F50B8695DAA65A9445D27AD306E65 ] upperdev C:\windows\system32\DRIVERS\usbser_lowerfltx64.sys 19:12:24.0587 6480 upperdev - ok 19:12:24.0619 6480 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys 19:12:24.0681 6480 usbccgp - ok 19:12:24.0681 6480 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys 19:12:24.0712 6480 usbcir - ok 19:12:24.0712 6480 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys 19:12:24.0743 6480 usbehci - ok 19:12:24.0775 6480 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys 19:12:24.0806 6480 usbhub - ok 19:12:24.0806 6480 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys 19:12:24.0837 6480 usbohci - ok 19:12:24.0868 6480 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys 19:12:24.0946 6480 usbprint - ok 19:12:25.0024 6480 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\windows\system32\drivers\usbser.sys 19:12:25.0071 6480 usbser - ok 19:12:25.0087 6480 [ 3F7498527B48657091C355F683BEB0DD ] UsbserFilt C:\windows\system32\DRIVERS\usbser_lowerfltjx64.sys 19:12:25.0133 6480 UsbserFilt - ok 19:12:25.0149 6480 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS 19:12:25.0196 6480 USBSTOR - ok 19:12:25.0211 6480 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys 19:12:25.0227 6480 usbuhci - ok 19:12:25.0243 6480 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys 19:12:25.0258 6480 usbvideo - ok 19:12:25.0289 6480 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll 19:12:25.0367 6480 UxSms - ok 19:12:25.0383 6480 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe 19:12:25.0414 6480 VaultSvc - ok 19:12:25.0445 6480 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys 19:12:25.0477 6480 vdrvroot - ok 19:12:25.0508 6480 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe 19:12:25.0555 6480 vds - ok 19:12:25.0555 6480 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys 19:12:25.0570 6480 vga - ok 19:12:25.0570 6480 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys 19:12:25.0617 6480 VgaSave - ok 19:12:25.0633 6480 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys 19:12:25.0648 6480 vhdmp - ok 19:12:25.0648 6480 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys 19:12:25.0664 6480 viaide - ok 19:12:25.0664 6480 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys 19:12:25.0679 6480 volmgr - ok 19:12:25.0695 6480 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys 19:12:25.0711 6480 volmgrx - ok 19:12:25.0726 6480 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys 19:12:25.0742 6480 volsnap - ok 19:12:25.0757 6480 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys 19:12:25.0773 6480 vsmraid - ok 19:12:25.0835 6480 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe 19:12:25.0913 6480 VSS - ok 19:12:25.0913 6480 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys 19:12:25.0929 6480 vwifibus - ok 19:12:25.0960 6480 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys 19:12:25.0991 6480 vwififlt - ok 19:12:26.0023 6480 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll 19:12:26.0069 6480 W32Time - ok 19:12:26.0132 6480 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys 19:12:26.0179 6480 WacomPen - ok 19:12:26.0179 6480 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys 19:12:26.0225 6480 WANARP - ok 19:12:26.0241 6480 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys 19:12:26.0288 6480 Wanarpv6 - ok 19:12:26.0335 6480 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe 19:12:26.0506 6480 wbengine - ok 19:12:26.0522 6480 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll 19:12:26.0553 6480 WbioSrvc - ok 19:12:26.0553 6480 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll 19:12:26.0600 6480 wcncsvc - ok 19:12:26.0600 6480 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll 19:12:26.0647 6480 WcsPlugInService - ok 19:12:26.0678 6480 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys 19:12:26.0693 6480 Wd - ok 19:12:26.0756 6480 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys 19:12:26.0818 6480 Wdf01000 - ok 19:12:26.0834 6480 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll 19:12:26.0927 6480 WdiServiceHost - ok 19:12:26.0927 6480 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll 19:12:26.0943 6480 WdiSystemHost - ok 19:12:26.0974 6480 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll 19:12:27.0005 6480 WebClient - ok 19:12:27.0021 6480 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll 19:12:27.0099 6480 Wecsvc - ok 19:12:27.0161 6480 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll 19:12:27.0208 6480 