Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 10.06.2013, 15:56   #1
solonia
 
Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! - Standard

Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren!



Hallo liebe Forums-Betreiber,

seit ca. 5 Tagen poppt ein Fenster der Benutzerkontensteuerung nach, ob ich folgendes Programm ändern möchte:
Programname: wwsetup.exe
Verifizierter Herausgeber: Perion Network Ltld
Dateiursprung: Festplatte auf Computer
(Window 7 als Benutzeroberfläche!)

Ich war irritiert und habe aus Versehen auf ja geklickt! Dann tauchte dieses Fenster im wieder beim Arbeiten online und mit Programmen auf und nach dem Starten des Laptops und ich habe nein geklickt!

Irgendwie habe ich dann Panik bekommen und Online recherchiert und bin auf Eurer Forum gestoßen! Dann habe ich meine Festplatte nach der Datei suchen lassen und mit Macfee Security Programm schreddern lassen.

Es taucht weiterhin auf beim Booten des Laptops! Was mache ich??
Meine Laptop Hotline (Mein Laptop ist erst 9 Monate alt) möchte viel Geld für eine professionelle Beratung und/oder empfiehlt, die Festplatte mit den Sicherheits-CD neu zu konfigurien Sicherheits-CDs! Das habe ich aber noch nie gemacht! Bevor ich das in Anspruch nehme, möchte ich gerne wissen, ob ich das Problem mit Ihnen zusammen nicht alleine lösen kann.

Ich bin nicht der PC-Profi, auch wenn ich einiges selber machen kann. Ich weiß nicht, wie ein SCREENSHOT mache oder einen Logfile erstelle! Das nur als Hinweis .. vielleicht ist es dann leichter für Sie, mir zu helfen.
Ich würde auch gerne wissen, wie dieses Programm sich trotz MacFee reinschleichen konnte? Kann ich so etwas in Zukunft verhindern?
Ah, ich habe grade mehr bezüglich Logfiles auf Ihrer Homepage recherchiert, jetzt gerade Malwarebytes Anti-Malware installiert und lasse den vollen PC-Scan laufen! Dann kann ich hier auch ein Logfile hinzufügen!


Vielen Dank für Ihre Hilfe und Zeit schon jetzt!!!
Lieben Gruß

solonia

Logfile:

Soll ich das gefundene File löschen, entfernen?

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.10.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
smenz :: NOTEBOOK-N5050 [Administrator]

Schutz: Aktiviert

10.06.2013 14:11:37
MBAM-log-2013-06-10 (15-51-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 351808
Laufzeit: 1 Stunde(n), 12 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 10.06.2013, 15:57   #2
markusg
/// Malware-holic
 
Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! - Standard

Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren!



Hi
fund löschen.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 10.06.2013, 16:40   #3
solonia
 
Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! - Standard

Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren!



Hallo markusg,

super schnell!

Also, habe
1. Fund bei Malware gelöscht und PC neugestartet,
2. ich habe den Quickscan durchgeführt und nicht auf scannen gedrückt und hoffe, das war richtig.

Hier sind die Logfiles:

1. OTL.text:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.06.2013 16:24:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\smenz\Desktop\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 62,24% Memory free
7,82 Gb Paging File | 5,90 Gb Available in Paging File | 75,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446,13 Gb Total Space | 396,52 Gb Free Space | 88,88% Space Free | Partition Type: NTFS
 
Computer Name: NOTEBOOK-N5050 | User Name: smenz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.10 16:19:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\smenz\Desktop\Downloads\OTL.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.01.31 21:21:01 | 000,042,784 | ---- | M] (Yontoo LLC) -- C:\Users\smenz\AppData\Roaming\Yontoo\YontooDesktop.exe
PRC - [2012.10.04 17:34:36 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2012.08.21 15:20:02 | 000,067,496 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
PRC - [2012.08.15 20:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012.07.27 13:51:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.09 17:31:12 | 000,577,536 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2012.02.16 19:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
PRC - [2012.02.01 18:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
PRC - [2012.01.27 23:30:16 | 000,465,216 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2012.01.27 04:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
PRC - [2012.01.27 04:47:36 | 004,293,952 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
PRC - [2011.11.25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011.06.29 15:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
PRC - [2011.06.28 02:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
PRC - [2011.05.20 11:16:10 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011.02.01 20:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.01 20:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.13 01:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.01.13 01:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.11.17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.06.10 16:13:24 | 000,013,600 | ---- | M] () -- C:\Users\smenz\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll
MOD - [2013.05.16 20:28:06 | 000,401,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\990123c5701a26f1d724150839811bce\System.Xml.Linq.ni.dll
MOD - [2013.05.16 20:27:03 | 001,084,928 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\1e8f7367eaa08c5057d78c093982f8f0\System.IdentityModel.ni.dll
MOD - [2013.05.16 20:27:01 | 017,478,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e698a866fd16973a24ca6697218028ad\System.ServiceModel.ni.dll
MOD - [2013.05.16 20:26:34 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll
MOD - [2013.05.16 14:50:12 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll
MOD - [2013.05.16 14:49:52 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.16 14:49:42 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll
MOD - [2013.05.16 14:49:31 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013.05.16 14:49:24 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.02.17 13:30:32 | 001,358,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\9266d6e1f8057b5b62b460cbf33cda21\System.WorkflowServices.ni.dll
MOD - [2013.02.17 10:45:12 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013.01.15 17:05:09 | 001,707,008 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll
MOD - [2013.01.15 17:03:02 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll
MOD - [2013.01.15 17:03:02 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll
MOD - [2013.01.11 18:34:23 | 002,347,008 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll
MOD - [2013.01.11 18:34:18 | 000,256,000 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll
MOD - [2013.01.11 18:28:37 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013.01.11 18:28:17 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.11 18:27:27 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.11 18:27:03 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.11 18:26:57 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.11 18:26:44 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.10.05 12:53:24 | 003,198,976 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012.08.21 15:20:02 | 000,067,496 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
MOD - [2012.07.04 19:30:28 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll
MOD - [2012.07.04 19:30:07 | 000,167,936 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2012.07.04 19:30:03 | 000,212,992 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2012.07.04 19:29:52 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2012.02.01 18:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
MOD - [2012.02.01 18:44:34 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
MOD - [2012.02.01 18:44:34 | 002,278,400 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
MOD - [2012.01.27 04:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
MOD - [2011.12.25 22:42:15 | 005,255,168 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2011.06.29 15:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
MOD - [2011.06.28 02:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
MOD - [2011.06.28 02:25:30 | 000,058,944 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
MOD - [2011.06.25 06:32:36 | 000,323,136 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\de-DE\UI\ManagerUI.dll
MOD - [2011.06.25 06:20:26 | 000,565,968 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
MOD - [2010.11.25 05:44:02 | 000,375,280 | ---- | M] () -- c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
MOD - [2010.11.21 05:24:32 | 000,425,984 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010.11.21 05:24:25 | 000,385,024 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2010.11.21 05:23:56 | 000,114,688 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2010.11.21 05:23:48 | 002,048,000 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010.11.17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.03.22 22:52:42 | 006,776,832 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
MOD - [2010.03.17 03:28:28 | 000,326,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
MOD - [2010.03.17 03:28:16 | 000,635,904 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
MOD - [2010.03.17 03:28:04 | 001,926,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
MOD - [2010.03.12 02:52:34 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
MOD - [2010.03.12 02:52:34 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
MOD - [2010.03.05 22:07:58 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
MOD - [2010.03.05 22:07:58 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.02.19 14:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2013.02.19 14:53:32 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2013.02.19 14:51:54 | 000,241,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2013.05.15 11:58:20 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.19 10:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.11.16 22:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\mcafee\virusscan\mcods.exe -- (McODS)
SRV - [2012.07.27 13:51:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.16 19:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2011.11.25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.05.27 21:06:16 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2011.05.20 11:16:10 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011.05.20 11:15:20 | 000,080,032 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2011.03.09 00:00:50 | 000,224,704 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Programme\mcafee\msc\McAWFwk.exe -- (McAWFwk)
SRV - [2011.02.01 20:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.01 20:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.01.13 01:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.11.25 12:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010.11.25 12:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.09.23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 21:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.08.26 03:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010.03.18 20:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.03 12:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.02.19 14:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2013.02.19 14:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2013.02.19 14:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2013.02.19 14:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2013.02.19 14:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2013.02.19 14:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2013.02.19 14:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012.11.09 16:33:30 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2012.11.09 16:33:30 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012.11.09 16:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012.11.09 16:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.10.17 14:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.04.20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.16 15:40:20 | 000,176,000 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.27 21:06:16 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011.05.20 11:15:34 | 000,282,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011.05.20 11:15:34 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011.05.20 11:15:34 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011.05.20 11:15:34 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011.05.20 11:15:34 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011.05.20 11:15:34 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011.05.20 11:15:32 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011.05.20 11:15:32 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2011.04.01 05:35:12 | 000,355,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011.03.26 04:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.24 14:41:24 | 002,700,288 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.01.13 00:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.11.21 05:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.10.30 02:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 11:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.03.19 10:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006.11.01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={77BF8531-4462-11E2-A5A0-844BF557795C}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2732600908-1742709287-786376233-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Cafe Astrology: Astrology Signs, Horoscopes, Love
IE - HKU\S-1-5-21-2732600908-1742709287-786376233-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2732600908-1742709287-786376233-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2732600908-1742709287-786376233-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={77BF8531-4462-11E2-A5A0-844BF557795C}
IE - HKU\S-1-5-21-2732600908-1742709287-786376233-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\smenz\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013.03.08 21:00:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013.05.03 15:14:33 | 000,000,000 | ---D | M]
 
[2012.12.12 15:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\smenz\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012.11.29 16:47:10 | 000,197,580 | ---- | M] () (No name found) -- C:\Users\smenz\AppData\Roaming\mozilla\firefox\profiles\extensions\ftdownloader@ftdownloader.com.xpi
 
