Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: wssetup.exe bei jedem Computer Start

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.06.2013, 14:50   #1
x2Facex
 
wssetup.exe  bei jedem Computer Start - Standard

wssetup.exe bei jedem Computer Start



Hallo Trojaner-Board Community,

leider habe ich seit einigen Tagen das Problem, dass sich bei jedem Start WSS Setup öffnet und ich jetzt angst habe mir etwas eingefangen zu haben.

Ich habe zwar auch mein Anti Virus Programm (Avast, kostenlose Version) bereits durchlaufen lassen leider hat das nichts gebracht.

Unter diesem Topic: http://www.trojaner-board.de/136207-...stalliert.html

habe ich bereits nach einer Lösung gesucht aber eure Goldene Regel wollte ich nicht verletzen, daher bitte ich euch mir zu helfen.



Ich habe bereits AdwCleaner durchlaufen lassen hier der Bericht:

***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\ProgramData\DeviceVM
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\Users\2Face\AppData\Roaming\DeviceVM
Ordner Gelöscht : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Ordner Gelöscht : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Datei : C:\Users\2Face\AppData\Roaming\Mozilla\Firefox\Profiles\0srcexbt.default\prefs.js

Gelöscht : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,wrc%40avast.com:8.0.1489,%[...]

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\2Face\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [7775 octets] - [09/06/2013 15:33:52]

########## EOF - C:\AdwCleaner[S1].txt - [7835 octets] ##########


Hier auch der OTL Bericht:


OTL logfile created on: 09.06.2013 15:46:00 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\2Face\Desktop\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

15,90 Gb Total Physical Memory | 13,64 Gb Available Physical Memory | 85,83% Memory free
31,79 Gb Paging File | 29,28 Gb Available in Paging File | 92,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 19,89 Gb Free Space | 16,69% Space Free | Partition Type: NTFS
Drive D: | 2,85 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 931,51 Gb Total Space | 744,92 Gb Free Space | 79,97% Space Free | Partition Type: NTFS

Computer Name: 2FACE-PC | User Name: 2Face | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.06.09 15:36:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\2Face\Desktop\Downloads\OTL.exe
PRC - [2013.05.23 23:15:21 | 000,920,472 | ---- | M] (Mozilla Corporation) -- E:\Programme unter Windows\Mozilla Firefox\firefox.exe
PRC - [2013.05.16 21:53:11 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- E:\Programme unter Windows\Avast Free Antivirus\AvastUI.exe
PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- E:\Programme unter Windows\Avast Free Antivirus\AvastSvc.exe
PRC - [2013.02.27 12:24:29 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.08.19 00:28:01 | 005,019,360 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUSB\XFastUsb.exe
PRC - [2012.02.07 17:53:34 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.02.07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.02.07 17:52:04 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.02.07 17:27:24 | 000,121,344 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012.01.26 19:40:44 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.11.29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.05.19 11:10:22 | 000,909,824 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
PRC - [2011.03.22 10:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
PRC - [2010.11.20 14:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010.11.15 13:21:56 | 000,841,544 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
PRC - [2010.11.15 13:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe


========== Modules (No Company Name) ==========

MOD - [2013.05.23 23:15:21 | 003,128,728 | ---- | M] () -- E:\Programme unter Windows\Mozilla Firefox\mozjs.dll
MOD - [2013.05.16 21:53:11 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
MOD - [2013.05.16 10:49:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.16 10:49:08 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013.05.16 10:49:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.02.27 15:51:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.02.27 15:51:39 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\389a1832a3da11e1b409cd6ae60cb9fa\IAStorCommon.ni.dll
MOD - [2013.02.27 15:51:37 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c37cad9880fd222acaca3e78c3c19741\IAStorUtil.ni.dll
MOD - [2013.02.27 15:51:32 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.02.27 15:51:24 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.02.27 15:51:21 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.02.27 15:51:17 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013.01.28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013.01.28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.12.12 07:32:26 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012.10.05 12:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012.10.05 12:53:24 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012.08.31 12:59:19 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2012.02.11 01:31:42 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2012.02.11 01:31:41 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2012.02.11 01:31:40 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2011.05.04 16:32:20 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\de-DE\THXAudNB.resources.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010.11.05 03:58:10 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010.11.05 03:58:04 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010.11.05 03:57:46 | 000,610,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009.06.10 23:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.05.16 21:53:11 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- E:\Programme unter Windows\Avast Free Antivirus\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.02.27 12:24:29 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.12.14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.02.09 16:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
SRV - [2012.02.07 17:53:34 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.02.07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.02.07 17:52:04 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.02.07 17:27:24 | 000,121,344 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.02.02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.10.19 16:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Programme\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
SRV - [2011.03.22 10:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE)
SRV - [2010.11.15 13:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe -- (SCBackService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.06.09 15:34:52 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
DRV:64bit: - [2013.05.30 13:15:50 | 000,032,320 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2013.05.09 10:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.05.09 10:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.05.09 10:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.12.14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.09.10 10:41:06 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.08.19 00:28:01 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2012.07.17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.09 16:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2012.02.09 16:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)
DRV:64bit: - [2012.02.09 16:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)
DRV:64bit: - [2012.01.26 19:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.01.26 19:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.01.26 19:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.01.13 12:52:38 | 000,031,016 | ---- | M] (ASRock Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AsrRamDisk.sys -- (AsrRamDisk)
DRV:64bit: - [2011.11.29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.09.21 17:56:24 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2011.07.04 15:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed)
DRV:64bit: - [2011.05.10 16:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2011.05.09 21:42:14 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 16:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.03.04 16:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.11.18 01:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:splashtopconnect
IE - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 56 FD AB AC 7E CD 01 [binary data]
IE - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
IE - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000\..\SearchScopes\{4D4BC5BC-AE86-4df4-A3C2-A62C2D07295D}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=PROTOSV
IE - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000\..\SearchScopes\{51EFA4E9-8137-4aea-BF9D-3EBFB42DAA4A}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4107735745&ie=UTF-8&q=&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4107735745&q={searchTerms}
IE - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Programme unter Windows\Itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.4: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: E:\Programme unter Windows\Avast Free Antivirus\WebRep\FF [2013.05.23 23:12:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: E:\Programme unter Windows\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: E:\Programme unter Windows\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: E:\Programme unter Windows\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: E:\Programme unter Windows\Mozilla Firefox\plugins

[2012.08.20 10:33:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\2Face\AppData\Roaming\mozilla\Extensions
[2013.05.30 13:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\2Face\AppData\Roaming\mozilla\Firefox\Profiles\0srcexbt.default\extensions
[2013.05.30 13:16:42 | 000,000,000 | ---D | M] (DDBAC Plug-In) -- C:\Users\2Face\AppData\Roaming\mozilla\Firefox\Profiles\0srcexbt.default\extensions\{271A3CF5-5A54-447B-A08F-BE805F0DA60A}
[2012.11.16 15:01:56 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\2Face\AppData\Roaming\mozilla\firefox\profiles\0srcexbt.default\extensions\DivXWebPlayer@divx.com.xpi
[2013.05.23 23:12:02 | 000,000,000 | ---D | M] (avast! Online Security) -- E:\PROGRAMME UNTER WINDOWS\AVAST FREE ANTIVIRUS\WEBREP\FF

========== Chrome ==========

CHR - homepage: hxxp://www.google.com
CHR - Extension: Docs = C:\Users\2Face\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\2Face\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\2Face\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\2Face\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\2Face\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - E:\Programme unter Windows\Avast Free Antivirus\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Programme unter Windows\Avast Free Antivirus\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - E:\Programme unter Windows\Avast Free Antivirus\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Programme unter Windows\Avast Free Antivirus\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [XFast LAN] C:\Programme\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] E:\Programme unter Windows\Avast Free Antivirus\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] E:\Programme unter Windows\ATI.ACE\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [STCAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe (Splashtop Inc.)
O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [XFastUSB] C:\Program Files (x86)\XFastUSB\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000..\Run: [ASRockXTU] File not found
O4 - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000..\Run: [zASRockInstantBoot] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\2Face\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk = C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2114312325-3313927327-4253881512-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{345874A7-9D59-49CD-8BED-BAC6E98A70D0}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BC42012-CBD0-4161-92E7-1D3CDB3E56D1}: DhcpNameServer = 10.74.210.210 10.74.210.211
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.01.05 21:30:20 | 000,000,039 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{fe67fd91-e9b2-11e1-8276-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fe67fd91-e9b2-11e1-8276-806e6f6e6963}\Shell\AutoRun\command - "" = D:\ASRSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.06.03 00:11:06 | 000,000,000 | ---D | C] -- C:\Users\2Face\Documents\IAmAlive
[2013.06.03 00:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2013.06.02 23:47:51 | 000,000,000 | ---D | C] -- C:\Users\2Face\Documents\Amazon Downloader Logs
[2013.06.02 16:04:08 | 000,000,000 | ---D | C] -- C:\Users\2Face\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013.06.02 15:59:30 | 000,033,792 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2013.06.02 15:59:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\jmdp
[2013.06.02 15:59:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ARFC
[2013.06.01 14:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.06.01 14:59:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.06.01 14:59:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.06.01 14:59:28 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.05.30 13:17:41 | 000,000,000 | ---D | C] -- C:\Users\2Face\AppData\Roaming\DataDesign
[2013.05.30 13:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DataDesign
[2013.05.23 23:14:36 | 000,000,000 | ---D | C] -- C:\Users\2Face\AppData\Local\Google
[2013.05.23 23:13:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.05.17 00:15:17 | 000,000,000 | ---D | C] -- C:\Users\2Face\AppData\Local\Chromium
[2013.05.17 00:15:13 | 000,000,000 | ---D | C] -- C:\Users\2Face\Documents\Rockstar Games
[2013.05.16 23:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2013.05.16 22:26:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Rockstar Games
[2013.05.16 18:29:47 | 000,000,000 | ---D | C] -- C:\Users\2Face\AppData\Roaming\elsterformular
[2013.05.16 18:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2013.05.16 18:29:21 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.06.09 15:41:55 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.09 15:41:55 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.09 15:40:45 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.09 15:40:45 | 000,654,072 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.09 15:40:45 | 000,615,954 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.09 15:40:45 | 000,129,944 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.09 15:40:45 | 000,106,334 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.09 15:34:52 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2013.06.09 15:34:52 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013.06.09 15:34:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.09 15:34:44 | 4211,900,414 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.09 14:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.09 14:41:04 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.06.09 14:41:04 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.06.09 13:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013.06.09 02:16:07 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.06.02 16:04:08 | 000,000,798 | ---- | M] () -- C:\Users\2Face\Desktop\Uplay.lnk
[2013.06.01 14:59:34 | 000,001,594 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.30 13:15:50 | 000,032,320 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS
[2013.05.23 23:12:02 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.05.21 15:31:12 | 001,447,728 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe
[2013.05.21 15:30:18 | 000,033,792 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2013.05.16 19:24:55 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013.05.16 10:48:40 | 000,276,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.06.02 16:04:08 | 000,000,798 | ---- | C] () -- C:\Users\2Face\Desktop\Uplay.lnk
[2013.06.02 15:59:30 | 001,447,728 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe
[2013.06.01 14:59:34 | 000,001,594 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.16 19:24:55 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.12.14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.12.14 03:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.12.14 03:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.10.03 16:57:02 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.08.24 18:05:01 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.24 18:05:00 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.08.20 11:19:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.08.20 11:17:38 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.08.20 11:17:38 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.08.20 11:17:38 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.08.19 00:28:59 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2012.08.19 00:28:59 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2012.08.19 00:28:59 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2012.08.19 00:28:58 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.08.19 00:28:58 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.08.19 00:28:06 | 000,000,003 | ---- | C] () -- C:\Users\2Face\AppData\Local\user_data.ini
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.03.19 23:37:12 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.03.19 23:37:12 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.04.10 12:04:37 | 000,000,000 | ---D | M] -- C:\Users\2Face\AppData\Roaming\Bioshock2
[2013.05.30 13:17:41 | 000,000,000 | ---D | M] -- C:\Users\2Face\AppData\Roaming\DataDesign
[2013.05.16 18:30:05 | 000,000,000 | ---D | M] -- C:\Users\2Face\AppData\Roaming\elsterformular
[2013.03.03 17:28:09 | 000,000,000 | ---D | M] -- C:\Users\2Face\AppData\Roaming\Fatshark
[2012.08.20 21:58:11 | 000,000,000 | ---D | M] -- C:\Users\2Face\AppData\Roaming\LolClient
[2013.06.09 01:48:25 | 000,000,000 | ---D | M] -- C:\Users\2Face\AppData\Roaming\Origin
[2012.08.20 10:35:51 | 000,000,000 | ---D | M] -- C:\Users\2Face\AppData\Roaming\Splashtop

========== Purity Check ==========



< End of report >



Schon mal vorab vielen Dank für eure Zeit!