wercplsupport - ok 19:12:27.0302 6480 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll 19:12:27.0349 6480 WerSvc - ok 19:12:27.0458 6480 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys 19:12:27.0536 6480 WfpLwf - ok 19:12:27.0551 6480 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys 19:12:27.0614 6480 WimFltr - ok 19:12:27.0629 6480 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys 19:12:27.0645 6480 WIMMount - ok 19:12:27.0661 6480 WinDefend - ok 19:12:27.0692 6480 WinHttpAutoProxySvc - ok 19:12:27.0817 6480 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll 19:12:27.0895 6480 Winmgmt - ok 19:12:27.0973 6480 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll 19:12:28.0066 6480 WinRM - ok 19:12:28.0113 6480 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll 19:12:28.0175 6480 Wlansvc - ok 19:12:28.0207 6480 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 19:12:28.0222 6480 wlcrasvc - ok 19:12:28.0628 6480 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 19:12:28.0737 6480 wlidsvc - ok 19:12:28.0768 6480 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys 19:12:28.0799 6480 WmiAcpi - ok 19:12:28.0831 6480 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe 19:12:28.0877 6480 wmiApSrv - ok 19:12:28.0893 6480 WMPNetworkSvc - ok 19:12:28.0940 6480 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll 19:12:28.0987 6480 WPCSvc - ok 19:12:29.0002 6480 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll 19:12:29.0033 6480 WPDBusEnum - ok 19:12:29.0049 6480 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys 19:12:29.0096 6480 ws2ifsl - ok 19:12:29.0096 6480 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll 19:12:29.0127 6480 wscsvc - ok 19:12:29.0127 6480 WSearch - ok 19:12:29.0221 6480 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll 19:12:29.0314 6480 wuauserv - ok 19:12:29.0345 6480 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys 19:12:29.0392 6480 WudfPf - ok 19:12:29.0501 6480 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys 19:12:29.0611 6480 WUDFRd - ok 19:12:29.0642 6480 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll 19:12:29.0689 6480 wudfsvc - ok 19:12:29.0720 6480 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\windows\System32\wwansvc.dll 19:12:29.0782 6480 WwanSvc - ok 19:12:29.0813 6480 ================ Scan global =============================== 19:12:29.0845 6480 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll 19:12:29.0876 6480 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll 19:12:29.0907 6480 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll 19:12:29.0923 6480 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll 19:12:29.0954 6480 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe 19:12:29.0969 6480 [Global] - ok 19:12:29.0969 6480 ================ Scan MBR ================================== 19:12:30.0001 6480 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 19:12:30.0391 6480 \Device\Harddisk0\DR0 - ok 19:12:30.0391 6480 ================ Scan VBR ================================== 19:12:30.0391 6480 [ 5194AFC47CB281A614AE40A6CB9D9B25 ] \Device\Harddisk0\DR0\Partition1 19:12:30.0391 6480 \Device\Harddisk0\DR0\Partition1 - ok 19:12:30.0422 6480 [ 98DC1CDFF4AB0E27F5BFEF327D5B9724 ] \Device\Harddisk0\DR0\Partition2 19:12:30.0422 6480 \Device\Harddisk0\DR0\Partition2 - ok 19:12:30.0422 6480 ============================================================ 19:12:30.0422 6480 Scan finished 19:12:30.0422 6480 ============================================================ 19:12:30.0453 5232 Detected object count: 2 19:12:30.0453 5232 Actual detected object count: 2 19:14:59.0995 5232 Atheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - skipped by user 19:14:59.0995 5232 Atheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:14:59.0995 5232 AtherosSvc ( UnsignedFile.Multi.Generic ) - skipped by user 19:14:59.0995 5232 AtherosSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip Danke! Freue mich auf weitere Anweisungen! Gruss solonia |
|
10.06.2013, 21:18
| #6 |
| /// Malware-holic | Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! Hi, immer mit der Ruhe, ist viel zu tun heute. Scan mit Combofix
__________________ --> Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! |
|
10.06.2013, 21:56
| #7 |
| | Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! Hi, wollte nicht ungeduldig klingen! War auch so nicht gemeint! Ich schätze Eure Hilfe sehr und warte gerne! So, hatte Firewall, Antispam von und Aktiver Scan von Macfee deaktiviert, Malwarebytes runtergelöscht und dann Combofix laufen lassen! Lief gerade ... Es gabe keine Probleme beim Starten von Combofix .. Laptop hat sich nicht ausgeschaltet oder so! Und hier ist der Logfile: Code:
ATTFilter ComboFix 13-06-08.02 - smenz 10.06.2013 22:39:08.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4004.2357 [GMT 2:00]
ausgeführt von:: c:\users\smenz\Desktop\Downloads\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6261\AddOnDownloaded\1e512ef2-01fb-49fb-b09b-71de0eac4612.dll
c:\programdata\PCDr\6261\AddOnDownloaded\27ada864-54d8-46c9-a6e3-8334fa39b525.dll
c:\programdata\PCDr\6261\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll
c:\programdata\PCDr\6261\AddOnDownloaded\b69d9551-76e9-4872-95f8-075916f82d74.dll
c:\users\smenz\GoToAssistDownloadHelper.exe
c:\users\smenz\Uninstall.exe
c:\windows\RPSETUP.EXE.LOG
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-10 bis 2013-06-10 ))))))))))))))))))))))))))))))
.
.
2013-06-10 20:45 . 2013-06-10 20:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-10 12:10 . 2013-06-10 12:10 -------- d-----w- c:\users\smenz\AppData\Roaming\Malwarebytes
2013-06-10 12:09 . 2013-06-10 12:09 -------- d-----w- c:\programdata\Malwarebytes
2013-06-10 12:09 . 2013-06-10 12:09 -------- d-----w- c:\users\smenz\AppData\Local\Programs
2013-06-10 09:33 . 2013-06-10 09:33 -------- d-----w- c:\program files (x86)\Common Files\Atheros
2013-06-02 13:27 . 2013-06-02 13:28 -------- d-----w- c:\windows\SysWow64\jmdp
2013-06-02 13:27 . 2013-06-02 13:27 -------- d-----w- c:\windows\SysWow64\ARFC
2013-06-02 13:27 . 2013-06-06 18:15 -------- d-----w- c:\windows\SysWow64\WNLT
2013-06-02 13:27 . 2013-05-21 13:31 1447728 ----a-w- c:\windows\system32\dmwu.exe
2013-06-02 13:27 . 2013-05-21 13:30 33792 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-05-23 12:09 . 2013-05-23 12:09 -------- d-----w- c:\programdata\PC-Doctor for Windows
2013-05-23 12:08 . 2013-05-23 12:09 -------- d-----w- c:\program files\My Dell
2013-05-15 16:35 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 16:35 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 16:35 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 16:35 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 16:35 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 16:35 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 16:34 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 16:34 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 16:34 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 16:34 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 16:34 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 16:34 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 17:03 . 2012-10-24 11:56 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 09:58 . 2012-07-04 14:47 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 09:58 . 2012-07-04 14:47 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-08 09:10 . 2010-06-24 16:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-07 10:08 . 2013-05-07 10:08 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-07 10:08 . 2013-05-07 10:08 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-07 10:08 . 2013-05-07 10:08 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-07 10:08 . 2013-05-07 10:08 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-07 10:08 . 2013-05-07 10:08 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-07 10:08 . 2013-05-07 10:08 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-07 10:08 . 2013-05-07 10:08 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-07 10:08 . 2013-05-07 10:08 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-07 10:08 . 2013-05-07 10:08 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-07 10:08 . 2013-05-07 10:08 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-07 10:08 . 2013-05-07 10:08 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-07 10:08 . 2013-05-07 10:08 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-07 10:08 . 2013-05-07 10:08 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-07 10:08 . 2013-05-07 10:08 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-07 10:08 . 2013-05-07 10:08 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-07 10:08 . 2013-05-07 10:08 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-07 10:08 . 2013-05-07 10:08 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-07 10:08 . 2013-05-07 10:08 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-07 10:08 . 2013-05-07 10:08 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-07 10:08 . 