========== Chrome  ==========
 
CHR - default_search_provider: SweetIM Search (Enabled)
CHR - default_search_provider: search_url = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={77BF8531-4462-11E2-A5A0-844BF557795C}
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://home.sweetim.com/?st=6&barid={77BF8531-4462-11E2-A5A0-844BF557795C}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: YouTube = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google-Suche = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: FTdownloader = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjoindjjcmbdpbfppabdgflnkgbbcli\1.0_0\
CHR - Extension: SweetIM for Facebook = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
CHR - Extension: Yontoo = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\
CHR - Extension: SweetPacks Chrome Extension = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\
CHR - Extension: Google Mail = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: YouTube = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: YouTube = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google-Suche = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: FTdownloader = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjoindjjcmbdpbfppabdgflnkgbbcli\1.0_0\
CHR - Extension: SweetIM for Facebook = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
CHR - Extension: Yontoo = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\
CHR - Extension: SweetPacks Chrome Extension = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\
CHR - Extension: Google Mail = C:\Users\smenz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20121019190708.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121019190708.dll (McAfee, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
O4 - HKLM..\Run: [RoxWatchTray] c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2732600908-1742709287-786376233-1000..\Run: [Yontoo Desktop] C:\Users\smenz\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF8049F2-D056-4D77-BBD9-9A4E94121408}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.10 16:17:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013.06.10 16:13:22 | 000,000,000 | R--D | C] -- C:\Users\smenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013.06.10 14:10:46 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Roaming\Malwarebytes
[2013.06.10 14:10:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.10 14:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.10 14:09:52 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013.06.10 14:09:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.06.10 14:09:28 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\Programs
[2013.06.10 12:03:10 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{C7D57F9F-AC30-486B-91DC-2DA4BE273A0B}
[2013.06.10 11:33:20 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
[2013.06.10 11:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Atheros
[2013.06.10 11:32:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.06.09 13:58:50 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{611D7DAD-53D3-4DE9-9C4B-830757327AF8}
[2013.06.09 12:49:25 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{1B15C7C8-CFE7-4EFC-8144-2BC4EC941DD7}
[2013.06.08 19:56:41 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{709CD044-0FC4-4C81-A9F2-3C83376F46E3}
[2013.06.08 01:51:20 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{271A1423-9442-4B4A-BC7D-C26645279328}
[2013.06.07 11:19:34 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{12EBC70D-40B4-4919-89C3-00C832D819DA}
[2013.06.06 23:54:36 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{2143C710-40B1-4A7B-9A1A-AE3EF5867B89}
[2013.06.06 09:30:58 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{16512E56-DEE7-47F3-A78F-4C82F34E60D6}
[2013.06.05 09:39:15 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{D06639DF-6B4F-40B9-92E9-906E89F57CCD}
[2013.06.04 09:24:08 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{AF7F07C9-948F-47D2-B871-60A66004B1F2}
[2013.06.03 13:16:50 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{2D9393DF-0BDD-4F07-BF6E-17F0F03930FC}
[2013.06.02 15:27:57 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\jmdp
[2013.06.02 15:27:57 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\ARFC
[2013.06.02 15:27:54 | 000,033,792 | ---- | C] (IncrediMail, Ltd.) -- C:\windows\SysNative\ImHttpComm.dll
[2013.06.02 15:27:54 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\WNLT
[2013.06.01 19:25:06 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{E137133E-34DF-4263-9583-007908580F25}
[2013.06.01 12:10:15 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{AFCB9DCD-C1C1-42E1-A587-B06BE38A724D}
[2013.05.31 13:26:45 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{C67DDA40-A996-494E-8392-004EC3B2E17D}
[2013.05.30 23:57:48 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{5449B776-B7DC-40FD-AA53-97DF75C23FBF}
[2013.05.30 11:31:34 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{25A24C8A-70D5-4BA8-A333-27E5B83E9168}
[2013.05.29 23:30:46 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{D5015153-D854-4D5D-8AFA-7E9154EA66EA}
[2013.05.29 20:32:50 | 000,000,000 | R--D | C] -- C:\Users\smenz\Desktop\MySyncUPFiles
[2013.05.29 11:04:08 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{610835F2-803D-41BA-81BD-075ECF08F419}
[2013.05.28 13:44:05 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{D63B0617-DF12-4B1A-AB35-82251D271D6F}
[2013.05.28 00:10:20 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{DD52A04A-E5A2-4F5D-A66F-18387C35E9E8}
[2013.05.27 09:46:10 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{585CE5CE-82C4-493B-86AD-669A482D10D1}
[2013.05.26 12:32:31 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{E3505BF6-507B-4808-AE5F-AB9020FCFFA7}
[2013.05.25 12:22:39 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{F25B712E-F747-4541-B65F-D8C4C3CAE0EB}
[2013.05.24 15:23:29 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{19EB7E9E-7772-449E-A8C7-E7C8912AE47A}
[2013.05.24 00:45:23 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{989082A7-B267-4C56-8C7D-835E571478AD}
[2013.05.23 14:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
[2013.05.23 14:08:35 | 000,000,000 | ---D | C] -- C:\Program Files\My Dell
[2013.05.23 10:07:48 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{2AA45AA8-434B-4504-B6BE-FDCB871134BC}
[2013.05.22 21:59:48 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{C2F6918A-DE67-47AA-8CB1-E940689B0A5F}
[2013.05.22 09:39:48 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{9F70A087-61A5-4B1A-82F5-509053AF7F3E}
[2013.05.21 11:54:25 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{20682498-3E62-489E-983F-07C6DE9A7300}
[2013.05.20 21:07:41 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{C4FFF70D-E69C-4228-9A02-BDD4A954F979}
[2013.05.19 16:02:34 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{3A0B1281-EC1A-4D92-BA3B-39079EF575E9}
[2013.05.17 15:03:42 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{40363E5E-84DE-450A-98AC-ABDCABDFC788}
[2013.05.16 14:47:45 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{A36EBE10-EF2C-4790-BAA7-759F0755E082}
[2013.05.15 09:11:41 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{A6A659E8-08F9-4E49-9BC6-DF3B362CB74C}
[2013.05.14 10:34:04 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{51649E44-F733-4727-AE78-47D0EEEFEF8C}
[2013.05.13 10:26:30 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{163E1F8A-F4A9-474E-9A4E-3B9D930448DC}
[2013.05.12 16:58:56 | 000,000,000 | ---D | C] -- C:\Users\smenz\AppData\Local\{8A130DC7-D2D0-41F3-93CF-7891980566E5}
[2012.10.30 00:15:44 | 001,222,144 | ---- | C] (Amazon.com, Inc.) -- C:\Users\smenz\npAmazonMP3DownloaderPlugin101753.dll
[2012.10.30 00:07:00 | 004,814,848 | ---- | C] (Amazon.com) -- C:\Users\smenz\AmazonMP3Downloader.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.10 16:20:01 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.10 16:20:01 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.10 16:12:55 | 000,001,104 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.10 16:12:22 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.06.10 16:12:15 | 3149,086,720 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.10 16:02:00 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.10 15:58:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.06.10 14:10:00 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.10 13:36:22 | 001,612,484 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.06.10 13:36:22 | 000,696,870 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.06.10 13:36:22 | 000,652,148 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.06.10 13:36:22 | 000,148,134 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.06.10 13:36:22 | 000,121,080 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.06.10 11:33:37 | 000,246,804 | ---- | M] () -- C:\windows\SysNative\drivers\AtherosBt.bin
[2013.06.06 09:02:33 | 000,001,342 | ---- | M] () -- C:\Users\smenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2013.05.21 15:31:12 | 001,447,728 | ---- | M] () -- C:\windows\SysNative\dmwu.exe
[2013.05.21 15:30:18 | 000,033,792 | ---- | M] (IncrediMail, Ltd.) -- C:\windows\SysNative\ImHttpComm.dll
[2013.05.16 14:45:10 | 000,461,776 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.06.10 14:10:00 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.02 15:27:54 | 001,447,728 | ---- | C] () -- C:\windows\SysNative\dmwu.exe
[2012.11.26 19:17:34 | 000,077,225 | ---- | C] () -- C:\Users\smenz\Uninstall.exe
[2012.10.29 23:58:40 | 000,010,578 | ---- | C] () -- C:\Users\smenz\cacert.pem
[2012.10.29 23:54:34 | 000,010,982 | ---- | C] () -- C:\Users\smenz\Readme.html
[2012.10.21 19:02:48 | 000,001,752 | ---- | C] () -- C:\Users\smenz\Browserwahl.lnk
[2012.10.19 15:38:50 | 000,103,272 | ---- | C] () -- C:\Users\smenz\GoToAssistDownloadHelper.exe
[2012.07.04 19:06:41 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012.07.04 19:06:41 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012.07.04 19:06:41 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2012.07.04 16:50:12 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
[2012.06.08 12:59:19 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2012.06.08 12:59:17 | 000,000,324 | ---- | C] () -- C:\windows\Prelaunch.ini
[2012.06.08 12:59:17 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2012.06.08 12:59:17 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2012.06.08 12:59:17 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
[2012.06.08 12:59:17 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2012.06.08 12:59:17 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2012.06.08 12:59:17 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2012.06.08 10:48:16 | 001,590,378 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.19 13:27:10 | 000,000,000 | ---D | M] -- C:\Users\smenz\AppData\Roaming\Fingertapps
[2013.05.08 12:52:44 | 000,000,000 | ---D | M] -- C:\Users\smenz\AppData\Roaming\GlarySoft
[2013.05.08 12:44:25 | 000,000,000 | ---D | M] -- C:\Users\smenz\AppData\Roaming\Nokia
[2013.05.08 12:44:25 | 000,000,000 | ---D | M] -- C:\Users\smenz\AppData\Roaming\Nokia Suite
[2012.10.21 20:07:27 | 000,000,000 | ---D | M] -- C:\Users\smenz\AppData\Roaming\PC Suite
[2012.11.05 12:47:29 | 000,000,000 | ---D | M] -- C:\Users\smenz\AppData\Roaming\PCDr
[2013.05.08 12:28:20 | 000,000,000 | ---D | M] -- C:\Users\smenz\AppData\Roaming\Similarity
[2013.01.23 14:30:41 | 000,000,000 | ---D | M] -- C:\Users\smenz\AppData\Roaming\Windows Live Writer
[2013.06.10 16:13:25 | 000,000,000 | ---D | M] -- C:\Users\smenz\AppData\Roaming\Yontoo
[2012.10.21 20:04:30 | 000,000,000 | ---D | M] -- C:\Users\smenz\AppData\Roaming\ZinioReader4
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


2. Extra.text:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10.06.2013 16:24:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\smenz\Desktop\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 62,24% Memory free
7,82 Gb Paging File | 5,90 Gb Available in Paging File | 75,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446,13 Gb Total Space | 396,52 Gb Free Space | 88,88% Space Free | Partition Type: NTFS
 