MFG

x2Facex

Alt 09.06.2013, 14:56   #2
markusg
/// Malware-holic
 
wssetup.exe  bei jedem Computer Start - Standard

wssetup.exe bei jedem Computer Start



hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 09.06.2013, 15:16   #3
x2Facex
 
wssetup.exe  bei jedem Computer Start - Standard

wssetup.exe bei jedem Computer Start



Hallo Markusg,

Danke für deine schnelle Hilfe:

da ich zwei Reports bekommen habe poste ich dir beide:

1.

16:13:19.0886 1700 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:13:20.0006 1700 ============================================================
16:13:20.0006 1700 Current date / time: 2013/06/09 16:13:20.0006
16:13:20.0006 1700 SystemInfo:
16:13:20.0006 1700
16:13:20.0006 1700 OS Version: 6.1.7601 ServicePack: 1.0
16:13:20.0006 1700 Product type: Workstation
16:13:20.0006 1700 ComputerName: 2FACE-PC
16:13:20.0006 1700 UserName: 2Face
16:13:20.0006 1700 Windows directory: C:\Windows
16:13:20.0006 1700 System windows directory: C:\Windows
16:13:20.0006 1700 Running under WOW64
16:13:20.0006 1700 Processor architecture: Intel x64
16:13:20.0006 1700 Number of processors: 4
16:13:20.0006 1700 Page size: 0x1000
16:13:20.0006 1700 Boot type: Normal boot
16:13:20.0007 1700 ============================================================
16:13:20.0207 1700 Drive \Device\Harddisk1\DR1 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:13:20.0216 1700 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:13:20.0220 1700 ============================================================
16:13:20.0220 1700 \Device\Harddisk1\DR1:
16:13:20.0220 1700 MBR partitions:
16:13:20.0220 1700 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:13:20.0220 1700 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
16:13:20.0220 1700 \Device\Harddisk0\DR0:
16:13:20.0220 1700 MBR partitions:
16:13:20.0220 1700 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
16:13:20.0220 1700 ============================================================
16:13:20.0221 1700 C: <-> \Device\Harddisk1\DR1\Partition2
16:13:20.0248 1700 E: <-> \Device\Harddisk0\DR0\Partition1
16:13:20.0248 1700 ============================================================
16:13:20.0248 1700 Initialize success
16:13:20.0248 1700 ============================================================
16:13:38.0699 0204 Deinitialize success



2.