2013-05-07 10:08 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-07 10:08 . 2013-05-07 10:08 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-07 10:08 . 2013-05-07 10:08 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-07 10:08 . 2013-05-07 10:08 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-07 10:08 . 2013-05-07 10:08 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-07 10:08 . 2013-05-07 10:08 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-07 10:08 . 2013-05-07 10:08 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-07 10:08 . 2013-05-07 10:08 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-07 10:08 . 2013-05-07 10:08 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-07 10:08 . 2013-05-07 10:08 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-07 10:08 . 2013-05-07 10:08 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-07 10:08 . 2013-05-07 10:08 441856 ----a-w- c:\windows\system32\html.iec
2013-05-07 10:08 . 2013-05-07 10:08 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-07 10:08 . 2013-05-07 10:08 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-07 10:08 . 2013-05-07 10:08 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-07 10:08 . 2013-05-07 10:08 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-07 10:08 . 2013-05-07 10:08 235008 ----a-w- c:\windows\system32\url.dll
2013-05-07 10:08 . 2013-05-07 10:08 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-07 10:08 . 2013-05-07 10:08 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-07 10:08 . 2013-05-07 10:08 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-07 10:08 . 2013-05-07 10:08 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-07 10:08 . 2013-05-07 10:08 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-07 10:08 . 2013-05-07 10:08 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-07 10:08 . 2013-05-07 10:08 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-07 10:08 . 2013-05-07 10:08 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-07 10:08 . 2013-05-07 10:08 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-07 10:08 . 2013-05-07 10:08 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-07 10:08 . 2013-05-07 10:08 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-07 10:08 . 2013-05-07 10:08 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-07 10:08 . 2013-05-07 10:08 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-13 05:49 . 2013-05-15 16:35 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 16:35 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 16:35 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 16:35 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 16:35 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 16:35 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 10:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-19 06:04 . 2013-04-10 12:32 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 12:32 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 12:32 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 12:32 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 12:32 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 12:32 112640 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 13:03 1310040 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-10-24 00:36 194928 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yontoo Desktop"="c:\users\smenz\AppData\Roaming\Yontoo\YontooDesktop.exe" [2013-01-31 42784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-05-10 37960]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2012-05-09 577536]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
.
c:\users\smenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 228448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-06 11:18 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-04 09:58]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-19 13:42]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-19 13:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-05-20 627360]
"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-05-20 379552]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.cafeastrology.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Amazon MP3-Downloader - c:\users\smenz\Uninstall.exe
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-10 22:47:26
ComboFix-quarantined-files.txt 2013-06-10 20:47
.
Vor Suchlauf: 9 Verzeichnis(se), 428.269.539.328 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 428.813.332.480 Bytes frei
.