Computer Name: NOTEBOOK-N5050 | User Name: smenz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0068B183-036C-445C-AF38-67791C843CB8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1A45F29C-A023-46F5-833E-F7F9F8518CCE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1FE94176-DD75-4551-AAAE-C7B9C08E7518}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2BA42CC4-A9BD-4FCA-9A28-75142D9DE33A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{37CC9C39-8AC8-4C35-B862-B38EC0F38701}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4C2D7A28-B2A0-4049-80BA-327A0A0ED2D0}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 | 
"{5B5AC33E-2639-40EE-8BDB-B8EA465351E9}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 | 
"{5EF88D3A-86F6-42C1-9513-C9E729D8B248}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{62C83ECE-C666-4624-8EB5-D461AA234906}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{645EF0BC-0936-4918-82BD-5473613694B6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{6796B9B7-616F-4E2B-AC88-321C40BFB1B8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6E9ECEAB-04DE-4CF5-B248-05FAFCE51250}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{7988F7CC-E852-4292-8849-D365308F6B1C}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 | 
"{7B2ABBF3-2B8F-4AF2-8898-3E766869BA82}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A425D726-55DF-4341-AFB8-06814E1105C9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AD311DE2-CBA3-4C7A-9D9E-509F22439A5F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{AD828451-810E-4B6F-8F27-4FB04D36DD7E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BE422E72-3D81-4A25-A15C-CB83F4ED5557}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{BEAA9B77-3E66-4407-89AB-7674F434E957}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C29A02C2-7779-45A9-B040-3E4FC9A38F55}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C7719405-648E-45AF-918D-469B5010F3FD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D07C923C-3665-4772-98BC-A1CA41134406}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{D0E2A237-D1DE-43BF-9BC9-1C5378381881}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DB25ED65-A82D-46C3-9AC1-6F3D5C377960}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E5526404-C750-4B90-8C5F-7C117D1C07AA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{EBDBE26B-267D-4F46-B520-E7B3907D7DE5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{EEA7D873-B183-446E-8596-553A8EB7FDF4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F0E11838-1508-4000-80B5-199E2DC98A3A}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09EEAA3F-F769-4527-8F11-E1EC65B643A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0B524D5B-7013-4C8C-A6ED-E3E18FA517A6}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{0B9BAA5F-746D-459D-A715-9ED1C0A1695D}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{14A535B2-70AB-4D8E-836E-02EA1AD91E59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{157AB060-5786-4508-9F75-FDCC91354422}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero blu-ray player\blu-rayplayer.exe | 
"{16B51A39-9D98-4664-8B46-95AA5B495776}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe | 
"{188CD4D0-020C-460D-B710-EC3652955DA9}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero blu-ray player\blu-rayplayer.exe | 
"{1BD6DFA1-EC04-4CDF-B311-55D7926CCC54}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe | 
"{1CA14873-5CFD-4BB6-BD4B-F765244095B1}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe | 
"{1D96B4DB-DFC3-41C1-8023-477B08D4A62F}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{1ECD6CBB-2AA5-43C9-8ECE-FE1958AA6405}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe | 
"{1EF74F79-CFD1-48EC-AF63-B80807A12925}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{231F1258-BA1E-4ABE-A63D-0BCBCD8640DB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{25504C76-7FEF-4F00-A8CA-3610E21D9E63}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe | 
"{29BDDEF2-1D6A-4799-A472-D1E6C90EFB5C}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe | 
"{2F64EA03-7D12-41D9-87CD-CA12744B7AEF}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{329D8120-5C39-4B39-9E93-4D91A00BD513}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{33E9EFBD-D6C7-4054-8021-B4F3397F9654}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 
"{346ECFFE-147D-4A66-851E-01CBC804427B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3EA77141-2235-4818-BE1A-474608679C92}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4512D263-D98C-4D07-AD5E-3234433483F8}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{515F4D34-1EED-4930-9462-7C09B2576E7C}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{545D3947-7969-4287-9D2B-86BCAED913F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{56B60133-3047-4B69-881D-6E28125F2CAA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5E3DBF76-6584-420D-ADB1-4472641B97E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6612785E-9B35-4254-BA87-0477745DEED8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{67364BA1-BC9C-4E96-B3C9-8D56AAF9EE21}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6CF4BF08-0344-48F9-AD1F-EBB94AD61AF6}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{71479164-AD79-4502-9507-57DACF726FC6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7177D2DF-3BE7-47B3-A64B-6EC4AF5753F8}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{7F8FB72E-3D7B-4D3F-BE47-7686AE124DE9}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe | 
"{8F70AF71-1F29-4D5D-ACF8-CBCB68750B97}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8FDC61EC-A995-4E4D-BD0B-B1CADF264AFC}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe | 
"{9237CB5A-E25D-4144-93CB-DDA0F8ACEC89}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{93251BFF-D2AC-48EA-9D83-1FD963786499}" = protocol=6 | dir=out | app=system | 
"{988968B5-495C-41C9-8E97-987BC9C8DDD8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{99DA974B-A2FB-4DFF-973E-B83934FACCAB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{A3B9D52C-3D25-4E17-8B5A-0C11F0C3DEC9}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{A4A408A3-6B30-4B69-899E-D6E464694A97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A932D2BA-AF9C-4A98-A5D5-1BBB718AB3F3}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 
"{B5FE6105-B8A5-4E66-A509-01E2404E70C7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{B824F7DE-4B5D-4FC3-B8D4-DD148C1F3720}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BBCBB7DA-D695-4AEB-BA0D-08C0EAE95A45}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe | 
"{C0555001-2F3D-463E-A307-BD90BB05F37A}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 
"{C346BD50-463C-41CE-9DEF-B79CFEB4CC3E}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe | 
"{C37F9E3A-2429-44D2-9D09-2E72C0FE5B69}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C6634E21-F5C7-4D8F-808B-4365C04600CF}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{C7BAEC82-EAE2-4DCC-A814-F49CBA280B62}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{C97B19FF-4056-4A65-B505-9E1353EDE7CA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{CBB62232-FCF6-4340-91E0-B198509163BD}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe | 
"{D0CC3606-01C0-4F2D-BB45-FFBFE3835995}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | 
"{D6A4BB25-A42C-4B31-B837-86177C62383B}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe | 
"{D7F45D40-77DA-4542-BA8A-F0E9A93D9E66}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{E9778D99-0049-4A01-B227-74067F8AD6EC}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe | 
"{EC2A9A24-8BA2-458B-B80B-DBE30068B928}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{F199B868-150F-4562-8395-FE3A2DAE364D}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe | 
"{F45F8380-B06B-4C4A-BE26-5EF14E7376E2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{68F250EA-9638-4DCF-96C4-D68CC340EC48}" = Google Chrome Extension Updater 1.12.02
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.03
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PC-Doctor for Windows" = My Dell
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E90B7F4-1817-4405-B4A5-E4EA5EC0E2B3}" = Dell MusicStage
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AF7A3DF-581E-4AB7-ACAF-2051FF7E8ACF}" = Similarity 1.8.1
"{6B722793-E77B-41F5-BAB3-6C9832274E75}" = PC Connectivity Solution
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}" = Nokia Connectivity Cable Driver
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF4D3C63-009B-4A17-B02E-D395065DD3F0}" = Dell Stage Remote
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F57269-065E-4B19-8CDA-AB6C401FAF1A}" = Dell Stage
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"1ClickDownload" = FTDownloader
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Dell Webcam Central" = Dell Webcam Central
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MSC" = McAfee SecurityCenter
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"WildTangent dell Master Uninstall" = WildTangent-Spiele
"WinLiveSuite" = Windows Live Essentials
"WNLT" = IB Updater Service
"WT089409" = Bejeweled 2 Deluxe
"WT089411" = Build-a-lot 2
"WT089412" = Cake Mania
"WT089413" = Chuzzle Deluxe
"WT089414" = Diner Dash 2 Restaurant Rescue
"WT089415" = Dora's World Adventure
"WT089418" = FATE
"WT089420" = Jewel Quest
"WT089422" = Jewel Quest Solitaire 2
"WT089433" = Polar Golfer
"WT089434" = Escape Whisper Valley (TM)
"WT089440" = Namco All-Stars PAC-MAN
"WT089444" = Final Drive Nitro
"WT089445" = Penguins!
"WT089446" = Wedding Dash - Ready, Aim, Love!
"WT089448" = Zuma Deluxe
"WT089450" = Farm Frenzy
"WT089452" = Plants vs. Zombies - Game of the Year
"WT089499" = Final Drive Fury
"WT089503" = Samantha Swift
"WT089507" = Luxor
"WT089508" = Polar Bowler
"ZinioReader4" = Zinio Reader 4
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2732600908-1742709287-786376233-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.04.2013 13:27:34 | Computer Name = notebook-n5050 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Kindle.exe, Version: 1.10.5.40382,
 Zeitstempel: 0x50bd934d  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6e6f6974  ID des fehlerhaften
 Prozesses: 0xe1c  Startzeit der fehlerhaften Anwendung: 0x01ce3f7e998c0430  Pfad der
 fehlerhaften Anwendung: C:\Users\smenz\AppData\Local\Amazon\Kindle\application\Kindle.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: eae894c5-ab71-11e2-8111-844bf557795c
 
Error - 23.04.2013 03:58:53 | Computer Name = notebook-n5050 | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.04.2013 17:46:58 | Computer Name = notebook-n5050 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d672ee4  Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.17859,
 Zeitstempel: 0x4fd2dfec  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000179aac
ID
 des fehlerhaften Prozesses: 0xb00  Startzeit der fehlerhaften Anwendung: 0x01ce3ff84e970d67
Pfad
 der fehlerhaften Anwendung: C:\windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\windows\system32\SHELL32.dll  Berichtskennung: 52430078-ac5f-11e2-84db-844bf557795c
 
Error - 24.04.2013 06:39:03 | Computer Name = notebook-n5050 | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.04.2013 11:23:21 | Computer Name = notebook-n5050 | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.04.2013 04:03:06 | Computer Name = notebook-n5050 | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.04.2013 04:17:41 | Computer Name = notebook-n5050 | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.04.2013 08:28:12 | Computer Name = notebook-n5050 | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.04.2013 10:06:22 | Computer Name = notebook-n5050 | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.04.2013 04:45:52 | Computer Name = notebook-n5050 | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 12.05.2013 13:46:21 | Computer Name = notebook-n5050 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 12.05.2013 13:46:21 | Computer Name = notebook-n5050 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 12.05.2013 13:46:22 | Computer Name = notebook-n5050 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 14.05.2013 11:53:32 | Computer Name = notebook-n5050 | Source = DCOM | ID = 10010
Description = 
 
Error - 15.05.2013 04:03:27 | Computer Name = notebook-n5050 | Source = DCOM | ID = 10010
Description = 
 
Error - 15.05.2013 12:26:51 | Computer Name = notebook-n5050 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde nicht
 richtig gestartet.
 
Error - 19.05.2013 15:36:56 | Computer Name = notebook-n5050 | Source = Service Control Manager | ID = 7034
Description = Dienst "McAfee Scanner" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 30.05.2013 10:27:47 | Computer Name = notebook-n5050 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Atheros Bt&Wlan Coex Agent erreicht.
 
Error - 05.06.2013 11:13:21 | Computer Name = notebook-n5050 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 10.06.2013 07:35:08 | Computer Name = notebook-n5050 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst eventlog erreicht.
 
 
< End of report >
         
--- --- ---


Sollte ich diese Berichte noch irgendwo anders speichern?

Jetzt geht es wohl weiter, oder?

Danke,
Solonia
__________________

Alt 10.06.2013, 18:57   #4
markusg
/// Malware-holic
 
Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! - Standard

Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren!



Hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.06.2013, 19:19   #5
solonia
 
Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! - Standard

Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren!



Hallo markusg,

hier sind die Ergebnisse! Zwei Bedrohungen sind gefunden worden:

1. Logfile:

19:07:51.0960 6788 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:07:53.0575 6788 ============================================================
19:07:53.0575 6788 Current date / time: 2013/06/10 19:07:53.0575
19:07:53.0575 6788 SystemInfo:
19:07:53.0575 6788
19:07:53.0575 6788 OS Version: 6.1.7601 ServicePack: 1.0
19:07:53.0575 6788 Product type: Workstation
19:07:53.0575 6788 ComputerName: NOTEBOOK-N5050
19:07:53.0575 6788 UserName: smenz
19:07:53.0575 6788 Windows directory: C:\windows
19:07:53.0575 6788 System windows directory: C:\windows
19:07:53.0575 6788 Running under WOW64
19:07:53.0575 6788 Processor architecture: Intel x64
19:07:53.0575 6788 Number of processors: 2
19:07:53.0575 6788 Page size: 0x1000
19:07:53.0575 6788 Boot type: Normal boot
19:07:53.0575 6788 ============================================================
19:07:54.0340 6788 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:07:54.0355 6788 ============================================================
19:07:54.0355 6788 \Device\Harddisk0\DR0:
19:07:54.0355 6788 MBR partitions:
19:07:54.0355 6788 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x2710000
19:07:54.0355 6788 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2742800, BlocksNum 0x37C43030
19:07:54.0355 6788 ============================================================
19:07:54.0387 6788 C: <-> \Device\Harddisk0\DR0\Partition2
19:07:54.0387 6788 ============================================================
19:07:54.0387 6788 Initialize success
19:07:54.0387 6788 ============================================================
19:08:59.0969 6320 Deinitialize success