16:13:53.0489 4876 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:13:53.0611 4876 ============================================================
16:13:53.0611 4876 Current date / time: 2013/06/09 16:13:53.0611
16:13:53.0611 4876 SystemInfo:
16:13:53.0611 4876
16:13:53.0611 4876 OS Version: 6.1.7601 ServicePack: 1.0
16:13:53.0611 4876 Product type: Workstation
16:13:53.0611 4876 ComputerName: 2FACE-PC
16:13:53.0611 4876 UserName: 2Face
16:13:53.0611 4876 Windows directory: C:\Windows
16:13:53.0611 4876 System windows directory: C:\Windows
16:13:53.0611 4876 Running under WOW64
16:13:53.0611 4876 Processor architecture: Intel x64
16:13:53.0611 4876 Number of processors: 4
16:13:53.0611 4876 Page size: 0x1000
16:13:53.0611 4876 Boot type: Normal boot
16:13:53.0611 4876 ============================================================
16:13:53.0784 4876 Drive \Device\Harddisk1\DR1 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:13:53.0784 4876 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:13:53.0787 4876 ============================================================
16:13:53.0787 4876 \Device\Harddisk1\DR1:
16:13:53.0787 4876 MBR partitions:
16:13:53.0787 4876 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:13:53.0787 4876 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
16:13:53.0787 4876 \Device\Harddisk0\DR0:
16:13:53.0787 4876 MBR partitions:
16:13:53.0787 4876 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
16:13:53.0787 4876 ============================================================
16:13:53.0789 4876 C: <-> \Device\Harddisk1\DR1\Partition2
16:13:53.0789 4876 E: <-> \Device\Harddisk0\DR0\Partition1
16:13:53.0789 4876 ============================================================
16:13:53.0789 4876 Initialize success
16:13:53.0789 4876 ============================================================
16:14:06.0494 5696 ============================================================
16:14:06.0494 5696 Scan started
16:14:06.0494 5696 Mode: Manual; SigCheck; TDLFS;
16:14:06.0494 5696 ============================================================
16:14:06.0582 5696 ================ Scan system memory ========================
16:14:06.0582 5696 System memory - ok
16:14:06.0583 5696 ================ Scan services =============================
16:14:06.0613 5696 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:14:06.0651 5696 1394ohci - ok
16:14:06.0656 5696 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:14:06.0666 5696 ACPI - ok
16:14:06.0668 5696 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:14:06.0678 5696 AcpiPmi - ok
16:14:06.0701 5696 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:14:06.0708 5696 AdobeFlashPlayerUpdateSvc - ok
16:14:06.0715 5696 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:14:06.0728 5696 adp94xx - ok
16:14:06.0733 5696 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:14:06.0744 5696 adpahci - ok
16:14:06.0747 5696 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:14:06.0756 5696 adpu320 - ok
16:14:06.0759 5696 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:14:06.0780 5696 AeLookupSvc - ok
16:14:06.0786 5696 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:14:06.0798 5696 AFD - ok
16:14:06.0801 5696 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:14:06.0808 5696 agp440 - ok
16:14:06.0811 5696 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:14:06.0820 5696 ALG - ok
16:14:06.0822 5696 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:14:06.0828 5696 aliide - ok
16:14:06.0833 5696 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:14:06.0844 5696 AMD External Events Utility - ok
16:14:06.0847 5696 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:14:06.0853 5696 amdide - ok
16:14:06.0856 5696 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:14:06.0864 5696 AmdK8 - ok
16:14:06.0937 5696 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:14:07.0040 5696 amdkmdag - ok
16:14:07.0048 5696 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:14:07.0061 5696 amdkmdap - ok
16:14:07.0063 5696 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:14:07.0072 5696 AmdPPM - ok
16:14:07.0075 5696 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:14:07.0082 5696 amdsata - ok
16:14:07.0086 5696 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:14:07.0094 5696 amdsbs - ok
16:14:07.0096 5696 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:14:07.0102 5696 amdxata - ok
16:14:07.0105 5696 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:14:07.0125 5696 AppID - ok
16:14:07.0127 5696 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:14:07.0149 5696 AppIDSvc - ok
16:14:07.0152 5696 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
16:14:07.0161 5696 Appinfo - ok
16:14:07.0165 5696 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:14:07.0173 5696 Apple Mobile Device - ok
16:14:07.0176 5696 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:14:07.0183 5696 arc - ok
16:14:07.0186 5696 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:14:07.0193 5696 arcsas - ok
16:14:07.0195 5696 [ 4DFF4312661F54EE87DC9A13CAEE60E0 ] asahci64 C:\Windows\system32\DRIVERS\asahci64.sys
16:14:07.0205 5696 asahci64 - ok
16:14:07.0208 5696 [ 6FE3237C1177E66437E7AD0E8AC1A6E5 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
16:14:07.0218 5696 asmthub3 - ok
16:14:07.0223 5696 [ C4043E39A2ABBC56581CA25DF161E9F7 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
16:14:07.0234 5696 asmtxhci - ok
16:14:07.0236 5696 [ E1AFEE1584C74050DE0DD16DE2A54BF3 ] AsrAppCharger C:\Windows\system32\DRIVERS\AsrAppCharger.sys
16:14:07.0242 5696 AsrAppCharger - ok
16:14:07.0245 5696 [ 0C3F9E39C0B10D351026D580D9FF6F86 ] AsrRamDisk C:\Windows\system32\DRIVERS\AsrRamDisk.sys
16:14:07.0250 5696 AsrRamDisk - ok
16:14:07.0253 5696 [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
16:14:07.0259 5696 aswFsBlk - ok
16:14:07.0262 5696 [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
16:14:07.0269 5696 aswMonFlt - ok
16:14:07.0271 5696 [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
16:14:07.0278 5696 aswRdr - ok
16:14:07.0281 5696 [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
16:14:07.0287 5696 aswRvrt - ok
16:14:07.0298 5696 [ 10ED1CAB84AA65983C41A11F60294C9B ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
16:14:07.0312 5696 aswSnx - ok
16:14:07.0318 5696 [ 00E5253353717D3CA12A0F5A6F9991EC ] aswSP C:\Windows\system32\drivers\aswSP.sys
16:14:07.0327 5696 aswSP - ok
16:14:07.0330 5696 [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
16:14:07.0336 5696 aswTdi - ok
16:14:07.0340 5696 [ 6359B99C955DB9F40B653159A0EED261 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
16:14:07.0347 5696 aswVmm - ok
16:14:07.0349 5696 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:14:07.0370 5696 AsyncMac - ok
16:14:07.0373 5696 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:14:07.0379 5696 atapi - ok
16:14:07.0383 5696 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
16:14:07.0391 5696 AtiHDAudioService - ok
16:14:07.0399 5696 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:14:07.0424 5696 AudioEndpointBuilder - ok
16:14:07.0430 5696 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:14:07.0453 5696 AudioSrv - ok
16:14:07.0576 5696 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus E:\Programme unter Windows\Avast Free Antivirus\AvastSvc.exe
16:14:07.0590 5696 avast! Antivirus - ok
16:14:07.0595 5696 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:14:07.0616 5696 AxInstSV - ok
16:14:07.0623 5696 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:14:07.0636 5696 b06bdrv - ok
16:14:07.0642 5696 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:14:07.0654 5696 b57nd60a - ok
16:14:07.0659 5696 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:14:07.0669 5696 BDESVC - ok
16:14:07.0671 5696 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:14:07.0692 5696 Beep - ok
16:14:07.0701 5696 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:14:07.0726 5696 BFE - ok
16:14:07.0736 5696 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
16:14:07.0765 5696 BITS - ok
16:14:07.0767 5696 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:14:07.0776 5696 blbdrive - ok
16:14:07.0783 5696 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:14:07.0793 5696 Bonjour Service - ok
16:14:07.0796 5696 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:14:07.0804 5696 bowser - ok
16:14:07.0807 5696 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:14:07.0816 5696 BrFiltLo - ok
16:14:07.0818 5696 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:14:07.0827 5696 BrFiltUp - ok
16:14:07.0831 5696 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:14:07.0840 5696 Browser - ok
16:14:07.0844 5696 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:14:07.0855 5696 Brserid - ok
16:14:07.0857 5696 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:14:07.0867 5696 BrSerWdm - ok
16:14:07.0869 5696 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:14:07.0878 5696 BrUsbMdm - ok
16:14:07.0880 5696 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:14:07.0889 5696 BrUsbSer - ok
16:14:07.0891 5696 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:14:07.0901 5696 BTHMODEM - ok
16:14:07.0904 5696 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:14:07.0925 5696 bthserv - ok
16:14:07.0928 5696 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:14:07.0949 5696 cdfs - ok
16:14:07.0952 5696 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
16:14:07.0962 5696 cdrom - ok
16:14:07.0965 5696 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:14:07.0985 5696 CertPropSvc - ok
16:14:08.0000 5696 [ 33B82CF69E41B38A2EC0C3CABDE80D6E ] cFosSpeed C:\Windows\system32\DRIVERS\cfosspeed6.sys
16:14:08.0019 5696 cFosSpeed - ok
16:14:08.0025 5696 [ A469854CD303A39162931FA770EA45A2 ] cFosSpeedS C:\Program Files\ASRock\XFast LAN\spd.exe
16:14:08.0034 5696 cFosSpeedS - ok
16:14:08.0037 5696 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:14:08.0047 5696 circlass - ok
16:14:08.0052 5696 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:14:08.0062 5696 CLFS - ok
16:14:08.0068 5696 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:14:08.0075 5696 clr_optimization_v2.0.50727_32 - ok
16:14:08.0080 5696 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:14:08.0087 5696 clr_optimization_v2.0.50727_64 - ok
16:14:08.0095 5696 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:14:08.0102 5696 clr_optimization_v4.0.30319_32 - ok
16:14:08.0108 5696 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:14:08.0115 5696 clr_optimization_v4.0.30319_64 - ok
16:14:08.0117 5696 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:14:08.0125 5696 CmBatt - ok
16:14:08.0128 5696 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:14:08.0134 5696 cmdide - ok
16:14:08.0140 5696 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
16:14:08.0154 5696 CNG - ok
16:14:08.0157 5696 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:14:08.0163 5696 Compbatt - ok
16:14:08.0165 5696 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:14:08.0175 5696 CompositeBus - ok
16:14:08.0177 5696 COMSysApp - ok
16:14:08.0182 5696 [ 815F3180B5117E42E422188E9CCC89C6 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
16:14:08.0191 5696 cphs - ok
16:14:08.0193 5696 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:14:08.0200 5696 crcdisk - ok
16:14:08.0204 5696 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:14:08.0214 5696 CryptSvc - ok
16:14:08.0221 5696 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:14:08.0247 5696 DcomLaunch - ok
16:14:08.0251 5696 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:14:08.0275 5696 defragsvc - ok
16:14:08.0278 5696 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:14:08.0298 5696 DfsC - ok
16:14:08.0303 5696 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:14:08.0315 5696 Dhcp - ok
16:14:08.0317 5696 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:14:08.0338 5696 discache - ok
16:14:08.0341 5696 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:14:08.0347 5696 Disk - ok
16:14:08.0351 5696 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:14:08.0362 5696 Dnscache - ok
16:14:08.0366 5696 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:14:08.0388 5696 dot3svc - ok
16:14:08.0392 5696 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:14:08.0413 5696 DPS - ok
16:14:08.0415 5696 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:14:08.0424 5696 drmkaud - ok
16:14:08.0434 5696 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:14:08.0448 5696 DXGKrnl - ok
16:14:08.0451 5696 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:14:08.0473 5696 EapHost - ok
16:14:08.0498 5696 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:14:08.0534 5696 ebdrv - ok
16:14:08.0537 5696 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:14:08.0546 5696 EFS - ok
16:14:08.0555 5696 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:14:08.0570 5696 ehRecvr - ok
16:14:08.0573 5696 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:14:08.0582 5696 ehSched - ok
16:14:08.0588 5696 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:14:08.0600 5696 elxstor - ok
16:14:08.0603 5696 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:14:08.0611 5696 ErrDev - ok
16:14:08.0618 5696 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:14:08.0642 5696 EventSystem - ok
16:14:08.0646 5696 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:14:08.0668 5696 exfat - ok
16:14:08.0672 5696 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:14:08.0694 5696 fastfat - ok
16:14:08.0702 5696 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:14:08.0716 5696 Fax - ok
16:14:08.0719 5696 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:14:08.0728 5696 fdc - ok
16:14:08.0730 5696 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:14:08.0751 5696 fdPHost - ok
16:14:08.0753 5696 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:14:08.0775 5696 FDResPub - ok
16:14:08.0777 5696 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:14:08.0784 5696 FileInfo - ok
16:14:08.0786 5696 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:14:08.0807 5696 Filetrace - ok
16:14:08.0809 5696 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:14:08.0816 5696 flpydisk - ok
16:14:08.0821 5696 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:14:08.0830 5696 FltMgr - ok
16:14:08.0833 5696 [ 508401A63E6B1CBF0B9C9A011498731F ] FNETTBOH_305 C:\Windows\system32\drivers\FNETTBOH_305.SYS
16:14:08.0839 5696 FNETTBOH_305 - ok
16:14:08.0841 5696 [ 7C3C4B4C951EC1BDFD4F769D05E2CC68 ] FNETURPX C:\Windows\system32\drivers\FNETURPX.SYS
16:14:08.0846 5696 FNETURPX - ok
16:14:08.0857 5696 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
16:14:08.0875 5696 FontCache - ok
16:14:08.0878 5696 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:14:08.0883 5696 FontCache3.0.0.0 - ok
16:14:08.0886 5696 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:14:08.0893 5696 FsDepends - ok
16:14:08.0895 5696 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:14:08.0901 5696 Fs_Rec - ok
16:14:08.0905 5696 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:14:08.0915 5696 fvevol - ok
16:14:08.0917 5696 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:14:08.0924 5696 gagp30kx - ok
16:14:08.0927 5696 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:14:08.0932 5696 GEARAspiWDM - ok
16:14:08.0941 5696 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:14:08.0967 5696 gpsvc - ok
16:14:08.0970 5696 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:14:08.0978 5696 hcw85cir - ok
16:14:08.0983 5696 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:14:08.0995 5696 HdAudAddService - ok
16:14:08.0998 5696 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:14:09.0008 5696 HDAudBus - ok
16:14:09.0010 5696 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:14:09.0019 5696 HidBatt - ok
16:14:09.0021 5696 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:14:09.0032 5696 HidBth - ok
16:14:09.0034 5696 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:14:09.0043 5696 HidIr - ok