- - End Of File - - D87664577282455FE64C7E03D9A218AB
D41D8CD98F00B204E9800998ECF8427E
Also, wahrscheinlich geht es jetzt morgen weiter? Ich bin noch eine Weile wach (1,5-2 Std auf jeden Falle), aber bitte keinen Druck! Ich könnte auch ins Bett gehen und morgen weiter machen, oder? Ich bin so dankbar für Eure HIlfe hier! Noch eine Frage: ich habe meistens nur die Logfiles gesendet, bei TDSS Rootkit Modul die Dateien nicht gelöscht. War das alles richtig? Liebe Grüße s |
|
10.06.2013, 22:45
| #8 |
| /// Malware-holic | Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! wieso lief malwarebytes, davon stand noch nichts da. vor allem, wo ist der Bericht? http://www.trojaner-board.de/125889-...en-posten.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.06.2013, 23:07
| #9 |
| | Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! Hallo, also den Bericht von Malwarebyte habe ich am Anfang des Thread gesendet! Siehe ganz oben und das Logfile dazugesendet! Erinnern sich? Und dann den Fund danach gelöscht, das hatten Sie mir auch aufgetragen! Und Malwarebyte habe ich gelöscht, weil ich mir sicher war, ob es combofix an der Ausführung hindern würde! Ich kann es ja jederzeit wieder neu herunterladen! Alles okay? Zur Sicherheit hier noch mal der Logfile vom Anfang dieses Threads: Logfile: [CODE][Logfile: Soll ich das gefundene File löschen, entfernen? Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.10.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 smenz :: NOTEBOOK-N5050 [Administrator] Schutz: Aktiviert 10.06.2013 14:11:37 MBAM-log-2013-06-10 (15-51-07).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 351808 Laufzeit: 1 Stunde(n), 12 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende)/CODE] Gruss solonia |
|
10.06.2013, 23:18
| #10 |
| /// Malware-holic | Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! a, ich dachte, du hast noch einen erstellt. :-) lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.06.2013, 00:03
| #11 |
| | Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! Hallo zu später STunde! Ja, da bin ich aber froh, das die Missverständnisse geklärt sind. :-)! Hier die Liste mit den Installierten Programmen und die gewünschte Einstufung: Code:
ATTFilter Adobe AIR Adobe Systems Incorporated 29.01.2013 3.5.0.1060 NOTWENDIG
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 15.05.2013 6,00 MB 11.7.700.202 NOTWENDIG
Adobe Reader X (10.1.7) MUI Adobe Systems Incorporated 15.05.2013 480 MB 10.1.7 NOTWENDIG
Advanced Audio FX Engine Creative Technology Ltd 07.12.2012 1.12.05 UNBEKANNT
Amazon Kindle Amazon 16.12.2012 NOTWENDIG
Amazon MP3-Downloader 1.0.17 Amazon Services LLC 26.11.2012 1.0.17 NOTWENDIG
CCleaner Piriform 24.05.2013 4.02 WEiterhin NOTWENDIG?
Dell DataSafe Local Backup Dell Inc. 04.07.2012 9.4.67 NOTWENDIG
Dell DataSafe Local Backup - Support Software Dell Inc. 04.07.2012 9.4.67 NOTWENDIG
Dell DataSafe Online Dell 04.07.2012 6,46 MB 2.1.19634 NOTWENDIG
Dell MusicStage Fingertapps 04.07.2012 90,4 MB 1.6.225.0 NOTWENDIG
Dell PhotoStage ArcSoft 04.07.2012 165 MB 1.5.0.130 NOTWENDIG
Dell Stage Fingertapps 04.07.2012 86,1 MB 1.7.209.0 NOTWENDIG
Dell Stage Remote ArcSoft 04.07.2012 80,8 MB 2.0.0.43 NOTWENDIG
Dell Touchpad ALPS ELECTRIC CO., LTD. 04.07.2012 7.1207.101.225 NOTWENDIG
Dell Webcam Central Creative Technology Ltd 07.12.2012 2.01.17 NOTWENDIG
Dell WLAN and Bluetooth Client Installation Dell Inc. 10.06.2013 9.0 NOTWENDIG
eBay eBay Inc. 04.07.2012 604 KB 1.4.0 Unbekannt
FTDownloader FTDownloader.com 12.12.2012 2.1 Build 26473 UNBEKANNT, NOTWENDIG?