2. Logfile:

19:09:19.0509 7604 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:09:19.0680 7604 ============================================================
19:09:19.0680 7604 Current date / time: 2013/06/10 19:09:19.0680
19:09:19.0680 7604 SystemInfo:
19:09:19.0680 7604
19:09:19.0680 7604 OS Version: 6.1.7601 ServicePack: 1.0
19:09:19.0680 7604 Product type: Workstation
19:09:19.0680 7604 ComputerName: NOTEBOOK-N5050
19:09:19.0680 7604 UserName: smenz
19:09:19.0680 7604 Windows directory: C:\windows
19:09:19.0680 7604 System windows directory: C:\windows
19:09:19.0680 7604 Running under WOW64
19:09:19.0680 7604 Processor architecture: Intel x64
19:09:19.0680 7604 Number of processors: 2
19:09:19.0680 7604 Page size: 0x1000
19:09:19.0680 7604 Boot type: Normal boot
19:09:19.0680 7604 ============================================================
19:09:20.0180 7604 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:09:20.0195 7604 ============================================================
19:09:20.0195 7604 \Device\Harddisk0\DR0:
19:09:20.0195 7604 MBR partitions:
19:09:20.0195 7604 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x2710000
19:09:20.0195 7604 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2742800, BlocksNum 0x37C43030
19:09:20.0195 7604 ============================================================
19:09:20.0211 7604 C: <-> \Device\Harddisk0\DR0\Partition2
19:09:20.0211 7604 ============================================================
19:09:20.0211 7604 Initialize success
19:09:20.0211 7604 ============================================================
19:11:51.0063 6480 ============================================================
19:11:51.0063 6480 Scan started
19:11:51.0063 6480 Mode: Manual; SigCheck; TDLFS;
19:11:51.0063 6480 ============================================================
19:11:51.0734 6480 ================ Scan system memory ========================
19:11:51.0734 6480 System memory - ok
19:11:51.0734 6480 ================ Scan services =============================
19:11:52.0233 6480 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
19:11:52.0420 6480 1394ohci - ok
19:11:52.0451 6480 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
19:11:52.0483 6480 ACPI - ok
19:11:52.0514 6480 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
19:11:52.0607 6480 AcpiPmi - ok
19:11:52.0810 6480 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:11:52.0826 6480 AdobeARMservice - ok
19:11:53.0278 6480 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:11:53.0309 6480 AdobeFlashPlayerUpdateSvc - ok
19:11:53.0372 6480 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
19:11:53.0419 6480 adp94xx - ok
19:11:53.0481 6480 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
19:11:53.0512 6480 adpahci - ok
19:11:53.0543 6480 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
19:11:53.0590 6480 adpu320 - ok
19:11:53.0637 6480 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
19:11:53.0777 6480 AeLookupSvc - ok
19:11:53.0887 6480 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
19:11:53.0949 6480 AESTFilters - ok
19:11:54.0152 6480 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
19:11:54.0199 6480 AFD - ok
19:11:54.0214 6480 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
19:11:54.0261 6480 agp440 - ok
19:11:54.0261 6480 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
19:11:54.0323 6480 ALG - ok
19:11:54.0323 6480 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
19:11:54.0339 6480 aliide - ok
19:11:54.0339 6480 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
19:11:54.0355 6480 amdide - ok
19:11:54.0355 6480 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
19:11:54.0370 6480 AmdK8 - ok
19:11:54.0386 6480 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
19:11:54.0401 6480 AmdPPM - ok
19:11:54.0401 6480 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
19:11:54.0417 6480 amdsata - ok
19:11:54.0433 6480 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
19:11:54.0448 6480 amdsbs - ok
19:11:54.0448 6480 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
19:11:54.0464 6480 amdxata - ok
19:11:54.0495 6480 [ 6690E42CED5D067233ABAD42DA141213 ] ApfiltrService C:\windows\system32\DRIVERS\Apfiltr.sys
19:11:54.0589 6480 ApfiltrService - ok
19:11:54.0604 6480 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
19:11:54.0791 6480 AppID - ok
19:11:54.0823 6480 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
19:11:54.0901 6480 AppIDSvc - ok
19:11:54.0947 6480 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\windows\System32\appinfo.dll
19:11:54.0994 6480 Appinfo - ok
19:11:55.0025 6480 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
19:11:55.0041 6480 arc - ok
19:11:55.0057 6480 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
19:11:55.0057 6480 arcsas - ok
19:11:55.0400 6480 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:11:55.0431 6480 aspnet_state - ok
19:11:55.0447 6480 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
19:11:55.0509 6480 AsyncMac - ok
19:11:55.0525 6480 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
19:11:55.0540 6480 atapi - ok
19:11:55.0571 6480 [ CBE61B4494165F458BD87E37181EE934 ] AthBTPort C:\windows\system32\DRIVERS\btath_flt.sys
19:11:55.0634 6480 AthBTPort - ok
19:11:55.0681 6480 [ 4119870B90E1B5E7797D6433D21F9216 ] ATHDFU C:\windows\system32\Drivers\AthDfu.sys
19:11:55.0805 6480 ATHDFU - ok
19:11:55.0915 6480 [ 650F111D5CDA64C10AE4B9D1BA9D4FFF ] Atheros Bt&Wlan Coex Agent C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
19:11:55.0930 6480 Atheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - warning
19:11:55.0930 6480 Atheros Bt&Wlan Coex Agent - detected UnsignedFile.Multi.Generic (1)
19:11:55.0977 6480 [ 44FB485B94A8332D877F659366CEDBC8 ] AtherosSvc C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
19:11:55.0993 6480 AtherosSvc ( UnsignedFile.Multi.Generic ) - warning
19:11:55.0993 6480 AtherosSvc - detected UnsignedFile.Multi.Generic (1)
19:11:56.0086 6480 [ 80D6820DDB5427363A9D3F2137441C83 ] athr C:\windows\system32\DRIVERS\athrx.sys
19:11:56.0195 6480 athr - ok
19:11:56.0414 6480 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
19:11:56.0476 6480 AudioEndpointBuilder - ok
19:11:56.0492 6480 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
19:11:56.0539 6480 AudioSrv - ok
19:11:56.0570 6480 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
19:11:56.0648 6480 AxInstSV - ok
19:11:56.0710 6480 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
19:11:56.0757 6480 b06bdrv - ok
19:11:56.0773 6480 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
19:11:56.0835 6480 b57nd60a - ok
19:11:56.0866 6480 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
19:11:56.0897 6480 BDESVC - ok
19:11:56.0897 6480 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
19:11:56.0944 6480 Beep - ok
19:11:56.0991 6480 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
19:11:57.0038 6480 BFE - ok
19:11:57.0069 6480 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
19:11:57.0178 6480 BITS - ok
19:11:57.0209 6480 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
19:11:57.0241 6480 blbdrive - ok
19:11:57.0272 6480 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
19:11:57.0319 6480 bowser - ok
19:11:57.0350 6480 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
19:11:57.0397 6480 BrFiltLo - ok
19:11:57.0412 6480 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
19:11:57.0428 6480 BrFiltUp - ok
19:11:57.0506 6480 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
19:11:57.0553 6480 Browser - ok
19:11:57.0553 6480 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
19:11:57.0599 6480 Brserid - ok
19:11:57.0599 6480 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
19:11:57.0631 6480 BrSerWdm - ok
19:11:57.0631 6480 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
19:11:57.0662 6480 BrUsbMdm - ok
19:11:57.0662 6480 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
19:11:57.0693 6480 BrUsbSer - ok
19:11:57.0755 6480 [ FE70889A85C57A9268101B2DB0474509 ] BTATH_A2DP C:\windows\system32\drivers\btath_a2dp.sys
19:11:57.0818 6480 BTATH_A2DP - ok
19:11:57.0849 6480 [ A9DF22429E8D69ED849B0BBBE16BD327 ] BTATH_BUS C:\windows\system32\DRIVERS\btath_bus.sys
19:11:57.0880 6480 BTATH_BUS - ok
19:11:57.0896 6480 [ C864FF85EE16D61C2BDD5EF76824625F ] BTATH_HCRP C:\windows\system32\DRIVERS\btath_hcrp.sys
19:11:57.0911 6480 BTATH_HCRP - ok
19:11:57.0958 6480 [ 0DEA505EFB5D771826D177EF8B8A208F ] BTATH_LWFLT C:\windows\system32\DRIVERS\btath_lwflt.sys
19:11:58.0005 6480 BTATH_LWFLT - ok
19:11:58.0036 6480 [ 724C8088C96EFE7A3E63FEC21D4681C0 ] BTATH_RCP C:\windows\system32\DRIVERS\btath_rcp.sys
19:11:58.0099 6480 BTATH_RCP - ok
19:11:58.0145 6480 [ FF59EE1DDAC776246F43BF434194650F ] BtFilter C:\windows\system32\DRIVERS\btfilter.sys
19:11:58.0208 6480 BtFilter - ok
19:11:58.0255 6480 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\DRIVERS\BthEnum.sys
19:11:58.0301 6480 BthEnum - ok
19:11:58.0348 6480 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
19:11:58.0395 6480 BTHMODEM - ok
19:11:58.0395 6480 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
19:11:58.0426 6480 BthPan - ok
19:11:58.0457 6480 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\system32\Drivers\BTHport.sys
19:11:58.0598 6480 BTHPORT - ok
19:11:58.0645 6480 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
19:11:58.0676 6480 bthserv - ok
19:11:58.0754 6480 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\system32\Drivers\BTHUSB.sys
19:11:58.0785 6480 BTHUSB - ok
19:11:58.0801 6480 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
19:11:58.0832 6480 cdfs - ok
19:11:58.0847 6480 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
19:11:58.0925 6480 cdrom - ok
19:11:58.0957 6480 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
19:11:59.0019 6480 CertPropSvc - ok
19:11:59.0050 6480 [ D2B3252AD4EB499C935A56467997AA3C ] cfwids C:\windows\system32\drivers\cfwids.sys
19:11:59.0081 6480 cfwids - ok
19:11:59.0113 6480 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
19:11:59.0144 6480 circlass - ok
19:11:59.0159 6480 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
19:11:59.0175 6480 CLFS - ok
19:11:59.0315 6480 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:11:59.0347 6480 clr_optimization_v2.0.50727_32 - ok
19:11:59.0409 6480 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:11:59.0440 6480 clr_optimization_v2.0.50727_64 - ok
19:11:59.0627 6480 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:11:59.0674 6480 clr_optimization_v4.0.30319_32 - ok
19:11:59.0705 6480 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:11:59.0737 6480 clr_optimization_v4.0.30319_64 - ok
19:11:59.0893 6480 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
19:11:59.0939 6480 CmBatt - ok
19:11:59.0955 6480 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
19:11:59.0955 6480 cmdide - ok
19:11:59.0986 6480 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\windows\system32\Drivers\cng.sys
19:12:00.0033 6480 CNG - ok
19:12:00.0049 6480 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
19:12:00.0064 6480 Compbatt - ok
19:12:00.0064 6480 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
19:12:00.0095 6480 CompositeBus - ok
19:12:00.0111 6480 COMSysApp - ok
19:12:00.0111 6480 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
19:12:00.0127 6480 crcdisk - ok
19:12:00.0158 6480 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
19:12:00.0189 6480 CryptSvc - ok
19:12:00.0236 6480 [ DF214BFF646880D0EB31BDC86136B29B ] CtClsFlt C:\windows\system32\DRIVERS\CtClsFlt.sys
19:12:00.0298 6480 CtClsFlt - ok
19:12:00.0329 6480 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
19:12:00.0407 6480 DcomLaunch - ok
19:12:00.0423 6480 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
19:12:00.0517 6480 defragsvc - ok
19:12:00.0517 6480 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
19:12:00.0563 6480 DfsC - ok
19:12:00.0579 6480 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
19:12:00.0657 6480 Dhcp - ok
19:12:00.0657 6480 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
19:12:00.0751 6480 discache - ok
19:12:00.0766 6480 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
19:12:00.0782 6480 Disk - ok
19:12:00.0813 6480 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
19:12:00.0860 6480 Dnscache - ok
19:12:00.0875 6480 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
19:12:00.0922 6480 dot3svc - ok
19:12:01.0094 6480 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
19:12:01.0172 6480 DPS - ok
19:12:01.0203 6480 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
19:12:01.0250 6480 drmkaud - ok
19:12:01.0297 6480 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
19:12:01.0343 6480 DXGKrnl - ok
19:12:01.0375 6480 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
19:12:01.0437 6480 EapHost - ok
19:12:01.0515 6480 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
19:12:01.0640 6480 ebdrv - ok
19:12:01.0655 6480 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
19:12:01.0702 6480 EFS - ok
19:12:01.0780 6480 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
19:12:01.0858 6480 ehRecvr - ok
19:12:01.0858 6480 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
19:12:01.0889 6480 ehSched - ok
19:12:01.0936 6480 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
19:12:01.0999 6480 elxstor - ok
19:12:01.0999 6480 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
19:12:02.0061 6480 ErrDev - ok
19:12:02.0217 6480 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
19:12:02.0311 6480 EventSystem - ok
19:12:02.0326 6480 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
19:12:02.0357 6480 exfat - ok
19:12:02.0373 6480 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
19:12:02.0420 6480 fastfat - ok
19:12:02.0467 6480 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
19:12:02.0498 6480 Fax - ok
19:12:02.0513 6480 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
19:12:02.0529 6480 fdc - ok
19:12:02.0545 6480 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
19:12:02.0607 6480 fdPHost - ok
19:12:02.0623 6480 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
19:12:02.0654 6480 FDResPub - ok
19:12:02.0685 6480 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
19:12:02.0685 6480 FileInfo - ok
19:12:02.0701 6480 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
19:12:02.0732 6480 Filetrace - ok
19:12:02.0732 6480 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
19:12:02.0747 6480 flpydisk - ok
19:12:02.0763 6480 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
19:12:02.0779 6480 FltMgr - ok
19:12:02.0825 6480 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\windows\system32\FntCache.dll
19:12:02.0888 6480 FontCache - ok
19:12:02.0919 6480 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:12:02.0935 6480 FontCache3.0.0.0 - ok
19:12:02.0966 6480 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
19:12:02.0966 6480 FsDepends - ok
19:12:02.0981 6480 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
19:12:02.0981 6480 Fs_Rec - ok
19:12:03.0013 6480 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
19:12:03.0028 6480 fvevol - ok
19:12:03.0044 6480 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
19:12:03.0059 6480 gagp30kx - ok
19:12:03.0122 6480 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
19:12:03.0169 6480 GamesAppService - ok
19:12:03.0340 6480 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
19:12:03.0387 6480 gpsvc - ok
19:12:03.0481 6480 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:12:03.0512 6480 gupdate - ok
19:12:03.0512 6480 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:12:03.0527 6480 gupdatem - ok
19:12:03.0574 6480 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:12:03.0590 6480 gusvc - ok
19:12:03.0621 6480 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
19:12:03.0652 6480 hcw85cir - ok
19:12:03.0683 6480 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
19:12:03.0730 6480 HdAudAddService - ok
19:12:03.0730 6480 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
19:12:03.0793 6480 HDAudBus - ok
19:12:03.0808 6480 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
19:12:03.0824 6480 HidBatt - ok
19:12:03.0824 6480 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
19:12:03.0855 6480 HidBth - ok
19:12:03.0871 6480 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
19:12:03.0886 6480 HidIr - ok
19:12:03.0902 6480 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
19:12:03.0980 6480 hidserv - ok
19:12:03.0995 6480 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys
19:12:04.0042 6480 HidUsb - ok
19:12:04.0105 6480 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\windows\system32\drivers\HipShieldK.sys
19:12:04.0105 6480 HipShieldK - ok
19:12:04.0136 6480 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
19:12:04.0198 6480 hkmsvc - ok
19:12:04.0214 6480 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:12:04.0245 6480 HomeGroupListener - ok
19:12:04.0276 6480 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:12:04.0401 6480 HomeGroupProvider - ok
19:12:04.0479 6480 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
19:12:04.0526 6480 HpSAMD - ok
19:12:04.0541 6480 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
19:12:04.0588 6480 HTTP - ok
19:12:04.0604 6480 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
19:12:04.0604 6480 hwpolicy - ok
19:12:04.0635 6480 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
19:12:04.0651 6480 i8042prt - ok
19:12:04.0682 6480 [ D469B77687E12FE43E344806740B624D ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