16:14:09.0046 5696 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:14:09.0067 5696 hidserv - ok
16:14:09.0069 5696 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:14:09.0077 5696 HidUsb - ok
16:14:09.0080 5696 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:14:09.0101 5696 hkmsvc - ok
16:14:09.0105 5696 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:14:09.0115 5696 HomeGroupListener - ok
16:14:09.0120 5696 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:14:09.0137 5696 HomeGroupProvider - ok
16:14:09.0150 5696 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:14:09.0158 5696 HpSAMD - ok
16:14:09.0166 5696 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:14:09.0192 5696 HTTP - ok
16:14:09.0194 5696 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:14:09.0200 5696 hwpolicy - ok
16:14:09.0203 5696 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:14:09.0212 5696 i8042prt - ok
16:14:09.0219 5696 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:14:09.0229 5696 iaStor - ok
16:14:09.0233 5696 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:14:09.0239 5696 IAStorDataMgrSvc - ok
16:14:09.0244 5696 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:14:09.0255 5696 iaStorV - ok
16:14:09.0264 5696 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:14:09.0279 5696 idsvc - ok
16:14:09.0315 5696 [ 348214F96642FD4FEF630DE021BA3540 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:14:09.0368 5696 igfx - ok
16:14:09.0371 5696 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:14:09.0377 5696 iirsp - ok
16:14:09.0380 5696 [ 67999A9D34A0B2479381E7A61AFC37AB ] ikbevent C:\Windows\system32\DRIVERS\ikbevent.sys
16:14:09.0386 5696 ikbevent - ok
16:14:09.0395 5696 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:14:09.0423 5696 IKEEXT - ok
16:14:09.0425 5696 [ DDAE90DD5BDAC53C8C5CD5B82FC1F1B4 ] imsevent C:\Windows\system32\DRIVERS\imsevent.sys
16:14:09.0431 5696 imsevent - ok
16:14:09.0464 5696 [ F242E36CDA231701CFA702641C20FAEC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:14:09.0507 5696 IntcAzAudAddService - ok
16:14:09.0517 5696 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
16:14:09.0529 5696 Intel(R) Capability Licensing Service Interface - ok
16:14:09.0532 5696 [ 709C8623721A1F1EF388EA75A07EC33B ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
16:14:09.0536 5696 Intel(R) ME Service ( UnsignedFile.Multi.Generic ) - warning
16:14:09.0536 5696 Intel(R) ME Service - detected UnsignedFile.Multi.Generic (1)
16:14:09.0538 5696 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:14:09.0545 5696 intelide - ok
16:14:09.0547 5696 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:14:09.0555 5696 intelppm - ok
16:14:09.0558 5696 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:14:09.0580 5696 IPBusEnum - ok
16:14:09.0583 5696 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:14:09.0603 5696 IpFilterDriver - ok
16:14:09.0609 5696 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:14:09.0622 5696 iphlpsvc - ok
16:14:09.0625 5696 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:14:09.0634 5696 IPMIDRV - ok
16:14:09.0637 5696 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:14:09.0658 5696 IPNAT - ok
16:14:09.0666 5696 [ 2872B90D57C8310194A78A9787406467 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:14:09.0677 5696 iPod Service - ok
16:14:09.0680 5696 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:14:09.0690 5696 IRENUM - ok
16:14:09.0692 5696 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:14:09.0699 5696 isapnp - ok
16:14:09.0703 5696 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:14:09.0712 5696 iScsiPrt - ok
16:14:09.0714 5696 [ 970995B7C36F4408ED31C3BF204FE1F5 ] ISCT C:\Windows\system32\DRIVERS\ISCTD64.sys
16:14:09.0720 5696 ISCT - ok
16:14:09.0724 5696 [ 6F60B7AD044924B8C1E32D692C593612 ] ISCTAgent C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
16:14:09.0730 5696 ISCTAgent - ok
16:14:09.0732 5696 [ 6BCEF45131C8B8E1C558BE540B190B3C ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
16:14:09.0738 5696 iusb3hcs - ok
16:14:09.0743 5696 [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
16:14:09.0751 5696 iusb3hub - ok
16:14:09.0760 5696 [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
16:14:09.0771 5696 iusb3xhc - ok
16:14:09.0774 5696 [ C44B44E24B929631D9D7368F5B2B40CF ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
16:14:09.0781 5696 jhi_service - ok
16:14:09.0787 5696 [ 455B75C19BF3F1F2EE3AC10E1169826C ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
16:14:09.0796 5696 k57nd60a - ok
16:14:09.0798 5696 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:14:09.0805 5696 kbdclass - ok
16:14:09.0807 5696 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:14:09.0815 5696 kbdhid - ok
16:14:09.0817 5696 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:14:09.0825 5696 KeyIso - ok
16:14:09.0828 5696 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:14:09.0835 5696 KSecDD - ok
16:14:09.0838 5696 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:14:09.0846 5696 KSecPkg - ok
16:14:09.0848 5696 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:14:09.0869 5696 ksthunk - ok
16:14:09.0874 5696 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:14:09.0898 5696 KtmRm - ok
16:14:09.0903 5696 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:14:09.0926 5696 LanmanServer - ok
16:14:09.0929 5696 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:14:09.0951 5696 LanmanWorkstation - ok
16:14:09.0955 5696 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:14:09.0975 5696 lltdio - ok
16:14:09.0979 5696 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:14:10.0004 5696 lltdsvc - ok
16:14:10.0005 5696 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:14:10.0027 5696 lmhosts - ok
16:14:10.0031 5696 [ 75F29D77B0540FCF47EE3BE000BBABDA ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:14:10.0040 5696 LMS - ok
16:14:10.0043 5696 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:14:10.0051 5696 LSI_FC - ok
16:14:10.0054 5696 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:14:10.0061 5696 LSI_SAS - ok
16:14:10.0064 5696 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:14:10.0070 5696 LSI_SAS2 - ok
16:14:10.0073 5696 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:14:10.0081 5696 LSI_SCSI - ok
16:14:10.0084 5696 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:14:10.0105 5696 luafv - ok
16:14:10.0107 5696 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys
16:14:10.0113 5696 MBfilt - ok
16:14:10.0116 5696 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:14:10.0126 5696 Mcx2Svc - ok
16:14:10.0128 5696 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:14:10.0135 5696 megasas - ok
16:14:10.0139 5696 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:14:10.0148 5696 MegaSR - ok
16:14:10.0151 5696 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:14:10.0157 5696 MEIx64 - ok
16:14:10.0159 5696 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:14:10.0181 5696 MMCSS - ok
16:14:10.0183 5696 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:14:10.0203 5696 Modem - ok
16:14:10.0205 5696 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:14:10.0214 5696 monitor - ok
16:14:10.0216 5696 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:14:10.0223 5696 mouclass - ok
16:14:10.0225 5696 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:14:10.0234 5696 mouhid - ok
16:14:10.0236 5696 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:14:10.0244 5696 mountmgr - ok
16:14:10.0247 5696 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:14:10.0255 5696 mpio - ok
16:14:10.0257 5696 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:14:10.0278 5696 mpsdrv - ok
16:14:10.0287 5696 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:14:10.0315 5696 MpsSvc - ok
16:14:10.0318 5696 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:14:10.0330 5696 MRxDAV - ok
16:14:10.0334 5696 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:14:10.0342 5696 mrxsmb - ok
16:14:10.0347 5696 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:14:10.0357 5696 mrxsmb10 - ok
16:14:10.0360 5696 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:14:10.0368 5696 mrxsmb20 - ok
16:14:10.0370 5696 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:14:10.0377 5696 msahci - ok
16:14:10.0380 5696 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:14:10.0388 5696 msdsm - ok
16:14:10.0391 5696 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:14:10.0402 5696 MSDTC - ok
16:14:10.0405 5696 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:14:10.0426 5696 Msfs - ok
16:14:10.0428 5696 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:14:10.0448 5696 mshidkmdf - ok
16:14:10.0450 5696 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:14:10.0456 5696 msisadrv - ok
16:14:10.0460 5696 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:14:10.0482 5696 MSiSCSI - ok
16:14:10.0484 5696 msiserver - ok
16:14:10.0486 5696 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:14:10.0507 5696 MSKSSRV - ok
16:14:10.0509 5696 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:14:10.0530 5696 MSPCLOCK - ok
16:14:10.0532 5696 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:14:10.0552 5696 MSPQM - ok
16:14:10.0557 5696 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:14:10.0567 5696 MsRPC - ok
16:14:10.0570 5696 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:14:10.0576 5696 mssmbios - ok
16:14:10.0579 5696 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:14:10.0599 5696 MSTEE - ok
16:14:10.0601 5696 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:14:10.0609 5696 MTConfig - ok
16:14:10.0611 5696 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:14:10.0617 5696 Mup - ok
16:14:10.0623 5696 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:14:10.0647 5696 napagent - ok
16:14:10.0652 5696 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:14:10.0665 5696 NativeWifiP - ok
16:14:10.0675 5696 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:14:10.0691 5696 NDIS - ok
16:14:10.0694 5696 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:14:10.0714 5696 NdisCap - ok
16:14:10.0716 5696 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:14:10.0737 5696 NdisTapi - ok
16:14:10.0739 5696 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:14:10.0759 5696 Ndisuio - ok
16:14:10.0763 5696 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:14:10.0784 5696 NdisWan - ok
16:14:10.0787 5696 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:14:10.0806 5696 NDProxy - ok
16:14:10.0809 5696 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
16:14:10.0816 5696 Netaapl - ok
16:14:10.0818 5696 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:14:10.0839 5696 NetBIOS - ok
16:14:10.0843 5696 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:14:10.0865 5696 NetBT - ok
16:14:10.0867 5696 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:14:10.0875 5696 Netlogon - ok
16:14:10.0880 5696 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:14:10.0904 5696 Netman - ok
16:14:10.0910 5696 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:14:10.0936 5696 netprofm - ok
16:14:10.0938 5696 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:14:10.0945 5696 NetTcpPortSharing - ok
16:14:10.0948 5696 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:14:10.0954 5696 nfrd960 - ok
16:14:10.0959 5696 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:14:10.0970 5696 NlaSvc - ok
16:14:10.0972 5696 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:14:10.0993 5696 Npfs - ok
16:14:10.0995 5696 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:14:11.0017 5696 nsi - ok
16:14:11.0019 5696 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:14:11.0039 5696 nsiproxy - ok
16:14:11.0054 5696 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:14:11.0078 5696 Ntfs - ok
16:14:11.0080 5696 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:14:11.0101 5696 Null - ok
16:14:11.0104 5696 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:14:11.0112 5696 nvraid - ok
16:14:11.0115 5696 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:14:11.0123 5696 nvstor - ok
16:14:11.0126 5696 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:14:11.0134 5696 nv_agp - ok
16:14:11.0136 5696 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:14:11.0145 5696 ohci1394 - ok
16:14:11.0150 5696 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:14:11.0161 5696 p2pimsvc - ok
16:14:11.0167 5696 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:14:11.0179 5696 p2psvc - ok
16:14:11.0182 5696 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:14:11.0190 5696 Parport - ok
16:14:11.0193 5696 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:14:11.0200 5696 partmgr - ok
16:14:11.0203 5696 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:14:11.0216 5696 PcaSvc - ok
16:14:11.0219 5696 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:14:11.0228 5696 pci - ok
16:14:11.0230 5696 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:14:11.0236 5696 pciide - ok
16:14:11.0240 5696 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:14:11.0249 5696 pcmcia - ok
16:14:11.0251 5696 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:14:11.0258 5696 pcw - ok
16:14:11.0265 5696 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:14:11.0291 5696 PEAUTH - ok
16:14:11.0311 5696 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:14:11.0320 5696 PerfHost - ok
16:14:11.0335 5696 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:14:11.0369 5696 pla - ok
16:14:11.0375 5696 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:14:11.0387 5696 PlugPlay - ok
16:14:11.0390 5696 PnkBstrA - ok
16:14:11.0392 5696 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:14:11.0401 5696 PNRPAutoReg - ok
16:14:11.0406 5696 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:14:11.0416 5696 PNRPsvc - ok
16:14:11.0422 5696 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:14:11.0447 5696 PolicyAgent - ok
16:14:11.0451 5696 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:14:11.0474 5696 Power - ok
16:14:11.0477 5696 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:14:11.0498 5696 PptpMiniport - ok
16:14:11.0500 5696 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:14:11.0509 5696 Processor - ok
16:14:11.0513 5696 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:14:11.0523 5696 ProfSvc - ok
16:14:11.0525 5696 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:14:11.0533 5696 ProtectedStorage - ok
16:14:11.0536 5696 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:14:11.0557 5696 Psched - ok
16:14:11.0570 5696 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:14:11.0593 5696 ql2300 - ok
16:14:11.0596 5696 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:14:11.0604 5696 ql40xx - ok
16:14:11.0608 5696 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:14:11.0622 5696 QWAVE - ok
16:14:11.0624 5696 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:14:11.0635 5696 QWAVEdrv - ok
16:14:11.0637 5696 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:14:11.0657 5696 RasAcd - ok
16:14:11.0660 5696 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:14:11.0681 5696 RasAgileVpn - ok
16:14:11.0684 5696 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:14:11.0706 5696 RasAuto - ok
16:14:11.0710 5696 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:14:11.0731 5696 Rasl2tp - ok
16:14:11.0736 5696 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:14:11.0761 5696 RasMan - ok
16:14:11.0764 5696 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:14:11.0785 5696 RasPppoe - ok
16:14:11.0788 5696 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:14:11.0810 5696 RasSstp - ok
16:14:11.0815 5696 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:14:11.0838 5696 rdbss - ok
16:14:11.0840 5696 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:14:11.0850 5696 rdpbus - ok
16:14:11.0852 5696 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:14:11.0873 5696 RDPCDD - ok
16:14:11.0877 5696 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:14:11.0897 5696 RDPENCDD - ok