Google Chrome Google Inc. 19.10.2012 27.0.1453.110 NOTWENDIG
Google Earth Google 23.03.2013 173 MB 7.0.3.8542 NOTWENDIG
Google Toolbar for Internet Explorer Google Inc. 19.01.2013 7.4.3607.2246 NOTWENDIG
IB Updater Service 02.06.2013 3.0.5.4 ^ UNBEKANNT
Intel(R) Control Center Intel Corporation 11.06.2013 1.2.1.1007 NOTWENDIG
Intel(R) Management Engine Components Intel Corporation 11.06.2013 7.0.0.1144 NOTWENDIG
Intel(R) Processor Graphics Intel Corporation 11.06.2013 8.15.10.2342 NOTWENDIG
Intel(R) Rapid Storage Technology Intel Corporation 11.06.2013 10.1.2.1004 NOTWENDIG
Internet Explorer Toolbar 4.6 by SweetPacks SweetIM Technologies Ltd. 12.12.2012 4,27 MB 4.6.0004 UNNÖTIG
McAfee SecurityCenter McAfee, Inc. 29.05.2013 11.6.511 NOTWENDIG
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 08.06.2012 38,8 MB 4.0.30319 NOTWENDIG
Microsoft .NET Framework 4 Extended Microsoft Corporation 08.06.2012 51,9 MB 4.0.30319 NOTWENDIG
Microsoft Office Home and Student 2010 Microsoft Corporation 20.10.2012 14.0.6029.1000 NOTWENDIG
Microsoft Silverlight Microsoft Corporation 14.03.2013 50,6 MB 5.1.20125.0 NOTWENDIG
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 04.07.2012 1,69 MB 3.1.0000 NOTWENDIG
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 20.10.2012 300 KB 8.0.61001 NOTWENDIG
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 04.07.2012 234 KB 9.0.30729 NOTWENDIG
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 04.07.2012 240 KB 9.0.30729 NOTWENDIG
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 04.07.2012 596 KB 9.0.30729.4148 NOTWENdIG
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 21.10.2012 600 KB 9.0.30729.6161 NOTWENDIG
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 24.10.2012 11,0 MB 10.0.30319 NOTWENDIG
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 21.10.2012 1,27 MB 4.20.9870.0 UNBEKANNT NOtWENDIG
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 21.10.2012 1,33 MB 4.20.9876.0 UNBEKANNT
My Dell PC-Doctor, Inc. 23.05.2013 128 MB 3.3.6261.27 NOTWENDIG
Nokia Connectivity Cable Driver Nokia 23.01.2013 3,96 MB 7.1.101.0 NOTWENDIG
Octoshape add-in for Adobe Flash Player 30.10.2012 NOTWENDIG NOTWENDIG
PC Connectivity Solution Nokia 23.01.2013 21,2 MB 12.0.76.0 NotWENDIG
Quickset64 Dell Inc. 04.07.2012 6,82 MB 10.09.25 NOTWENDIG
Realtek Ethernet Controller Driver Realtek 04.07.2012 7.45.516.2011 NOTWENDIG
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 04.07.2012 6.1.7600.30126 NOTWENDIG
Shared C Run-time for x64 McAfee 25.10.2012 2,78 MB 10.0.0 NOTWENDIG
Similarity 1.8.1 GAR Software 08.05.2013 4,92 MB 1.8.1626 NOTWENDIG
Skype™ 5.10 Skype Technologies S.A. 20.10.2012 19,4 MB 5.10.116 NOTWENDIG
SweetIM for Messenger 3.7 SweetIM Technologies Ltd. 12.12.2012 5,12 MB 3.7.0007 unnötig
SyncUP Nero AG 04.07.2012 288 MB 10.2.16500 NOTWENDIG
Update Manager for SweetPacks 1.1 SweetIM Technologies Ltd. 12.12.2012 2,76 MB 1.1.0008 unnötig
VideoStage 11.06.2013 NOTWENDIG
WildTangent-Spiele WildTangent 04.07.2012 1.0.2.5 Noch nie gespielt!Unbekannt! War aber immer drauf auf Laptop!