19:12:04.0697 6480 iaStor - ok
19:12:04.0791 6480 [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:12:04.0807 6480 IAStorDataMgrSvc - ok
19:12:04.0838 6480 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
19:12:04.0869 6480 iaStorV - ok
19:12:04.0931 6480 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:12:04.0994 6480 idsvc - ok
19:12:05.0275 6480 [ 795C99DC4F574C97C03D0BB39CF099EE ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
19:12:05.0602 6480 igfx - ok
19:12:05.0649 6480 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
19:12:05.0680 6480 iirsp - ok
19:12:05.0711 6480 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
19:12:05.0836 6480 IKEEXT - ok
19:12:05.0914 6480 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
19:12:05.0977 6480 IntcDAud - ok
19:12:05.0992 6480 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
19:12:06.0008 6480 intelide - ok
19:12:06.0023 6480 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
19:12:06.0055 6480 intelppm - ok
19:12:06.0070 6480 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
19:12:06.0117 6480 IPBusEnum - ok
19:12:06.0117 6480 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
19:12:06.0195 6480 IpFilterDriver - ok
19:12:06.0226 6480 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
19:12:06.0273 6480 iphlpsvc - ok
19:12:06.0289 6480 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
19:12:06.0320 6480 IPMIDRV - ok
19:12:06.0335 6480 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
19:12:06.0382 6480 IPNAT - ok
19:12:06.0398 6480 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
19:12:06.0429 6480 IRENUM - ok
19:12:06.0429 6480 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
19:12:06.0445 6480 isapnp - ok
19:12:06.0460 6480 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
19:12:06.0476 6480 iScsiPrt - ok
19:12:06.0491 6480 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
19:12:06.0491 6480 kbdclass - ok
19:12:06.0507 6480 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
19:12:06.0523 6480 kbdhid - ok
19:12:06.0538 6480 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
19:12:06.0538 6480 KeyIso - ok
19:12:06.0569 6480 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
19:12:06.0585 6480 KSecDD - ok
19:12:06.0679 6480 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
19:12:06.0725 6480 KSecPkg - ok
19:12:06.0913 6480 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
19:12:06.0991 6480 ksthunk - ok
19:12:07.0022 6480 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
19:12:07.0115 6480 KtmRm - ok
19:12:07.0147 6480 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
19:12:07.0193 6480 LanmanServer - ok
19:12:07.0209 6480 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:12:07.0271 6480 LanmanWorkstation - ok
19:12:07.0287 6480 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
19:12:07.0349 6480 lltdio - ok
19:12:07.0365 6480 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
19:12:07.0412 6480 lltdsvc - ok
19:12:07.0427 6480 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
19:12:07.0474 6480 lmhosts - ok
19:12:07.0537 6480 [ 98B16E756243BEA9410E32025B19C06F ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:12:07.0583 6480 LMS - ok
19:12:07.0599 6480 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
19:12:07.0630 6480 LSI_FC - ok
19:12:07.0646 6480 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
19:12:07.0661 6480 LSI_SAS - ok
19:12:07.0661 6480 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
19:12:07.0677 6480 LSI_SAS2 - ok
19:12:07.0677 6480 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
19:12:07.0693 6480 LSI_SCSI - ok
19:12:07.0708 6480 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
19:12:07.0739 6480 luafv - ok
19:12:07.0942 6480 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
19:12:07.0973 6480 MBAMProtector - ok
19:12:08.0036 6480 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:12:08.0051 6480 MBAMScheduler - ok
19:12:08.0083 6480 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:12:08.0098 6480 MBAMService - ok
19:12:08.0239 6480 [ 9504F1DDA1B67FB8D526FD4F8CC882F3 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe
19:12:08.0270 6480 McAWFwk - ok
19:12:08.0363 6480 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:12:08.0410 6480 McMPFSvc - ok
19:12:08.0410 6480 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
19:12:08.0426 6480 mcmscsvc - ok
19:12:08.0457 6480 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
19:12:08.0488 6480 McNaiAnn - ok
19:12:08.0519 6480 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
19:12:08.0535 6480 McNASvc - ok
19:12:08.0660 6480 [ 1814532DB0404C5FB65AA3EB051B2BE5 ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe
19:12:08.0691 6480 McODS - ok
19:12:08.0691 6480 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
19:12:08.0707 6480 McOobeSv - ok
19:12:08.0722 6480 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
19:12:08.0722 6480 McProxy - ok
19:12:08.0816 6480 [ 21F81090A00932C5E96700EDF2977582 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
19:12:08.0847 6480 McShield - ok
19:12:08.0878 6480 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
19:12:08.0925 6480 Mcx2Svc - ok
19:12:09.0159 6480 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
19:12:09.0190 6480 megasas - ok
19:12:09.0237 6480 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
19:12:09.0284 6480 MegaSR - ok
19:12:09.0299 6480 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
19:12:09.0315 6480 MEIx64 - ok
19:12:09.0331 6480 [ B1720E97FABBDF7D30B36DAF19C3DEE8 ] mfeapfk C:\windows\system32\drivers\mfeapfk.sys
19:12:09.0346 6480 mfeapfk - ok
19:12:09.0377 6480 [ 113F1534B80D65DFDCA660F19967A3B7 ] mfeavfk C:\windows\system32\drivers\mfeavfk.sys
19:12:09.0393 6480 mfeavfk - ok
19:12:09.0424 6480 mfeavfk01 - ok
19:12:09.0455 6480 [ C4F521310E40327BBC8E8E71DA344F48 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
19:12:09.0502 6480 mfefire - ok
19:12:09.0533 6480 [ CECC9841D036EE008091825272D91331 ] mfefirek C:\windows\system32\drivers\mfefirek.sys
19:12:09.0549 6480 mfefirek - ok
19:12:09.0596 6480 [ EF0F85EDBDF6C0AB467E88E0CEE2B346 ] mfehidk C:\windows\system32\drivers\mfehidk.sys
19:12:09.0643 6480 mfehidk - ok
19:12:09.0658 6480 [ 6E3A46BF6CBB80450CC24F80FE03ED5A ] mferkdet C:\windows\system32\drivers\mferkdet.sys
19:12:09.0674 6480 mferkdet - ok
19:12:09.0721 6480 [ 341BFCAA3A55C08E8C9ECB1654ACA905 ] mfevtp C:\Windows\system32\mfevtps.exe
19:12:09.0752 6480 mfevtp - ok
19:12:09.0799 6480 [ 2802D09F1B6ED502237539563F3C4992 ] mfewfpk C:\windows\system32\drivers\mfewfpk.sys
19:12:09.0830 6480 mfewfpk - ok
19:12:09.0955 6480 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
19:12:10.0017 6480 MMCSS - ok
19:12:10.0033 6480 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
19:12:10.0079 6480 Modem - ok
19:12:10.0157 6480 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
19:12:10.0251 6480 monitor - ok
19:12:10.0267 6480 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
19:12:10.0267 6480 mouclass - ok
19:12:10.0282 6480 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\drivers\mouhid.sys
19:12:10.0329 6480 mouhid - ok
19:12:10.0329 6480 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
19:12:10.0345 6480 mountmgr - ok
19:12:10.0345 6480 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
19:12:10.0360 6480 mpio - ok
19:12:10.0360 6480 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
19:12:10.0407 6480 mpsdrv - ok
19:12:10.0438 6480 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
19:12:10.0485 6480 MpsSvc - ok
19:12:10.0501 6480 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
19:12:10.0516 6480 MRxDAV - ok
19:12:10.0563 6480 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
19:12:10.0641 6480 mrxsmb - ok
19:12:10.0657 6480 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
19:12:10.0672 6480 mrxsmb10 - ok
19:12:10.0688 6480 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
19:12:10.0703 6480 mrxsmb20 - ok
19:12:10.0703 6480 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
19:12:10.0719 6480 msahci - ok
19:12:10.0719 6480 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
19:12:10.0735 6480 msdsm - ok
19:12:10.0750 6480 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
19:12:10.0781 6480 MSDTC - ok
19:12:10.0797 6480 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
19:12:10.0844 6480 Msfs - ok
19:12:10.0844 6480 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
19:12:10.0891 6480 mshidkmdf - ok
19:12:10.0906 6480 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
19:12:10.0906 6480 msisadrv - ok
19:12:10.0922 6480 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
19:12:10.0969 6480 MSiSCSI - ok
19:12:10.0984 6480 msiserver - ok
19:12:11.0000 6480 [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:12:11.0015 6480 MSK80Service - ok
19:12:11.0047 6480 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
19:12:11.0109 6480 MSKSSRV - ok
19:12:11.0125 6480 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
19:12:11.0187 6480 MSPCLOCK - ok
19:12:11.0187 6480 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
19:12:11.0218 6480 MSPQM - ok
19:12:11.0234 6480 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
19:12:11.0249 6480 MsRPC - ok
19:12:11.0265 6480 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
19:12:11.0265 6480 mssmbios - ok
19:12:11.0312 6480 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
19:12:11.0405 6480 MSTEE - ok
19:12:11.0421 6480 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
19:12:11.0483 6480 MTConfig - ok
19:12:11.0515 6480 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
19:12:11.0530 6480 Mup - ok
19:12:11.0577 6480 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
19:12:11.0639 6480 napagent - ok
19:12:11.0686 6480 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
19:12:11.0717 6480 NativeWifiP - ok
19:12:11.0811 6480 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
19:12:11.0842 6480 NAUpdate - ok
19:12:11.0905 6480 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
19:12:11.0983 6480 NDIS - ok
19:12:12.0014 6480 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
19:12:12.0061 6480 NdisCap - ok
19:12:12.0061 6480 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
19:12:12.0107 6480 NdisTapi - ok
19:12:12.0107 6480 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
19:12:12.0139 6480 Ndisuio - ok
19:12:12.0139 6480 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
19:12:12.0185 6480 NdisWan - ok
19:12:12.0185 6480 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
19:12:12.0279 6480 NDProxy - ok
19:12:12.0279 6480 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
19:12:12.0326 6480 NetBIOS - ok
19:12:12.0341 6480 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
19:12:12.0373 6480 NetBT - ok
19:12:12.0435 6480 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
19:12:12.0451 6480 Netlogon - ok
19:12:12.0529 6480 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
19:12:12.0607 6480 Netman - ok
19:12:12.0622 6480 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:12:12.0638 6480 NetMsmqActivator - ok
19:12:12.0653 6480 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:12:12.0669 6480 NetPipeActivator - ok
19:12:12.0685 6480 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
19:12:12.0778 6480 netprofm - ok
19:12:12.0778 6480 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:12:12.0778 6480 NetTcpActivator - ok
19:12:12.0794 6480 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:12:12.0809 6480 NetTcpPortSharing - ok
19:12:12.0825 6480 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
19:12:12.0841 6480 nfrd960 - ok
19:12:12.0872 6480 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
19:12:12.0887 6480 NlaSvc - ok
19:12:12.0934 6480 [ 4903177FC90E77ABEB19021451E9475E ] nmwcd C:\windows\system32\drivers\ccdcmbx64.sys
19:12:13.0012 6480 nmwcd - ok
19:12:13.0028 6480 [ E6844A4C97E5409BBE24BB4ED000320D ] nmwcdc C:\windows\system32\drivers\ccdcmbox64.sys
19:12:13.0059 6480 nmwcdc - ok
19:12:13.0199 6480 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
19:12:13.0309 6480 NOBU - ok
19:12:13.0324 6480 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
19:12:13.0355 6480 Npfs - ok
19:12:13.0387 6480 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
19:12:13.0449 6480 nsi - ok
19:12:13.0465 6480 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
19:12:13.0511 6480 nsiproxy - ok
19:12:13.0667 6480 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
19:12:13.0730 6480 Ntfs - ok
19:12:13.0730 6480 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
19:12:13.0777 6480 Null - ok
19:12:13.0777 6480 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
19:12:13.0792 6480 nvraid - ok
19:12:13.0808 6480 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
19:12:13.0823 6480 nvstor - ok
19:12:13.0823 6480 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
19:12:13.0839 6480 nv_agp - ok
19:12:13.0855 6480 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
19:12:13.0901 6480 ohci1394 - ok
19:12:13.0948 6480 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:12:13.0979 6480 ose - ok
19:12:14.0151 6480 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:12:14.0291 6480 osppsvc - ok
19:12:14.0323 6480 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
19:12:14.0369 6480 p2pimsvc - ok
19:12:14.0401 6480 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
19:12:14.0416 6480 p2psvc - ok
19:12:14.0432 6480 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
19:12:14.0447 6480 Parport - ok
19:12:14.0463 6480 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
19:12:14.0479 6480 partmgr - ok
19:12:14.0479 6480 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
19:12:14.0525 6480 PcaSvc - ok
19:12:14.0557 6480 [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd C:\windows\system32\DRIVERS\pccsmcfdx64.sys
19:12:14.0603 6480 pccsmcfd - ok
19:12:14.0666 6480 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
19:12:14.0681 6480 pci - ok
19:12:14.0697 6480 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
19:12:14.0713 6480 pciide - ok
19:12:14.0728 6480 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
19:12:14.0744 6480 pcmcia - ok
19:12:14.0744 6480 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
19:12:14.0759 6480 pcw - ok
19:12:14.0775 6480 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
19:12:14.0822 6480 PEAUTH - ok
19:12:15.0040 6480 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
19:12:15.0087 6480 PerfHost - ok
19:12:15.0181 6480 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
19:12:15.0274 6480 pla - ok
19:12:15.0305 6480 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
19:12:15.0368 6480 PlugPlay - ok
19:12:15.0383 6480 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
19:12:15.0430 6480 PNRPAutoReg - ok
19:12:15.0430 6480 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
19:12:15.0446 6480 PNRPsvc - ok
19:12:15.0477 6480 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
19:12:15.0555 6480 PolicyAgent - ok
19:12:15.0586 6480 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\windows\system32\umpo.dll
19:12:15.0633 6480 Power - ok
19:12:15.0664 6480 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
19:12:15.0727 6480 PptpMiniport - ok
19:12:15.0742 6480 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
19:12:15.0773 6480 Processor - ok
19:12:15.0820 6480 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
19:12:15.0945 6480 ProfSvc - ok
19:12:15.0976 6480 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
19:12:16.0007 6480 ProtectedStorage - ok
19:12:16.0023 6480 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
19:12:16.0117 6480 Psched - ok
19:12:16.0163 6480 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
19:12:16.0195 6480 PxHlpa64 - ok
19:12:16.0257 6480 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
19:12:16.0335 6480 ql2300 - ok
19:12:16.0351 6480 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
19:12:16.0366 6480 ql40xx - ok
19:12:16.0382 6480 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
19:12:16.0397 6480 QWAVE - ok
19:12:16.0397 6480 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
19:12:16.0444 6480 QWAVEdrv - ok
19:12:16.0444 6480 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
19:12:16.0475 6480 RasAcd - ok
19:12:16.0522 6480 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
19:12:16.0569 6480 RasAgileVpn - ok
19:12:16.0585 6480 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
19:12:16.0631 6480 RasAuto - ok
19:12:16.0647 6480 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
19:12:16.0678 6480 Rasl2tp - ok
19:12:16.0694 6480 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
19:12:16.0741 6480 RasMan - ok
19:12:16.0741 6480 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
19:12:16.0787 6480 RasPppoe - ok
19:12:16.0787 6480 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
19:12:16.0834 6480 RasSstp - ok
19:12:16.0850 6480 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
19:12:16.0897 6480 rdbss - ok
19:12:16.0897 6480 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
19:12:16.0928 6480 rdpbus - ok
19:12:16.0928 6480 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
19:12:16.0959 6480 RDPCDD - ok
19:12:16.0975 6480 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
19:12:17.0068 6480 RDPENCDD - ok
19:12:17.0068 6480 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
19:12:17.0099 6480 RDPREFMP - ok