16:14:11.0900 5696 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:14:11.0920 5696 RDPREFMP - ok
16:14:11.0924 5696 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:14:11.0932 5696 RdpVideoMiniport - ok
16:14:11.0935 5696 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:14:11.0945 5696 RDPWD - ok
16:14:11.0949 5696 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:14:11.0957 5696 rdyboost - ok
16:14:11.0960 5696 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:14:11.0982 5696 RemoteAccess - ok
16:14:11.0985 5696 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:14:12.0008 5696 RemoteRegistry - ok
16:14:12.0011 5696 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:14:12.0034 5696 RpcEptMapper - ok
16:14:12.0036 5696 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:14:12.0045 5696 RpcLocator - ok
16:14:12.0051 5696 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:14:12.0074 5696 RpcSs - ok
16:14:12.0077 5696 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:14:12.0098 5696 rspndr - ok
16:14:12.0100 5696 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:14:12.0108 5696 SamSs - ok
16:14:12.0111 5696 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:14:12.0118 5696 sbp2port - ok
16:14:12.0122 5696 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:14:12.0145 5696 SCardSvr - ok
16:14:12.0152 5696 [ 8475E746EB72D04F1015E6F091F50E09 ] SCBackService C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
16:14:12.0162 5696 SCBackService - ok
16:14:12.0165 5696 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:14:12.0185 5696 scfilter - ok
16:14:12.0195 5696 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:14:12.0226 5696 Schedule - ok
16:14:12.0229 5696 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:14:12.0248 5696 SCPolicySvc - ok
16:14:12.0252 5696 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:14:12.0263 5696 SDRSVC - ok
16:14:12.0265 5696 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:14:12.0285 5696 secdrv - ok
16:14:12.0288 5696 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:14:12.0309 5696 seclogon - ok
16:14:12.0312 5696 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:14:12.0334 5696 SENS - ok
16:14:12.0336 5696 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:14:12.0346 5696 SensrSvc - ok
16:14:12.0348 5696 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:14:12.0356 5696 Serenum - ok
16:14:12.0358 5696 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:14:12.0367 5696 Serial - ok
16:14:12.0369 5696 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:14:12.0378 5696 sermouse - ok
16:14:12.0383 5696 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:14:12.0405 5696 SessionEnv - ok
16:14:12.0407 5696 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:14:12.0415 5696 sffdisk - ok
16:14:12.0417 5696 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:14:12.0425 5696 sffp_mmc - ok
16:14:12.0427 5696 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:14:12.0437 5696 sffp_sd - ok
16:14:12.0439 5696 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:14:12.0447 5696 sfloppy - ok
16:14:12.0452 5696 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:14:12.0476 5696 SharedAccess - ok
16:14:12.0481 5696 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:14:12.0505 5696 ShellHWDetection - ok
16:14:12.0508 5696 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:14:12.0515 5696 SiSRaid2 - ok
16:14:12.0517 5696 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:14:12.0524 5696 SiSRaid4 - ok
16:14:12.0527 5696 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:14:12.0548 5696 Smb - ok
16:14:12.0552 5696 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:14:12.0562 5696 SNMPTRAP - ok
16:14:12.0565 5696 [ 0FFE35F0B0CD5A324BBE22F02569AE3B ] speedfan C:\Windows\syswow64\speedfan.sys
16:14:12.0572 5696 speedfan - ok
16:14:12.0574 5696 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:14:12.0581 5696 spldr - ok
16:14:12.0587 5696 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:14:12.0601 5696 Spooler - ok
16:14:12.0626 5696 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:14:12.0677 5696 sppsvc - ok
16:14:12.0680 5696 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:14:12.0702 5696 sppuinotify - ok
16:14:12.0708 5696 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:14:12.0720 5696 srv - ok
16:14:12.0725 5696 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:14:12.0737 5696 srv2 - ok
16:14:12.0740 5696 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:14:12.0750 5696 srvnet - ok
16:14:12.0753 5696 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:14:12.0776 5696 SSDPSRV - ok
16:14:12.0779 5696 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:14:12.0801 5696 SstpSvc - ok
16:14:12.0803 5696 Steam Client Service - ok
16:14:12.0805 5696 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:14:12.0812 5696 stexstor - ok
16:14:12.0818 5696 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:14:12.0835 5696 stisvc - ok
16:14:12.0837 5696 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
16:14:12.0844 5696 swenum - ok
16:14:12.0850 5696 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:14:12.0876 5696 swprv - ok
16:14:12.0890 5696 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:14:12.0917 5696 SysMain - ok
16:14:12.0920 5696 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:14:12.0933 5696 TabletInputService - ok
16:14:12.0937 5696 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:14:12.0960 5696 TapiSrv - ok
16:14:12.0963 5696 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:14:12.0985 5696 TBS - ok
16:14:13.0001 5696 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:14:13.0027 5696 Tcpip - ok
16:14:13.0041 5696 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:14:13.0063 5696 TCPIP6 - ok
16:14:13.0066 5696 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:14:13.0074 5696 tcpipreg - ok
16:14:13.0077 5696 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:14:13.0085 5696 TDPIPE - ok
16:14:13.0087 5696 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:14:13.0095 5696 TDTCP - ok
16:14:13.0098 5696 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:14:13.0118 5696 tdx - ok
16:14:13.0121 5696 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:14:13.0127 5696 TermDD - ok
16:14:13.0135 5696 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:14:13.0162 5696 TermService - ok
16:14:13.0164 5696 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:14:13.0177 5696 Themes - ok
16:14:13.0179 5696 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:14:13.0200 5696 THREADORDER - ok
16:14:13.0203 5696 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:14:13.0226 5696 TrkWks - ok
16:14:13.0230 5696 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:14:13.0251 5696 TrustedInstaller - ok
16:14:13.0254 5696 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:14:13.0274 5696 tssecsrv - ok
16:14:13.0276 5696 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:14:13.0285 5696 TsUsbFlt - ok
16:14:13.0288 5696 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:14:13.0309 5696 tunnel - ok
16:14:13.0312 5696 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:14:13.0319 5696 uagp35 - ok
16:14:13.0324 5696 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:14:13.0347 5696 udfs - ok
16:14:13.0351 5696 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:14:13.0361 5696 UI0Detect - ok
16:14:13.0364 5696 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:14:13.0371 5696 uliagpkx - ok
16:14:13.0373 5696 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:14:13.0381 5696 umbus - ok
16:14:13.0384 5696 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:14:13.0391 5696 UmPass - ok
16:14:13.0398 5696 [ 193AD338F2A64D17300AD640ADFA5D0A ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:14:13.0407 5696 UNS - ok
16:14:13.0412 5696 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:14:13.0436 5696 upnphost - ok
16:14:13.0439 5696 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:14:13.0446 5696 USBAAPL64 - ok
16:14:13.0449 5696 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:14:13.0457 5696 usbccgp - ok
16:14:13.0460 5696 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:14:13.0470 5696 usbcir - ok
16:14:13.0472 5696 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:14:13.0480 5696 usbehci - ok
16:14:13.0485 5696 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:14:13.0496 5696 usbhub - ok
16:14:13.0498 5696 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:14:13.0506 5696 usbohci - ok
16:14:13.0508 5696 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:14:13.0518 5696 usbprint - ok
16:14:13.0521 5696 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:14:13.0530 5696 usbscan - ok
16:14:13.0532 5696 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:14:13.0540 5696 USBSTOR - ok
16:14:13.0543 5696 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:14:13.0551 5696 usbuhci - ok
16:14:13.0553 5696 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:14:13.0575 5696 UxSms - ok
16:14:13.0577 5696 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:14:13.0586 5696 VaultSvc - ok
16:14:13.0588 5696 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:14:13.0594 5696 vdrvroot - ok
16:14:13.0601 5696 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:14:13.0626 5696 vds - ok
16:14:13.0628 5696 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:14:13.0638 5696 vga - ok
16:14:13.0640 5696 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:14:13.0660 5696 VgaSave - ok
16:14:13.0664 5696 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:14:13.0673 5696 vhdmp - ok
16:14:13.0675 5696 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:14:13.0682 5696 viaide - ok
16:14:13.0684 5696 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:14:13.0691 5696 volmgr - ok
16:14:13.0696 5696 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:14:13.0706 5696 volmgrx - ok
16:14:13.0711 5696 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:14:13.0720 5696 volsnap - ok
16:14:13.0724 5696 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:14:13.0732 5696 vsmraid - ok
16:14:13.0746 5696 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:14:13.0780 5696 VSS - ok
16:14:13.0782 5696 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:14:13.0792 5696 vwifibus - ok
16:14:13.0797 5696 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:14:13.0821 5696 W32Time - ok
16:14:13.0825 5696 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:14:13.0833 5696 WacomPen - ok
16:14:13.0836 5696 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:14:13.0856 5696 WANARP - ok
16:14:13.0858 5696 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:14:13.0877 5696 Wanarpv6 - ok
16:14:13.0890 5696 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:14:13.0912 5696 wbengine - ok
16:14:13.0916 5696 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:14:13.0929 5696 WbioSrvc - ok
16:14:13.0934 5696 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:14:13.0949 5696 wcncsvc - ok
16:14:13.0952 5696 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:14:13.0961 5696 WcsPlugInService - ok
16:14:13.0969 5696 [ 147C60622CB53E901EFD8BB6D44A4C46 ] WCUService_STC_IE C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
16:14:13.0978 5696 WCUService_STC_IE - ok
16:14:13.0980 5696 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:14:13.0987 5696 Wd - ok
16:14:13.0996 5696 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:14:14.0011 5696 Wdf01000 - ok
16:14:14.0014 5696 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:14:14.0027 5696 WdiServiceHost - ok
16:14:14.0029 5696 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:14:14.0041 5696 WdiSystemHost - ok
16:14:14.0045 5696 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:14:14.0059 5696 WebClient - ok
16:14:14.0063 5696 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:14:14.0087 5696 Wecsvc - ok
16:14:14.0090 5696 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:14:14.0113 5696 wercplsupport - ok
16:14:14.0116 5696 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:14:14.0138 5696 WerSvc - ok
16:14:14.0140 5696 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:14:14.0160 5696 WfpLwf - ok
16:14:14.0163 5696 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:14:14.0170 5696 WIMMount - ok
16:14:14.0171 5696 WinDefend - ok
16:14:14.0174 5696 WinHttpAutoProxySvc - ok
16:14:14.0184 5696 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:14:14.0206 5696 Winmgmt - ok
16:14:14.0223 5696 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:14:14.0262 5696 WinRM - ok
16:14:14.0266 5696 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:14:14.0276 5696 WinUsb - ok
16:14:14.0286 5696 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:14:14.0305 5696 Wlansvc - ok
16:14:14.0326 5696 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:14:14.0355 5696 wlidsvc - ok
16:14:14.0358 5696 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:14:14.0366 5696 WmiAcpi - ok
16:14:14.0371 5696 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:14:14.0381 5696 wmiApSrv - ok
16:14:14.0382 5696 WMPNetworkSvc - ok
16:14:14.0385 5696 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:14:14.0394 5696 WPCSvc - ok
16:14:14.0397 5696 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:14:14.0408 5696 WPDBusEnum - ok
16:14:14.0410 5696 [ 7CA09731EB7FC99B910C7F239E57720F ] WPRO_41_2001 C:\Windows\system32\drivers\WPRO_41_2001.sys
16:14:14.0416 5696 WPRO_41_2001 - ok
16:14:14.0418 5696 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:14:14.0439 5696 ws2ifsl - ok
16:14:14.0442 5696 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
16:14:14.0454 5696 wscsvc - ok
16:14:14.0456 5696 WSearch - ok
16:14:14.0475 5696 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:14:14.0509 5696 wuauserv - ok
16:14:14.0512 5696 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:14:14.0521 5696 WudfPf - ok
16:14:14.0525 5696 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:14:14.0534 5696 WUDFRd - ok
16:14:14.0537 5696 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:14:14.0547 5696 wudfsvc - ok
16:14:14.0551 5696 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
16:14:14.0562 5696 WwanSvc - ok
16:14:14.0565 5696 ================ Scan global ===============================
16:14:14.0567 5696 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:14:14.0571 5696 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:14:14.0577 5696 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:14:14.0581 5696 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:14:14.0587 5696 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:14:14.0590 5696 [Global] - ok
16:14:14.0590 5696 ================ Scan MBR ==================================
16:14:14.0592 5696 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:14:14.0686 5696 \Device\Harddisk1\DR1 - ok
16:14:14.0689 5696 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:14:14.0735 5696 \Device\Harddisk0\DR0 - ok
16:14:14.0736 5696 ================ Scan VBR ==================================
16:14:14.0738 5696 [ D4EF3BDE08F48D40FF78B682C33965D3 ] \Device\Harddisk1\DR1\Partition1
16:14:14.0740 5696 \Device\Harddisk1\DR1\Partition1 - ok
16:14:14.0742 5696 [ BC4C10495C899A65E0CD1EFCA003BC0E ] \Device\Harddisk1\DR1\Partition2
16:14:14.0743 5696 \Device\Harddisk1\DR1\Partition2 - ok
16:14:14.0746 5696 [ A4AD29AEA01A1E9032D91B95E9D394D5 ] \Device\Harddisk0\DR0\Partition1
16:14:14.0748 5696 \Device\Harddisk0\DR0\Partition1 - ok
16:14:14.0749 5696 ============================================================
16:14:14.0749 5696 Scan finished
16:14:14.0749 5696 ============================================================
16:14:14.0756 3928 Detected object count: 1
16:14:14.0756 3928 Actual detected object count: 1
16:14:38.0436 3928 Intel(R) ME Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:14:38.0436 3928 Intel(R) ME Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:14:50.0196 4832 Deinitialize success
__________________