Windows Live Essentials Microsoft Corporation 04.07.2012 15.4.3508.1109 Notwendig
Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 04.07.2012 5,57 MB 15.4.5722.2 NOTWENDIG
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) Nokia 23.01.2013 05/31/2012 7.1.2.0 NOTWENDig
Yontoo 1.10.03 Yontoo LLC 10.10.2012 1,27 MB 1.10.03 UNBEKANNT
Zinio Reader 4 Zinio LLC 04.07.2012 4.2.4164 UNBEKANNT
Gruss solonia Hallo markusg! Ich habe da noch ein Fragen, was ich jetzt nebenbei machen darf. Gestern habe ich weiterhin im Internet gesurft, im Kindle gelesen, ein Buch von Amazon runtergeladen, meine Emails über Windows Live abgerufen, ein Microsoftkonto angelegt und angefangen, die PC-Daten wie Bilder, Dokumente auf einer CD gebrannt, zur Sicherung und das eine oder andere Dokumente per Word verfasst. Das mit der Datensicherung, war das eine blöde Idee? Sollte ich damit bis zum Ende der Reinigung warten und die gebrannte CD entsorgen? Ach ja, und das Surfen über Internet Explorer 10.0 geht nicht mehr, nur noch über Chrome seit gestern abend! Genauer gesagt, was darf ich nebenbei im Moment tun, was sollte ich möglichst lassen. Onlinebanking habe ich gestern nicht mehr gemacht! Okay, danke wie immer! S. |
|
11.06.2013, 12:17
| #12 |
| /// Malware-holic | Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: eBay Google Toolbar : bitte verzichte auf Toolbars, sind nur ein Zusatzrisiko, verlangsamen den Browser. IB Updater Internet Explorer Toolbar SweetIM Update Manager Yontoo Zinio öffne CCleaner, analysieren, starten, pcneustarten. surfen etc is ok, neu aufsetzen musst du nicht. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
ie auf Standard zurücksetzen. Zurücksetzen der Internet Explorer 7-Einstellungen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.06.2013, 13:42
| #13 |
| | Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! Hallo markusg, habe alle erwähnten Programme gelöscht! Adobe Reader und Flash Player gelöscht und neu instaliert! Fragen, bevor ich AdwCleaner runterlade: Adobe Air auch deinstall? Einstellungen bei Adobe Reader: alle vorgenommen, nur bei Sicherheit (erweitert), erweitere Sicherheit angehakt, jedoch was ist mit alle Dateien auswählen gemeint? Da sind keine! Da gibt es nur das Fenster "Dateien hinzufügen" weiter unten? So, jetzt lade ich schon mal den Cleaner runter. Den IE habe ich jetzt schon auf Standard zurückgesetzt und den PC neu gestartet. Ich hoffe, das war nicht zu voreilig, das ich das erst nach dem AdwCleanerlauf hätte tun sollen. Gruß und bis ... :-)! Solonia |
|
11.06.2013, 13:44
| #14 |
| /// Malware-holic | Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! hi sicherheit (erweitert) ausgewählt ist dateien aus potentiell unsicheren quellen, wähle dort alle. adobe air kann weg.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.06.2013, 14:00
| #15 |
| | Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! Hi nochmal, markusg! So, Adobe Air gelöscht, mit alle Dateien war bei Adobe X das Häkchen für alle geschützt offen. Habe ich gemacht. Habe den CCleaner analyzieren lassen, und dann neustarten, ohne das Kästchen Run Cleaner laufen zu lassen? Sorry, das ich nochmals nachfrage! Aber sicher ist sicher! S. |
|
| Themen zu Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! |
| administrator, autostart, booten, dateien, entfernen, explorer, festplatte, geld, homepage, logfile, logfiles, löschen, malwarebytes, neu, problem, programm, programme, security, starten, suche, trojaner, trojaner?, virus, virus?, window 7, ändern |
WARNUNG an die MITLESER: 
Linear-Darstellung