19:12:17.0162 6480 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
19:12:17.0224 6480 RdpVideoMiniport - ok
19:12:17.0271 6480 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
19:12:17.0318 6480 RDPWD - ok
19:12:17.0333 6480 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
19:12:17.0349 6480 rdyboost - ok
19:12:17.0365 6480 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
19:12:17.0411 6480 RemoteAccess - ok
19:12:17.0427 6480 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
19:12:17.0474 6480 RemoteRegistry - ok
19:12:17.0489 6480 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
19:12:17.0536 6480 RFCOMM - ok
19:12:17.0692 6480 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
19:12:17.0755 6480 RoxMediaDB12OEM - ok
19:12:17.0770 6480 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
19:12:17.0786 6480 RoxWatch12 - ok
19:12:17.0833 6480 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
19:12:17.0879 6480 RpcEptMapper - ok
19:12:17.0911 6480 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
19:12:17.0926 6480 RpcLocator - ok
19:12:17.0957 6480 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
19:12:18.0020 6480 RpcSs - ok
19:12:18.0067 6480 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
19:12:18.0129 6480 rspndr - ok
19:12:18.0316 6480 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
19:12:18.0347 6480 RSUSBSTOR - ok
19:12:18.0441 6480 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
19:12:18.0488 6480 RTL8167 - ok
19:12:18.0503 6480 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
19:12:18.0535 6480 SamSs - ok
19:12:18.0566 6480 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
19:12:18.0566 6480 sbp2port - ok
19:12:18.0597 6480 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
19:12:18.0659 6480 SCardSvr - ok
19:12:18.0659 6480 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
19:12:18.0706 6480 scfilter - ok
19:12:18.0737 6480 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
19:12:18.0800 6480 Schedule - ok
19:12:18.0831 6480 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
19:12:18.0862 6480 SCPolicySvc - ok
19:12:18.0878 6480 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
19:12:18.0893 6480 SDRSVC - ok
19:12:18.0940 6480 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
19:12:18.0971 6480 secdrv - ok
19:12:18.0987 6480 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
19:12:19.0018 6480 seclogon - ok
19:12:19.0034 6480 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
19:12:19.0112 6480 SENS - ok
19:12:19.0159 6480 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
19:12:19.0205 6480 SensrSvc - ok
19:12:19.0268 6480 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
19:12:19.0330 6480 Serenum - ok
19:12:19.0408 6480 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
19:12:19.0455 6480 Serial - ok
19:12:19.0471 6480 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
19:12:19.0502 6480 sermouse - ok
19:12:19.0611 6480 [ 289E853881E688286AD24299FCC485D8 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
19:12:19.0642 6480 ServiceLayer - ok
19:12:19.0673 6480 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
19:12:19.0736 6480 SessionEnv - ok
19:12:19.0751 6480 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
19:12:19.0783 6480 sffdisk - ok
19:12:19.0798 6480 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
19:12:19.0829 6480 sffp_mmc - ok
19:12:19.0845 6480 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
19:12:19.0907 6480 sffp_sd - ok
19:12:19.0907 6480 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
19:12:19.0923 6480 sfloppy - ok
19:12:20.0063 6480 [ 4215C271D6E6898C3F4DABAB4F387DC9 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
19:12:20.0157 6480 SftService - ok
19:12:20.0173 6480 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
19:12:20.0266 6480 SharedAccess - ok
19:12:20.0282 6480 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
19:12:20.0344 6480 ShellHWDetection - ok
19:12:20.0422 6480 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
19:12:20.0453 6480 SiSRaid2 - ok
19:12:20.0500 6480 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
19:12:20.0531 6480 SiSRaid4 - ok
19:12:20.0578 6480 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:12:20.0609 6480 SkypeUpdate - ok
19:12:20.0625 6480 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
19:12:20.0656 6480 Smb - ok
19:12:20.0703 6480 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
19:12:20.0734 6480 SNMPTRAP - ok
19:12:20.0750 6480 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
19:12:20.0765 6480 spldr - ok
19:12:20.0812 6480 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
19:12:20.0859 6480 Spooler - ok
19:12:20.0953 6480 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
19:12:21.0093 6480 sppsvc - ok
19:12:21.0093 6480 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
19:12:21.0140 6480 sppuinotify - ok
19:12:21.0155 6480 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
19:12:21.0218 6480 srv - ok
19:12:21.0233 6480 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
19:12:21.0296 6480 srv2 - ok
19:12:21.0311 6480 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
19:12:21.0327 6480 srvnet - ok
19:12:21.0358 6480 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
19:12:21.0421 6480 SSDPSRV - ok
19:12:21.0421 6480 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
19:12:21.0467 6480 SstpSvc - ok
19:12:21.0686 6480 [ A6B2EC3A2B6AD7C3F7B2F3495CADE4C0 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
19:12:21.0733 6480 STacSV - ok
19:12:21.0748 6480 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
19:12:21.0764 6480 stexstor - ok
19:12:21.0826 6480 [ EBA98394A7D58F7552C52192BD8FA7E6 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys
19:12:21.0873 6480 STHDA - ok
19:12:21.0920 6480 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
19:12:21.0967 6480 stisvc - ok
19:12:22.0013 6480 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
19:12:22.0045 6480 stllssvr - ok
19:12:22.0076 6480 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
19:12:22.0076 6480 swenum - ok
19:12:22.0123 6480 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
19:12:22.0232 6480 swprv - ok
19:12:22.0263 6480 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
19:12:22.0372 6480 SysMain - ok
19:12:22.0372 6480 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
19:12:22.0403 6480 TabletInputService - ok
19:12:22.0419 6480 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
19:12:22.0497 6480 TapiSrv - ok
19:12:22.0513 6480 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
19:12:22.0544 6480 TBS - ok
19:12:22.0793 6480 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\windows\system32\drivers\tcpip.sys
19:12:22.0856 6480 Tcpip - ok
19:12:22.0887 6480 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
19:12:22.0918 6480 TCPIP6 - ok
19:12:22.0949 6480 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
19:12:22.0996 6480 tcpipreg - ok
19:12:23.0012 6480 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
19:12:23.0059 6480 TDPIPE - ok
19:12:23.0059 6480 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
19:12:23.0074 6480 TDTCP - ok
19:12:23.0090 6480 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
19:12:23.0152 6480 tdx - ok
19:12:23.0168 6480 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
19:12:23.0168 6480 TermDD - ok
19:12:23.0230 6480 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
19:12:23.0293 6480 TermService - ok
19:12:23.0293 6480 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
19:12:23.0308 6480 Themes - ok
19:12:23.0355 6480 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
19:12:23.0402 6480 THREADORDER - ok
19:12:23.0433 6480 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
19:12:23.0495 6480 TrkWks - ok
19:12:23.0527 6480 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
19:12:23.0589 6480 TrustedInstaller - ok
19:12:23.0605 6480 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
19:12:23.0651 6480 tssecsrv - ok
19:12:23.0683 6480 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
19:12:23.0745 6480 TsUsbFlt - ok
19:12:23.0776 6480 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
19:12:23.0792 6480 TsUsbGD - ok
19:12:23.0885 6480 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
19:12:23.0932 6480 tunnel - ok
19:12:23.0932 6480 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
19:12:23.0948 6480 uagp35 - ok
19:12:23.0948 6480 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
19:12:24.0010 6480 udfs - ok
19:12:24.0041 6480 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
19:12:24.0057 6480 UI0Detect - ok
19:12:24.0057 6480 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
19:12:24.0073 6480 uliagpkx - ok
19:12:24.0088 6480 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
19:12:24.0104 6480 umbus - ok
19:12:24.0104 6480 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
19:12:24.0135 6480 UmPass - ok
19:12:24.0260 6480 [ 7A78ED1088890114DFDE2C4AB038D6B6 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:12:24.0369 6480 UNS - ok
19:12:24.0400 6480 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
19:12:24.0478 6480 upnphost - ok
19:12:24.0509 6480 [ 907F50B8695DAA65A9445D27AD306E65 ] upperdev C:\windows\system32\DRIVERS\usbser_lowerfltx64.sys
19:12:24.0587 6480 upperdev - ok
19:12:24.0619 6480 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
19:12:24.0681 6480 usbccgp - ok
19:12:24.0681 6480 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
19:12:24.0712 6480 usbcir - ok
19:12:24.0712 6480 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
19:12:24.0743 6480 usbehci - ok
19:12:24.0775 6480 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
19:12:24.0806 6480 usbhub - ok
19:12:24.0806 6480 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
19:12:24.0837 6480 usbohci - ok
19:12:24.0868 6480 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
19:12:24.0946 6480 usbprint - ok
19:12:25.0024 6480 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\windows\system32\drivers\usbser.sys
19:12:25.0071 6480 usbser - ok
19:12:25.0087 6480 [ 3F7498527B48657091C355F683BEB0DD ] UsbserFilt C:\windows\system32\DRIVERS\usbser_lowerfltjx64.sys
19:12:25.0133 6480 UsbserFilt - ok
19:12:25.0149 6480 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
19:12:25.0196 6480 USBSTOR - ok
19:12:25.0211 6480 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
19:12:25.0227 6480 usbuhci - ok
19:12:25.0243 6480 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
19:12:25.0258 6480 usbvideo - ok
19:12:25.0289 6480 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
19:12:25.0367 6480 UxSms - ok
19:12:25.0383 6480 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
19:12:25.0414 6480 VaultSvc - ok
19:12:25.0445 6480 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
19:12:25.0477 6480 vdrvroot - ok
19:12:25.0508 6480 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
19:12:25.0555 6480 vds - ok
19:12:25.0555 6480 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
19:12:25.0570 6480 vga - ok
19:12:25.0570 6480 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
19:12:25.0617 6480 VgaSave - ok
19:12:25.0633 6480 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
19:12:25.0648 6480 vhdmp - ok
19:12:25.0648 6480 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
19:12:25.0664 6480 viaide - ok
19:12:25.0664 6480 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
19:12:25.0679 6480 volmgr - ok
19:12:25.0695 6480 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
19:12:25.0711 6480 volmgrx - ok
19:12:25.0726 6480 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
19:12:25.0742 6480 volsnap - ok
19:12:25.0757 6480 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
19:12:25.0773 6480 vsmraid - ok
19:12:25.0835 6480 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
19:12:25.0913 6480 VSS - ok
19:12:25.0913 6480 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
19:12:25.0929 6480 vwifibus - ok
19:12:25.0960 6480 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
19:12:25.0991 6480 vwififlt - ok
19:12:26.0023 6480 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
19:12:26.0069 6480 W32Time - ok
19:12:26.0132 6480 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
19:12:26.0179 6480 WacomPen - ok
19:12:26.0179 6480 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
19:12:26.0225 6480 WANARP - ok
19:12:26.0241 6480 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
19:12:26.0288 6480 Wanarpv6 - ok
19:12:26.0335 6480 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
19:12:26.0506 6480 wbengine - ok
19:12:26.0522 6480 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
19:12:26.0553 6480 WbioSrvc - ok
19:12:26.0553 6480 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
19:12:26.0600 6480 wcncsvc - ok
19:12:26.0600 6480 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
19:12:26.0647 6480 WcsPlugInService - ok
19:12:26.0678 6480 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
19:12:26.0693 6480 Wd - ok
19:12:26.0756 6480 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
19:12:26.0818 6480 Wdf01000 - ok
19:12:26.0834 6480 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
19:12:26.0927 6480 WdiServiceHost - ok
19:12:26.0927 6480 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
19:12:26.0943 6480 WdiSystemHost - ok
19:12:26.0974 6480 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
19:12:27.0005 6480 WebClient - ok
19:12:27.0021 6480 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
19:12:27.0099 6480 Wecsvc - ok
19:12:27.0161 6480 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
19:12:27.0208 6480 wercplsupport - ok
19:12:27.0302 6480 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
19:12:27.0349 6480 WerSvc - ok
19:12:27.0458 6480 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
19:12:27.0536 6480 WfpLwf - ok
19:12:27.0551 6480 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys
19:12:27.0614 6480 WimFltr - ok
19:12:27.0629 6480 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
19:12:27.0645 6480 WIMMount - ok
19:12:27.0661 6480 WinDefend - ok
19:12:27.0692 6480 WinHttpAutoProxySvc - ok
19:12:27.0817 6480 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
19:12:27.0895 6480 Winmgmt - ok
19:12:27.0973 6480 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
19:12:28.0066 6480 WinRM - ok
19:12:28.0113 6480 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
19:12:28.0175 6480 Wlansvc - ok
19:12:28.0207 6480 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:12:28.0222 6480 wlcrasvc - ok
19:12:28.0628 6480 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:12:28.0737 6480 wlidsvc - ok
19:12:28.0768 6480 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
19:12:28.0799 6480 WmiAcpi - ok
19:12:28.0831 6480 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
19:12:28.0877 6480 wmiApSrv - ok
19:12:28.0893 6480 WMPNetworkSvc - ok
19:12:28.0940 6480 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
19:12:28.0987 6480 WPCSvc - ok
19:12:29.0002 6480 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
19:12:29.0033 6480 WPDBusEnum - ok
19:12:29.0049 6480 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
19:12:29.0096 6480 ws2ifsl - ok
19:12:29.0096 6480 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
19:12:29.0127 6480 wscsvc - ok
19:12:29.0127 6480 WSearch - ok
19:12:29.0221 6480 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
19:12:29.0314 6480 wuauserv - ok
19:12:29.0345 6480 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
19:12:29.0392 6480 WudfPf - ok
19:12:29.0501 6480 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
19:12:29.0611 6480 WUDFRd - ok
19:12:29.0642 6480 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
19:12:29.0689 6480 wudfsvc - ok
19:12:29.0720 6480 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\windows\System32\wwansvc.dll
19:12:29.0782 6480 WwanSvc - ok
19:12:29.0813 6480 ================ Scan global ===============================
19:12:29.0845 6480 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
19:12:29.0876 6480 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
19:12:29.0907 6480 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
19:12:29.0923 6480 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
19:12:29.0954 6480 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
19:12:29.0969 6480 [Global] - ok
19:12:29.0969 6480 ================ Scan MBR ==================================
19:12:30.0001 6480 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:12:30.0391 6480 \Device\Harddisk0\DR0 - ok
19:12:30.0391 6480 ================ Scan VBR ==================================
19:12:30.0391 6480 [ 5194AFC47CB281A614AE40A6CB9D9B25 ] \Device\Harddisk0\DR0\Partition1
19:12:30.0391 6480 \Device\Harddisk0\DR0\Partition1 - ok
19:12:30.0422 6480 [ 98DC1CDFF4AB0E27F5BFEF327D5B9724 ] \Device\Harddisk0\DR0\Partition2
19:12:30.0422 6480 \Device\Harddisk0\DR0\Partition2 - ok
19:12:30.0422 6480 ============================================================
19:12:30.0422 6480 Scan finished
19:12:30.0422 6480 ============================================================
19:12:30.0453 5232 Detected object count: 2
19:12:30.0453 5232 Actual detected object count: 2
19:14:59.0995 5232 Atheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:59.0995 5232 Atheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:59.0995 5232 AtherosSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:59.0995 5232 AtherosSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