Alt 09.06.2013, 15:17   #4
markusg
/// Malware-holic
 
wssetup.exe  bei jedem Computer Start - Standard

wssetup.exe bei jedem Computer Start



Passt
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.06.2013, 15:40   #5
x2Facex
 
wssetup.exe  bei jedem Computer Start - Standard

wssetup.exe bei jedem Computer Start



Hier der Combofix Bericht:


ein neustart hat Combofix nicht gemacht.





Combofix Logfile:
Code:
ATTFilter
ComboFix 13-06-08.02 - 2Face 09.06.2013  16:36:18.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.16278.14214 [GMT 2:00]
ausgeführt von:: c:\users\2Face\Desktop\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-09 bis 2013-06-09  ))))))))))))))))))))))))))))))
.
.
2013-06-09 14:38 . 2013-06-09 14:38	--------	d-----w-	c:\users\hedev\AppData\Local\temp
2013-06-09 14:38 . 2013-06-09 14:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-07 14:19 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3831F00E-CF6D-4A27-97A8-DDDF020EA094}\mpengine.dll
2013-06-02 22:10 . 2013-06-02 22:10	--------	d-----w-	c:\programdata\Solidshield
2013-06-02 13:59 . 2013-06-02 13:59	--------	d-----w-	c:\windows\SysWow64\jmdp
2013-06-02 13:59 . 2013-06-02 13:59	--------	d-----w-	c:\windows\SysWow64\ARFC
2013-06-02 13:59 . 2013-05-21 13:31	1447728	----a-w-	c:\windows\system32\dmwu.exe
2013-06-02 13:59 . 2013-05-21 13:30	33792	----a-w-	c:\windows\system32\ImHttpComm.dll
2013-06-01 12:59 . 2013-06-01 12:59	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-01 12:59 . 2013-06-01 12:59	--------	d-----w-	c:\program files\iTunes
2013-06-01 12:59 . 2013-06-01 12:59	--------	d-----w-	c:\program files\iPod
2013-05-30 11:17 . 2013-05-30 11:17	--------	d-----w-	c:\users\2Face\AppData\Roaming\DataDesign
2013-05-30 11:17 . 2013-05-30 11:17	--------	d-----w-	c:\program files (x86)\Common Files\DataDesign
2013-05-30 10:44 . 2013-03-19 05:53	48640	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-05-30 10:44 . 2013-03-19 05:53	230400	----a-w-	c:\windows\system32\wwansvc.dll
2013-05-30 10:44 . 2013-01-24 06:01	223752	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-05-23 21:14 . 2013-05-23 21:14	--------	d-----w-	c:\users\2Face\AppData\Local\Google
2013-05-23 21:13 . 2013-05-23 21:15	--------	d-----w-	c:\program files (x86)\Google
2013-05-16 22:15 . 2013-05-16 22:15	--------	d-----w-	c:\users\2Face\AppData\Local\Chromium
2013-05-16 21:58 . 2013-05-16 21:58	--------	d-----w-	c:\program files (x86)\Rockstar Games
2013-05-16 20:26 . 2013-05-16 20:26	--------	d-----w-	c:\programdata\Rockstar Games
2013-05-16 16:29 . 2013-05-16 16:30	--------	d-----w-	c:\users\2Face\AppData\Roaming\elsterformular
2013-05-16 16:29 . 2013-05-16 16:29	--------	d-----w-	c:\programdata\elsterformular
2013-05-16 08:48 . 2013-06-09 14:21	94656	----a-w-	c:\windows\system32\WPRO_41_2001woem.tmp
2013-05-15 14:28 . 2013-04-10 06:01	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 14:28 . 2013-04-10 06:01	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 14:28 . 2011-02-03 11:25	144384	----a-w-	c:\windows\system32\cdd.dll
2013-05-15 14:28 . 2013-02-27 05:52	14172672	----a-w-	c:\windows\system32\shell32.dll
2013-05-15 14:28 . 2013-02-27 05:52	197120	----a-w-	c:\windows\system32\shdocvw.dll
2013-05-15 14:28 . 2013-02-27 05:48	1930752	----a-w-	c:\windows\system32\authui.dll
2013-05-15 14:28 . 2013-02-27 06:02	111448	----a-w-	c:\windows\system32\consent.exe
2013-05-15 14:28 . 2013-02-27 05:47	70144	----a-w-	c:\windows\system32\appinfo.dll
2013-05-15 14:28 . 2013-02-27 04:49	1796096	----a-w-	c:\windows\SysWow64\authui.dll
2013-05-15 14:28 . 2013-04-10 03:30	3153920	----a-w-	c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-09 14:21 . 2012-08-18 22:27	34752	----a-w-	c:\windows\system32\drivers\WPRO_41_2001.sys
2013-06-09 12:41 . 2012-08-24 17:35	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-06-09 12:41 . 2012-08-24 16:05	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-06-09 00:16 . 2012-08-24 16:05	291088	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-05-30 11:15 . 2012-09-26 00:05	32320	----a-w-	c:\windows\system32\drivers\FNETTBOH_305.SYS
2013-05-16 19:53 . 2012-08-20 08:21	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-16 19:53 . 2012-08-20 08:21	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 19:16 . 2012-08-20 08:04	75016696	----a-w-	c:\windows\system32\MRT.exe
2013-05-09 08:59 . 2013-03-06 19:55	65336	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-03-06 19:55	189936	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2012-08-20 09:28	72016	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2012-08-20 09:28	64288	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2012-08-20 09:28	378432	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2012-08-20 09:28	1025808	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2012-08-20 09:28	33400	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2012-08-20 09:28	80816	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2012-08-20 09:28	41664	----a-w-	c:\windows\avastSS.scr
2013-05-09 08:58 . 2012-08-20 09:28	287840	----a-w-	c:\windows\system32\aswBoot.exe
2013-05-02 00:06 . 2012-08-20 08:00	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-30 10:44	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-30 10:44	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-30 10:44	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-30 10:44	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-30 10:44	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-30 10:44	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-25 15:06	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-03-29 02:01 . 2013-03-29 02:01	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-29 02:01 . 2013-03-29 02:01	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-03-29 02:01 . 2013-03-29 02:01	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-03-29 02:01 . 2013-03-29 02:01	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-03-29 02:01 . 2013-03-29 02:01	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-03-29 02:01 . 2013-03-29 02:01	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-03-29 02:01 . 2013-03-29 02:01	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-03-29 02:01 . 2013-03-29 02:01	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-03-29 02:01 . 2013-03-29 02:01	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-03-29 02:01 . 2013-03-29 02:01	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-03-29 02:01 . 2013-03-29 02:01	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-03-29 02:01 . 2013-03-29 02:01	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-03-29 02:01 . 2013-03-29 02:01	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-03-29 02:01 . 2013-03-29 02:01	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-03-29 02:01 . 2013-03-29 02:01	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-03-29 02:01 . 2013-03-29 02:01	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-29 02:01 . 2013-03-29 02:01	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-03-29 02:01 . 2013-03-29 02:01	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-03-29 02:01 . 2013-03-29 02:01	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-03-29 02:01 . 2013-03-29 02:01	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-03-29 02:01 . 2013-03-29 02:01	81408	----a-w-	c:\windows\system32\icardie.dll
2013-03-29 02:01 . 2013-03-29 02:01	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-03-29 02:01 . 2013-03-29 02:01	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-03-29 02:01 . 2013-03-29 02:01	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-03-29 02:01 . 2013-03-29 02:01	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-03-29 02:01 . 2013-03-29 02:01	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-03-29 02:01 . 2013-03-29 02:01	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-03-29 02:01 . 2013-03-29 02:01	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-03-29 02:01 . 2013-03-29 02:01	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-03-29 02:01 . 2013-03-29 02:01	441856	----a-w-	c:\windows\system32\html.iec
2013-03-29 02:01 . 2013-03-29 02:01	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-03-29 02:01 . 2013-03-29 02:01	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-29 02:01 . 2013-03-29 02:01	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-03-29 02:01 . 2013-03-29 02:01	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-03-29 02:01 . 2013-03-29 02:01	235008	----a-w-	c:\windows\system32\url.dll
2013-03-29 02:01 . 2013-03-29 02:01	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-03-29 02:01 . 2013-03-29 02:01	216064	----a-w-	c:\windows\system32\msls31.dll
2013-03-29 02:01 . 2013-03-29 02:01	197120	----a-w-	c:\windows\system32\msrating.dll
2013-03-29 02:01 . 2013-03-29 02:01	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-03-29 02:01 . 2013-03-29 02:01	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-03-29 02:01 . 2013-03-29 02:01	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-03-29 02:01 . 2013-03-29 02:01	149504	----a-w-	c:\windows\system32\occache.dll
2013-03-29 02:01 . 2013-03-29 02:01	144896	----a-w-	c:\windows\system32\wextract.exe
2013-03-29 02:01 . 2013-03-29 02:01	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-03-29 02:01 . 2013-03-29 02:01	13824	----a-w-	c:\windows\system32\mshta.exe
2013-03-29 02:01 . 2013-03-29 02:01	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-03-29 02:01 . 2013-03-29 02:01	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-03-29 02:01 . 2013-03-29 02:01	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-03-29 02:01 . 2013-03-29 02:01	102912	----a-w-	c:\windows\system32\inseng.dll
2013-03-29 02:00 . 2013-03-29 02:00	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-29 02:00 . 2013-03-29 02:00	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-29 02:00 . 2013-03-29 02:00	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2013-03-29 02:00 . 2013-03-29 02:00	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2013-03-29 02:00 . 2013-03-29 02:00	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-29 02:00 . 2013-03-29 02:00	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-29 02:00 . 2013-03-29 02:00	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-29 02:00 . 2013-03-29 02:00	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-29 02:00 . 2013-03-29 02:00	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-03-29 02:00 . 2013-03-29 02:00	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-03-29 02:00 . 2013-03-29 02:00	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-03-29 02:00 . 2013-03-29 02:00	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-29 02:00 . 2013-03-29 02:00	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-29 02:00 . 2013-03-29 02:00	3928064	----a-w-	c:\windows\system32\d2d1.dll
2013-03-29 02:00 . 2013-03-29 02:00	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-03-29 02:00 . 2013-03-29 02:00	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-03-29 02:00 . 2013-03-29 02:00	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-29 02:00 . 2013-03-29 02:00	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-29 02:00 . 2013-03-29 02:00	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2013-03-29 02:00 . 2013-03-29 02:00	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-03-29 02:00 . 2013-03-29 02:00	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-29 02:00 . 2013-03-29 02:00	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-29 02:00 . 2013-03-29 02:00	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-29 02:00 . 2013-03-29 02:00	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-29 02:00 . 2013-03-29 02:00	296960	----a-w-	c:\windows\system32\d3d10core.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]
"XFastUSB"="c:\program files (x86)\XFastUSB\XFastUsb.exe" [2012-08-18 5019360]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-01-21 776064]
"ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
"avast"="e:\programme unter windows\Avast Free Antivirus\avastUI.exe" [2013-05-09 4858968]
"StartCCC"="e:\programme unter windows\ATI.ACE\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"iTunesHelper"="e:\programme unter windows\Itunes\iTunesHelper.exe" [2013-05-15 152392]
.
c:\users\2Face\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung SSD Magician.lnk - c:\program files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe [2012-8-19 2056192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS;c:\windows\SYSNATIVE\drivers\FNETTBOH_305.SYS [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys;c:\windows\SYSNATIVE\DRIVERS\AsrRamDisk.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS;c:\windows\SYSNATIVE\drivers\FNETURPX.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-20 19:53]
.
2013-06-09 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
2013-06-09 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	133840	----a-w-	e:\programme unter windows\Avast Free Antivirus\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824]
"XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-10-19 1441152]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:splashtopconnect
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-ASRockXTU - (no file)
Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2114312325-3313927327-4253881512-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:60,71,46,47,b0,c3,1c,34,38,0b,20,2c,39,67,a3,b9,f8,2c,97,19,6a,a5,2c,
   c7,de,6c,cc,d7,1a,ee,38,92,c8,8b,f3,a4,a5,23,d2,8c,9a,a4,26,a5,8b,75,31,94,\
"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b
.
[HKEY_USERS\S-1-5-21-2114312325-3313927327-4253881512-1000\Software\SecuROM\License information*]
"datasecu"=hex:95,74,f9,92,30,c5,89,27,9e,18,bb,e4,a4,2e,52,8a,3c,74,e2,60,e5,
   7b,49,cb,aa,5c,8c,ef,0e,0e,00,8a,a1,ab,27,c0,8b,5a,cd,c8,77,22,2b,e1,38,76,\
"rkeysecu"=hex:42,41,35,b4,96,7f,05,e0,7c,cf,51,84,35,fb,0e,d5
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-09  16:39:20
ComboFix-quarantined-files.txt  2013-06-09 14:39
.
Vor Suchlauf: 10 Verzeichnis(se), 22.553.628.672 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 22.595.407.872 Bytes frei
.
- - End Of File - - B8D44A918092366EB0D4A7775F4778C7
         
--- --- ---
D41D8CD98F00B204E9800998ECF8427E


Alt 09.06.2013, 18:05   #6
markusg
/// Malware-holic
 
wssetup.exe  bei jedem Computer Start - Standard

wssetup.exe bei jedem Computer Start



Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
--> wssetup.exe bei jedem Computer Start

Alt 10.06.2013, 10:25   #7
x2Facex
 
wssetup.exe  bei jedem Computer Start - Standard

wssetup.exe bei jedem Computer Start



hi Markusg,

habe dir den Bericht von Malwarebytes angehangen:



Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.06.09.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
2Face :: 2FACE-PC [Administrator]

09.06.2013 20:19:46
mbam-log-2013-06-09 (20-19-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 364245
Laufzeit: 18 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 10.06.2013, 10:44   #8
markusg
/// Malware-holic
 
wssetup.exe  bei jedem Computer Start - Standard

wssetup.exe bei jedem Computer Start



Hi,

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.06.2013, 16:50   #9
x2Facex
 
wssetup.exe  bei jedem Computer Start - Standard

wssetup.exe bei jedem Computer Start



Hallo, anbei die gewünschte Liste


Crysis(R) Electronic Arts 03.10.2012 6,40GB 1.00.0000 Notwendig
Darksiders II Vigil Games 22.12.2012 Notwendig
DDBAC DataDesign 30.05.2013 8,84MB 5.3.0 Unbekannt
Diablo III Blizzard Entertainment 09.06.2013 1.0.8.16603 Notwendig
ESN Sonar ESN Social Software AB 14.05.2013 0.70.4 Unbekannt
Far Cry 3 Ubisoft 27.02.2013 1.05 Notwendig
Geeks3D.com FurMark 1.10.6 Geeks3D.com 13.04.2013 7,04MB Unbekannt
I Am Alive Ubisoft 03.06.2013 2,01GB 1.01.0 Notwendig
Intel(R) Control Center Intel Corporation 19.08.2012 1.2.1.1007
Intel(R) Manageability Engine Firmware Recovery Agent Intel Corporation 19.08.2012 54,8MB 1.0.0.35342 Unbekannt
Intel(R) Management Engine Components Intel Corporation 19.08.2012 8.0.2.1410 Unbekannt
Intel(R) Processor Graphics Intel Corporation 27.02.2013 9.17.10.2932 Unbekannt
Intel(R) Rapid Storage Technology Intel Corporation 19.08.2012 11.0.0.1032 Unbekannt
Intel(R) Smart Connect Technology 2.0 x64 Intel 19.08.2012 6,03MB 2.0.1083.0 Unbekannt
Intel(R) USB 3.0 eXtensible Host Controller Driver Intel Corporation 26.01.2012 1.0.3.214 Unbekannt
Intel® Trusted Connect Service Client Intel Corporation 19.08.2012 10,6MB 1.23.605.1 Unbekannt
iTunes Apple Inc. 01.06.2013 187MB 11.0.3.42 Unbekannt
League of Legends Riot Games 03.04.2013 1.3 Notwendig
Mafia II 2K Czech 20.08.2012 Notwendig
Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 09.06.2013 19,2MB 1.75.0.1300 Notwendig
Max Payne 3 Rockstar Games 16.05.2013 1.0.0.0 Notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 31.10.2012 38,8MB 4.0.30319 Notwendig
Microsoft Games for Windows - LIVE Microsoft Corporation 04.04.2013 8,31MB 3.1.186.0 Notwendig
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 23.12.2012 31,3MB 3.5.92.0 Notwendig
Microsoft Silverlight Microsoft Corporation 13.03.2013 100MB 5.1.20125.0 Unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 24.12.2012 300KB 8.0.59193 Unbekannt
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 03.10.2012 708KB 8.0.61000 Unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 21.08.2012 252KB 9.0.30729 Unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 19.08.2012 788KB 9.0.30729.4148 Unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 24.12.2012 786KB 9.0.30729.6161 Unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 24.08.2012 240KB 9.0.30729 Unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 19.08.2012 596KB 9.0.30729.4148 Unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 24.12.2012 598KB 9.0.30729.6161 Unbekannt
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 27.02.2013 13,7MB 10.0.30319 Unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 24.12.2012 12,2MB 10.0.40219 Unbekannt
Mozilla Firefox 21.0 (x86 de) Mozilla 24.05.2013 44,5MB 21.0 Notwendig
NVIDIA PhysX NVIDIA Corporation 21.08.2012 78,9MB 9.10.0513 Unbekannt
Origin Electronic Arts, Inc. 24.08.2012 9.0.2.2065 Notwendig
Pando Media Booster Pando Networks Inc. 20.08.2012 5,46MB 2.6.0.8 Unbekannt
PlanetSide 2 Sony Online Entertainment 30.11.2012 Nicht notwendig
PunkBuster Services Even Balance, Inc. 27.02.2013 0.993 Notwendig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 19.08.2012 6.0.1.6559 Notwendig
Rockstar Games Social Club Rockstar Games 16.05.2013 1.1.0.1 Notwendig
Samsung SSD Magician Samsung Electronics 19.08.2012 35,4MB 3.1 Notwendig
SpeedFan (remove only) 17.04.2013 Notwendig
Splashtop Connect IE Splashtop Inc. 20.08.2012 1.1.12.1 Unbekannt
Star Wars: The Old Republic Electronic Arts, Inc. 19.01.2013 27,2MB 1.00 Notwendig
Steam Valve Corporation 20.08.2012 42,2MB 1.0.0.0 Notwendig
TeamSpeak 3 Client TeamSpeak Systems GmbH 21.08.2012 3.0.6 Notwendig
The Elder Scrolls V: Skyrim Bethesda Game Studios 24.10.2012 Notwendig
THX TruStudio Creative Technology Limited 19.08.2012 1.00.01 Notwendig
Uplay Ubisoft 09.06.2013 3.0 Notwendig
Warhammer 40,000: Dawn of War - Game of the Year Edition Relic 29.12.2012 Nicht notwendig
Warhammer 40,000: Dawn of War – Dark Crusade Relic 29.12.2012 Nicht notwendig
Warhammer 40,000: Dawn of War – Winter Assault Relic 29.12.2012 Nicht notwendig
Warhammer® 40,000™: Dawn of War® II Relic 22.12.2012 Nicht notwendig
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ Relic 23.12.2012 Nicht notwendig
Warhammer® 40,000™: Dawn of War® II – Retribution™ Relic 22.12.2012 Nicht notwendig
Windows Live ID Sign-in Assistant Microsoft Corporation 23.12.2012 10,0MB 6.500.3165.0 Nicht notwendig
XFast LAN v6.61 cFos Software GmbH, Bonn 19.08.2012 6.61 Notwendig
XFastUSB ASRock Inc. 19.08.2012 3.02.28 Notwendig

Alt 10.06.2013, 19:12   #10
markusg
/// Malware-holic
 
wssetup.exe  bei jedem Computer Start - Standard

wssetup.exe bei jedem Computer Start



deine liste is nich vollständig denke ich.
beginnt erst ab c
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.06.2013, 19:46   #11
x2Facex
 