Danke!

Freue mich auf weitere Anweisungen!

Gruss
solonia


Alt 10.06.2013, 22:18   #6
markusg
/// Malware-holic
 
Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! - Standard

Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren!



Hi,
immer mit der Ruhe, ist viel zu tun heute.
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren!

Alt 10.06.2013, 22:56   #7
solonia
 
Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! - Standard

Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren!



Hi,

wollte nicht ungeduldig klingen! War auch so nicht gemeint! Ich schätze Eure Hilfe sehr und warte gerne!

So, hatte Firewall, Antispam von und Aktiver Scan von Macfee deaktiviert, Malwarebytes runtergelöscht und dann Combofix laufen lassen! Lief gerade ...

Es gabe keine Probleme beim Starten von Combofix .. Laptop hat sich nicht ausgeschaltet oder so!

Und hier ist der Logfile:
Code:
ATTFilter
ComboFix 13-06-08.02 - smenz 10.06.2013  22:39:08.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4004.2357 [GMT 2:00]
ausgeführt von:: c:\users\smenz\Desktop\Downloads\ComboFix.exe
AV: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee  Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee  Anti-Virus und Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6261\AddOnDownloaded\1e512ef2-01fb-49fb-b09b-71de0eac4612.dll
c:\programdata\PCDr\6261\AddOnDownloaded\27ada864-54d8-46c9-a6e3-8334fa39b525.dll
c:\programdata\PCDr\6261\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll
c:\programdata\PCDr\6261\AddOnDownloaded\b69d9551-76e9-4872-95f8-075916f82d74.dll
c:\users\smenz\GoToAssistDownloadHelper.exe
c:\users\smenz\Uninstall.exe
c:\windows\RPSETUP.EXE.LOG
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-10 bis 2013-06-10  ))))))))))))))))))))))))))))))
.
.
2013-06-10 20:45 . 2013-06-10 20:45	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-10 12:10 . 2013-06-10 12:10	--------	d-----w-	c:\users\smenz\AppData\Roaming\Malwarebytes
2013-06-10 12:09 . 2013-06-10 12:09	--------	d-----w-	c:\programdata\Malwarebytes
2013-06-10 12:09 . 2013-06-10 12:09	--------	d-----w-	c:\users\smenz\AppData\Local\Programs
2013-06-10 09:33 . 2013-06-10 09:33	--------	d-----w-	c:\program files (x86)\Common Files\Atheros
2013-06-02 13:27 . 2013-06-02 13:28	--------	d-----w-	c:\windows\SysWow64\jmdp
2013-06-02 13:27 . 2013-06-02 13:27	--------	d-----w-	c:\windows\SysWow64\ARFC
2013-06-02 13:27 . 2013-06-06 18:15	--------	d-----w-	c:\windows\SysWow64\WNLT
2013-06-02 13:27 . 2013-05-21 13:31	1447728	----a-w-	c:\windows\system32\dmwu.exe
2013-06-02 13:27 . 2013-05-21 13:30	33792	----a-w-	c:\windows\system32\ImHttpComm.dll
2013-05-23 12:09 . 2013-05-23 12:09	--------	d-----w-	c:\programdata\PC-Doctor for Windows
2013-05-23 12:08 . 2013-05-23 12:09	--------	d-----w-	c:\program files\My Dell
2013-05-15 16:35 . 2013-04-10 06:01	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 16:35 . 2013-04-10 06:01	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 16:35 . 2013-03-19 05:53	48640	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-05-15 16:35 . 2013-03-19 05:53	230400	----a-w-	c:\windows\system32\wwansvc.dll
2013-05-15 16:35 . 2011-02-03 11:25	144384	----a-w-	c:\windows\system32\cdd.dll
2013-05-15 16:35 . 2013-04-10 03:30	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-05-15 16:34 . 2013-02-27 05:52	14172672	----a-w-	c:\windows\system32\shell32.dll
2013-05-15 16:34 . 2013-02-27 05:52	197120	----a-w-	c:\windows\system32\shdocvw.dll
2013-05-15 16:34 . 2013-02-27 05:48	1930752	----a-w-	c:\windows\system32\authui.dll
2013-05-15 16:34 . 2013-02-27 06:02	111448	----a-w-	c:\windows\system32\consent.exe
2013-05-15 16:34 . 2013-02-27 05:47	70144	----a-w-	c:\windows\system32\appinfo.dll
2013-05-15 16:34 . 2013-02-27 04:49	1796096	----a-w-	c:\windows\SysWow64\authui.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 17:03 . 2012-10-24 11:56	75016696	----a-w-	c:\windows\system32\MRT.exe
2013-05-15 09:58 . 2012-07-04 14:47	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 09:58 . 2012-07-04 14:47	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-08 09:10 . 2010-06-24 16:33	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-07 10:08 . 2013-05-07 10:08	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-07 10:08 . 2013-05-07 10:08	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-05-07 10:08 . 2013-05-07 10:08	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-05-07 10:08 . 2013-05-07 10:08	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-05-07 10:08 . 2013-05-07 10:08	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-05-07 10:08 . 2013-05-07 10:08	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-05-07 10:08 . 2013-05-07 10:08	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-05-07 10:08 . 2013-05-07 10:08	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-05-07 10:08 . 2013-05-07 10:08	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-05-07 10:08 . 2013-05-07 10:08	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-05-07 10:08 . 2013-05-07 10:08	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-05-07 10:08 . 2013-05-07 10:08	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-05-07 10:08 . 2013-05-07 10:08	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-05-07 10:08 . 2013-05-07 10:08	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-05-07 10:08 . 2013-05-07 10:08	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-05-07 10:08 . 2013-05-07 10:08	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-05-07 10:08 . 2013-05-07 10:08	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-05-07 10:08 . 2013-05-07 10:08	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-07 10:08 . 2013-05-07 10:08	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-05-07 10:08 . 2013-05-07 10:08	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-05-07 10:08 . 2013-05-07 10:08	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-05-07 10:08 . 2013-05-07 10:08	81408	----a-w-	c:\windows\system32\icardie.dll
2013-05-07 10:08 . 2013-05-07 10:08	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-05-07 10:08 . 2013-05-07 10:08	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-05-07 10:08 . 2013-05-07 10:08	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-05-07 10:08 . 2013-05-07 10:08	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-05-07 10:08 . 2013-05-07 10:08	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-05-07 10:08 . 2013-05-07 10:08	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-05-07 10:08 . 2013-05-07 10:08	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-05-07 10:08 . 2013-05-07 10:08	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-05-07 10:08 . 2013-05-07 10:08	441856	----a-w-	c:\windows\system32\html.iec
2013-05-07 10:08 . 2013-05-07 10:08	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-05-07 10:08 . 2013-05-07 10:08	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-05-07 10:08 . 2013-05-07 10:08	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-05-07 10:08 . 2013-05-07 10:08	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-05-07 10:08 . 2013-05-07 10:08	235008	----a-w-	c:\windows\system32\url.dll
2013-05-07 10:08 . 2013-05-07 10:08	216064	----a-w-	c:\windows\system32\msls31.dll
2013-05-07 10:08 . 2013-05-07 10:08	197120	----a-w-	c:\windows\system32\msrating.dll
2013-05-07 10:08 . 2013-05-07 10:08	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-05-07 10:08 . 2013-05-07 10:08	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-05-07 10:08 . 2013-05-07 10:08	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-05-07 10:08 . 2013-05-07 10:08	149504	----a-w-	c:\windows\system32\occache.dll
2013-05-07 10:08 . 2013-05-07 10:08	144896	----a-w-	c:\windows\system32\wextract.exe
2013-05-07 10:08 . 2013-05-07 10:08	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-05-07 10:08 . 2013-05-07 10:08	13824	----a-w-	c:\windows\system32\mshta.exe
2013-05-07 10:08 . 2013-05-07 10:08	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-05-07 10:08 . 2013-05-07 10:08	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-05-07 10:08 . 2013-05-07 10:08	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-05-07 10:08 . 2013-05-07 10:08	102912	----a-w-	c:\windows\system32\inseng.dll
2013-04-13 05:49 . 2013-05-15 16:35	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 16:35	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 16:35	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 16:35	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 16:35	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 16:35	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 10:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-03-19 06:04 . 2013-04-10 12:32	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 12:32	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 12:32	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 12:32	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 12:32	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 12:32	112640	----a-w-	c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 13:03	1310040	----a-r-	c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-10-24 00:36	194928	----a-w-	c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yontoo Desktop"="c:\users\smenz\AppData\Roaming\Yontoo\YontooDesktop.exe" [2013-01-31 42784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-05-10 37960]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2012-05-09 577536]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
.
c:\users\smenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 228448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-06 11:18	1165776	----a-w-	c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-04 09:58]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-19 13:42]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-19 13:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-05-20 627360]
"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-05-20 379552]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.cafeastrology.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Amazon MP3-Downloader - c:\users\smenz\Uninstall.exe
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-10  22:47:26
ComboFix-quarantined-files.txt  2013-06-10 20:47
.
Vor Suchlauf: 9 Verzeichnis(se), 428.269.539.328 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 428.813.332.480 Bytes frei
.
- - End Of File - - D87664577282455FE64C7E03D9A218AB
D41D8CD98F00B204E9800998ECF8427E
         