wssetup.exe  bei jedem Computer Start - Standard

wssetup.exe bei jedem Computer Start



Acrobat.com Adobe Systems Incorporated 19.08.2012 1.1.377 Notwendig
Adobe AIR Adobe Systems Incorporated 17.05.2013 3.7.0.1860 Notwendig
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 15.05.2013 6,00MB 11.7.700.202 Notwendig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 16.05.2013 6,00MB 11.7.700.202 Notwendig
Adobe Reader 9 Adobe Systems Incorporated 19.08.2012 202MB 9.0.0
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 26.01.2013 26,3MB 8.0.903.0 Notwendig
Apple Application Support Apple Inc. 01.06.2013 64,7MB 2.3.4 Notwendig?
Apple Mobile Device Support Apple Inc. 17.04.2013 25,2MB 6.1.0.13 Notwendig?
Apple Software Update Apple Inc. 17.04.2013 2,38MB 2.1.3.127 Notwendig?
Asmedia ASM104x USB 3.0 Host Controller Driver Asmedia Technology 19.08.2012 2,22MB 1.10.1.0
Asmedia ASM106x SATA Host Controller Driver Asmedia Technology 19.08.2012 96,0KB 1.3.1.000 Notwendig?
ASRock App Charger v1.0.5 ASRock Inc. 19.08.2012 1,32MB Notwendig
ASRock eXtreme Tuner v0.1.181 19.08.2012 21,8MB Notwendig
ASRock InstantBoot v1.29 19.08.2012 Unbekannt
ASRock SmartConnect v1.0.6 ASRock Inc. 19.08.2012 3,00MB Unbekannt
ASRock XFast RAM v2.0.9 ASRock Inc. 19.08.2012 10,6MB Notwendig
avast! Free Antivirus AVAST Software 23.05.2013 8.0.1489.0 Notwendig
Battlefield 1942™ Electronic Arts 21.11.2012 1,21GB 1.6.20.0 Notwendig
Battlefield 3™ Electronic Arts 04.09.2012 1.4.0.0 Notwendig
Battlelog Web Plugins EA Digital Illusions CE AB 25.05.2013 2.1.4
BioShock Infinite Irrational Games 10.04.2013 Notwendig
Bonjour Apple Inc. 17.04.2013 2,00MB 3.0.0.10 Unbekannt
Broadcom NetLink Controller Broadcom Corporation 11.11.2012 508KB 14.8.5.1 Unbekannt
CCleaner Piriform 24.05.2013 4.02 Notwendig
Crysis(R) Electronic Arts 03.10.2012 6,40GB 1.00.0000 Notwendig
Darksiders II Vigil Games 22.12.2012 Notwendig
DDBAC DataDesign 30.05.2013 8,84MB 5.3.0 Unbekannt
Diablo III Blizzard Entertainment 09.06.2013 1.0.8.16603 Notwendig
ESN Sonar ESN Social Software AB 14.05.2013 0.70.4 Unbekannt
Far Cry 3 Ubisoft 27.02.2013 1.05 Notwendig
Geeks3D.com FurMark 1.10.6 Geeks3D.com 13.04.2013 7,04MB Unbekannt
I Am Alive Ubisoft 03.06.2013 2,01GB 1.01.0 Notwendig
Intel(R) Control Center Intel Corporation 19.08.2012 1.2.1.1007
Intel(R) Manageability Engine Firmware Recovery Agent Intel Corporation 19.08.2012 54,8MB 1.0.0.35342 Unbekannt
Intel(R) Management Engine Components Intel Corporation 19.08.2012 8.0.2.1410 Unbekannt
Intel(R) Processor Graphics Intel Corporation 27.02.2013 9.17.10.2932 Unbekannt
Intel(R) Rapid Storage Technology Intel Corporation 19.08.2012 11.0.0.1032 Unbekannt
Intel(R) Smart Connect Technology 2.0 x64 Intel 19.08.2012 6,03MB 2.0.1083.0 Unbekannt
Intel(R) USB 3.0 eXtensible Host Controller Driver Intel Corporation 26.01.2012 1.0.3.214 Unbekannt
Intel® Trusted Connect Service Client Intel Corporation 19.08.2012 10,6MB 1.23.605.1 Unbekannt
iTunes Apple Inc. 01.06.2013 187MB 11.0.3.42 Unbekannt
League of Legends Riot Games 03.04.2013 1.3 Notwendig
Mafia II 2K Czech 20.08.2012 Notwendig
Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 09.06.2013 19,2MB 1.75.0.1300 Notwendig
Max Payne 3 Rockstar Games 16.05.2013 1.0.0.0 Notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 31.10.2012 38,8MB 4.0.30319 Notwendig
Microsoft Games for Windows - LIVE Microsoft Corporation 04.04.2013 8,31MB 3.1.186.0 Notwendig
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 23.12.2012 31,3MB 3.5.92.0 Notwendig
Microsoft Silverlight Microsoft Corporation 13.03.2013 100MB 5.1.20125.0 Unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 24.12.2012 300KB 8.0.59193 Unbekannt
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 03.10.2012 708KB 8.0.61000 Unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 21.08.2012 252KB 9.0.30729 Unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 19.08.2012 788KB 9.0.30729.4148 Unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 24.12.2012 786KB 9.0.30729.6161 Unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 24.08.2012 240KB 9.0.30729 Unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 19.08.2012 596KB 9.0.30729.4148 Unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 24.12.2012 598KB 9.0.30729.6161 Unbekannt
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 27.02.2013 13,7MB 10.0.30319 Unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 24.12.2012 12,2MB 10.0.40219 Unbekannt
Mozilla Firefox 21.0 (x86 de) Mozilla 24.05.2013 44,5MB 21.0 Notwendig
NVIDIA PhysX NVIDIA Corporation 21.08.2012 78,9MB 9.10.0513 Unbekannt
Origin Electronic Arts, Inc. 24.08.2012 9.0.2.2065 Notwendig
Pando Media Booster Pando Networks Inc. 20.08.2012 5,46MB 2.6.0.8 Unbekannt
PlanetSide 2 Sony Online Entertainment 30.11.2012 Nicht notwendig
PunkBuster Services Even Balance, Inc. 27.02.2013 0.993 Notwendig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 19.08.2012 6.0.1.6559 Notwendig
Rockstar Games Social Club Rockstar Games 16.05.2013 1.1.0.1 Notwendig
Samsung SSD Magician Samsung Electronics 19.08.2012 35,4MB 3.1 Notwendig
SpeedFan (remove only) 17.04.2013 Notwendig
Splashtop Connect IE Splashtop Inc. 20.08.2012 1.1.12.1 Unbekannt
Star Wars: The Old Republic Electronic Arts, Inc. 19.01.2013 27,2MB 1.00 Notwendig
Steam Valve Corporation 20.08.2012 42,2MB 1.0.0.0 Notwendig
TeamSpeak 3 Client TeamSpeak Systems GmbH 21.08.2012 3.0.6 Notwendig
The Elder Scrolls V: Skyrim Bethesda Game Studios 24.10.2012 Notwendig
THX TruStudio Creative Technology Limited 19.08.2012 1.00.01 Notwendig
Uplay Ubisoft 09.06.2013 3.0 Notwendig
Warhammer 40,000: Dawn of War - Game of the Year Edition Relic 29.12.2012 Nicht notwendig
Warhammer 40,000: Dawn of War – Dark Crusade Relic 29.12.2012 Nicht notwendig
Warhammer 40,000: Dawn of War – Winter Assault Relic 29.12.2012 Nicht notwendig
Warhammer® 40,000™: Dawn of War® II Relic 22.12.2012 Nicht notwendig
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ Relic 23.12.2012 Nicht notwendig
Warhammer® 40,000™: Dawn of War® II – Retribution™ Relic 22.12.2012 Nicht notwendig
Windows Live ID Sign-in Assistant Microsoft Corporation 23.12.2012 10,0MB 6.500.3165.0 Nicht notwendig
XFast LAN v6.61 cFos Software GmbH, Bonn 19.08.2012 6.61 Notwendig
XFastUSB ASRock Inc. 19.08.2012 3.02.28 Notwendig


Nun aber

Alt 10.06.2013, 21:42   #12
markusg
/// Malware-holic
 
wssetup.exe  bei jedem Computer Start - Standard

wssetup.exe bei jedem Computer Start



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
ESN
Geeks3D

Öffne CCleaner, analysieren, starten, pc neustarten.
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.06.2013, 10:53   #13
x2Facex
 
wssetup.exe  bei jedem Computer Start - Standard

wssetup.exe bei jedem Computer Start



Hallo Markusg,

anbei der gewünschte Report. Habe alle schritte so befolgt wie du es gesagt hast.

Eine Frage bleibt jedoch, wenn ich jetzt videos im Internet schaue, geht das trotzdem mit Adobe Flash player oder habe ich das jetzt komplett unterdrückt?

Das Spiel League of Legends verlangt ein Adobe Air Programm. Dann sollte ich das wohl wieder installieren oder?


Könntest du mir evtl. erklären was
ESN
Geeks3D

für Programme sind? Laut der Homepage ist ESN ein VOIP Anbieter? Was geeks3D allerdings ist weiß ich nicht.AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 12/06/2013 um 11:47:45 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : 2Face - 2FACE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\2Face\Desktop\System\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\WNLT

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Datei : C:\Users\2Face\AppData\Roaming\Mozilla\Firefox\Profiles\0srcexbt.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\2Face\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [7898 octets] - [09/06/2013 15:33:52]
AdwCleaner[S2].txt - [1009 octets] - [12/06/2013 11:47:45]

########## EOF - C:\AdwCleaner[S2].txt - [1069 octets] ##########
         
--- --- ---

Alt 12.06.2013, 14:14   #14
markusg
/// Malware-holic
 
wssetup.exe  bei jedem Computer Start - Standard

wssetup.exe bei jedem Computer Start



wenn du flash wieder instaliert hast, passt das, wenn adobe air benötigt wird, drauf damit :-)
Adobe - Adobe AIR
Geeks3D

sollte was mit Grafikbearbeitung zu tun haben
esn scheint was mit VoIP zu tun zu haben
HitmanPro - Download - Filepony
bitte Hitmanpro laden, doppelklicken, scan klicken.
nichts löschen, auf weiter klicken, log speichern und posten, bzw packen und anhängen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.06.2013, 15:15   #15
x2Facex
 
wssetup.exe  bei jedem Computer Start - Standard

wssetup.exe bei jedem Computer Start



Wie packe ich dateien zusammen?

Habe leider kein passendes Programm dafür auf dem Computer. Kann ich das trotzdem so posten?

Antwort

Themen zu wssetup.exe bei jedem Computer Start
antivirus, aswrvrt.sys, bho, bonjour, browser, computer, desktop, downloader, firefox, flash player, google, helper, home, internet browser, internet explorer, launch, logfile, mozilla, plug-in, problem, programm, realtek, registrierungsdatenbank, registry, scan, security, software, usb, virus, windows



Ähnliche Themen: wssetup.exe bei jedem Computer Start


  1. Unerwünschte Werbung bei jedem Firefox start
    Log-Analyse und Auswertung - 21.03.2014 (23)
  2. SoftwareUpdater.Ui.exe bei jedem PC-Start
    Log-Analyse und Auswertung - 22.10.2013 (7)
  3. wssetup.exe von Perion Ltd. bei jedem Neustart
    Plagegeister aller Art und deren Bekämpfung - 25.06.2013 (7)
  4. wssetup.exe von Perion Network Ltd. fragt nach jedem Hochfahren des Computers nach Bestätigung
    Plagegeister aller Art und deren Bekämpfung - 20.06.2013 (10)
  5. wssetup.exe bei jedem Hochfahren
    Plagegeister aller Art und deren Bekämpfung - 20.06.2013 (9)
  6. wssetup von Perion Network Ltd. versucht auf meinen Computer zuzugreifen
    Plagegeister aller Art und deren Bekämpfung - 17.06.2013 (7)
  7. Wssetup.exe von Perion beim Windows-Start
    Log-Analyse und Auswertung - 17.06.2013 (5)
  8. wssetup von perion network ltd kommt immer nach Start des PC
    Plagegeister aller Art und deren Bekämpfung - 16.06.2013 (7)
  9. Mc Afee Antivir ist bei ca. jedem 20. PC Start ausgeschaltet ?
    Plagegeister aller Art und deren Bekämpfung - 16.06.2013 (5)
  10. GVU-Trojaner - bei jedem Start: Zahlungsaufforderung
    Log-Analyse und Auswertung - 06.09.2012 (19)
  11. Bei jedem Start eine Virusmeldung
    Plagegeister aller Art und deren Bekämpfung - 21.01.2011 (12)
  12. Systemzeit bei jedem Start auf 0.00 Uhr
    Alles rund um Windows - 15.05.2008 (7)
  13. Trojaner Meldung bei jedem Start (Zapchast)
    Log-Analyse und Auswertung - 05.03.2008 (4)
  14. Programmordner öffnet sich bei jedem Start automatisch!!!
    Alles rund um Windows - 06.08.2006 (14)
  15. coolwwwsearch.com Prozess bei jedem Browser Start
    Log-Analyse und Auswertung - 26.07.2004 (4)
  16. MSN Messager kommt bei jedem PC Start
    Plagegeister aller Art und deren Bekämpfung - 26.05.2004 (5)
  17. bei jedem start Laufwerke wieder freigegeben
    Plagegeister aller Art und deren Bekämpfung - 15.11.2003 (2)

Zum Thema wssetup.exe bei jedem Computer Start - Hallo Trojaner-Board Community, leider habe ich seit einigen Tagen das Problem, dass sich bei jedem Start WSS Setup öffnet und ich jetzt angst habe mir etwas eingefangen zu haben. Ich - wssetup.exe bei jedem Computer Start...
Archiv
Du betrachtest: wssetup.exe bei jedem Computer Start auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.