Also, wahrscheinlich geht es jetzt morgen weiter? Ich bin noch eine Weile wach (1,5-2 Std auf jeden Falle), aber bitte keinen Druck! Ich könnte auch ins Bett gehen und morgen weiter machen, oder?

Ich bin so dankbar für Eure HIlfe hier!

Noch eine Frage: ich habe meistens nur die Logfiles gesendet, bei TDSS Rootkit Modul die Dateien nicht gelöscht. War das alles richtig?

Liebe Grüße
s

Alt 10.06.2013, 23:45   #8
markusg
/// Malware-holic
 
Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! - Standard

Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren!



wieso lief malwarebytes, davon stand noch nichts da. vor allem, wo ist der Bericht?
http://www.trojaner-board.de/125889-...en-posten.html
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.06.2013, 00:07   #9
solonia
 
Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! - Standard

Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren!



Hallo,

also den Bericht von Malwarebyte habe ich am Anfang des Thread gesendet! Siehe ganz oben und das Logfile dazugesendet! Erinnern sich?

Und dann den Fund danach gelöscht, das hatten Sie mir auch aufgetragen! Und Malwarebyte habe ich gelöscht, weil ich mir sicher war, ob es combofix an der Ausführung hindern würde! Ich kann es ja jederzeit wieder neu herunterladen!

Alles okay?

Zur Sicherheit hier noch mal der Logfile vom Anfang dieses Threads:
Logfile:

[CODE][Logfile:

Soll ich das gefundene File löschen, entfernen?

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.10.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
smenz :: NOTEBOOK-N5050 [Administrator]

Schutz: Aktiviert

10.06.2013 14:11:37
MBAM-log-2013-06-10 (15-51-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 351808
Laufzeit: 1 Stunde(n), 12 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)/CODE]


Gruss

solonia

Alt 11.06.2013, 00:18   #10
markusg
/// Malware-holic
 
Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! - Standard

Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren!



a, ich dachte, du hast noch einen erstellt.

:-)

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.06.2013, 01:03   #11
solonia
 
Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! - Standard

Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren!



Hallo zu später STunde!

Ja, da bin ich aber froh, das die Missverständnisse geklärt sind. :-)!

Hier die Liste mit den Installierten Programmen und die gewünschte Einstufung:

Code:
ATTFilter
Adobe AIR	Adobe Systems Incorporated	29.01.2013		3.5.0.1060 NOTWENDIG
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	15.05.2013	6,00 MB	11.7.700.202   NOTWENDIG
Adobe Reader X (10.1.7) MUI	Adobe Systems Incorporated	15.05.2013	480 MB	10.1.7		NOTWENDIG
Advanced Audio FX Engine	Creative Technology Ltd	07.12.2012		1.12.05			UNBEKANNT
Amazon Kindle	Amazon	16.12.2012									NOTWENDIG
Amazon MP3-Downloader 1.0.17	Amazon Services LLC	26.11.2012		1.0.17			NOTWENDIG
CCleaner	Piriform	24.05.2013		4.02						WEiterhin NOTWENDIG?
Dell DataSafe Local Backup	Dell Inc.	04.07.2012		9.4.67				NOTWENDIG
Dell DataSafe Local Backup - Support Software	Dell Inc.	04.07.2012		9.4.67		NOTWENDIG
Dell DataSafe Online	Dell	04.07.2012	6,46 MB	2.1.19634					NOTWENDIG
Dell MusicStage	Fingertapps	04.07.2012	90,4 MB	1.6.225.0					NOTWENDIG
Dell PhotoStage	ArcSoft	04.07.2012	165 MB	1.5.0.130						NOTWENDIG
Dell Stage	Fingertapps	04.07.2012	86,1 MB	1.7.209.0					NOTWENDIG
Dell Stage Remote	ArcSoft	04.07.2012	80,8 MB	2.0.0.43					NOTWENDIG
Dell Touchpad	ALPS ELECTRIC CO., LTD.	04.07.2012		7.1207.101.225				NOTWENDIG
Dell Webcam Central	Creative Technology Ltd	07.12.2012		2.01.17				NOTWENDIG
Dell WLAN and Bluetooth Client Installation	Dell Inc.	10.06.2013		9.0		NOTWENDIG
eBay	eBay Inc.	04.07.2012	604 KB	1.4.0							Unbekannt
FTDownloader	FTDownloader.com	12.12.2012		2.1 Build 26473				UNBEKANNT, NOTWENDIG?						
Google Chrome	Google Inc.	19.10.2012		27.0.1453.110					NOTWENDIG
Google Earth	Google	23.03.2013	173 MB	7.0.3.8542						NOTWENDIG
Google Toolbar for Internet Explorer	Google Inc.	19.01.2013		7.4.3607.2246		NOTWENDIG
IB Updater Service		02.06.2013		3.0.5.4	^					UNBEKANNT	
Intel(R) Control Center	Intel Corporation	11.06.2013		1.2.1.1007			NOTWENDIG
Intel(R) Management Engine Components	Intel Corporation	11.06.2013		7.0.0.1144	NOTWENDIG
Intel(R) Processor Graphics	Intel Corporation	11.06.2013		8.15.10.2342		NOTWENDIG
Intel(R) Rapid Storage Technology	Intel Corporation	11.06.2013		10.1.2.1004	NOTWENDIG
Internet Explorer Toolbar 4.6 by SweetPacks	SweetIM Technologies Ltd.	12.12.2012	4,27 MB	4.6.0004	UNNÖTIG
McAfee SecurityCenter	McAfee, Inc.	29.05.2013		11.6.511						NOTWENDIG
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	08.06.2012	38,8 MB	4.0.30319		NOTWENDIG
Microsoft .NET Framework 4 Extended	Microsoft Corporation	08.06.2012	51,9 MB	4.0.30319			NOTWENDIG
Microsoft Office Home and Student 2010	Microsoft Corporation	20.10.2012		14.0.6029.1000			NOTWENDIG
Microsoft Silverlight	Microsoft Corporation	14.03.2013	50,6 MB	5.1.20125.0					NOTWENDIG
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	04.07.2012	1,69 MB	3.1.0000		NOTWENDIG
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	20.10.2012	300 KB	8.0.61001		NOTWENDIG
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	04.07.2012	234 KB	9.0.30729	NOTWENDIG
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	04.07.2012	240 KB	9.0.30729	NOTWENDIG
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	04.07.2012	596 KB	9.0.30729.4148	NOTWENdIG
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	21.10.2012	600 KB	9.0.30729.6161	NOTWENDIG
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319	Microsoft Corporation	24.10.2012	11,0 MB	10.0.30319	NOTWENDIG
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	21.10.2012	1,27 MB	4.20.9870.0					UNBEKANNT					NOtWENDIG
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	21.10.2012	1,33 MB	4.20.9876.0					UNBEKANNT
My Dell	PC-Doctor, Inc.	23.05.2013	128 MB	3.3.6261.27									NOTWENDIG
Nokia Connectivity Cable Driver	Nokia	23.01.2013	3,96 MB	7.1.101.0							NOTWENDIG
Octoshape add-in for Adobe Flash Player		30.10.2012									NOTWENDIG								NOTWENDIG
PC Connectivity Solution	Nokia	23.01.2013	21,2 MB	12.0.76.0							NotWENDIG
Quickset64	Dell Inc.	04.07.2012	6,82 MB	10.09.25								NOTWENDIG
Realtek Ethernet Controller Driver	Realtek	04.07.2012		7.45.516.2011						NOTWENDIG
Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	04.07.2012		6.1.7600.30126				NOTWENDIG
Shared C Run-time for x64	McAfee	25.10.2012	2,78 MB	10.0.0								NOTWENDIG
Similarity 1.8.1	GAR Software	08.05.2013	4,92 MB	1.8.1626							NOTWENDIG
Skype™ 5.10	Skype Technologies S.A.	20.10.2012	19,4 MB	5.10.116							NOTWENDIG
SweetIM for Messenger 3.7	SweetIM Technologies Ltd.	12.12.2012	5,12 MB	3.7.0007				unnötig
SyncUP	Nero AG	04.07.2012	288 MB	10.2.16500										NOTWENDIG
Update Manager for SweetPacks 1.1	SweetIM Technologies Ltd.	12.12.2012	2,76 MB	1.1.0008			unnötig
VideoStage		11.06.2013												NOTWENDIG
WildTangent-Spiele	WildTangent	04.07.2012		1.0.2.5								Noch nie gespielt!Unbekannt! War aber immer drauf auf Laptop!
Windows Live Essentials	Microsoft Corporation	04.07.2012		15.4.3508.1109						Notwendig
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	04.07.2012	5,57 MB	15.4.5722.2	NOTWENDIG
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)	Nokia	23.01.2013		05/31/2012 7.1.2.0	NOTWENDig
Yontoo 1.10.03	Yontoo LLC	10.10.2012	1,27 MB	1.10.03	   									UNBEKANNT
Zinio Reader 4	Zinio LLC	04.07.2012		4.2.4164   									UNBEKANNT
         
Bei dem Spiel Wild Tangent ... vielleicht will ich es ja irgendwann mal spielen! Also wohl eher notwendig?

Gruss

solonia

Hallo markusg!

Ich habe da noch ein Fragen, was ich jetzt nebenbei machen darf.

Gestern habe ich weiterhin im Internet gesurft, im Kindle gelesen, ein Buch von Amazon runtergeladen, meine Emails über Windows Live abgerufen, ein Microsoftkonto angelegt und angefangen, die PC-Daten wie Bilder, Dokumente auf einer CD gebrannt, zur Sicherung und das eine oder andere Dokumente per Word verfasst.

Das mit der Datensicherung, war das eine blöde Idee? Sollte ich damit bis zum Ende der Reinigung warten und die gebrannte CD entsorgen?

Ach ja, und das Surfen über Internet Explorer 10.0 geht nicht mehr, nur noch über Chrome seit gestern abend!

Genauer gesagt, was darf ich nebenbei im Moment tun, was sollte ich möglichst lassen. Onlinebanking habe ich gestern nicht mehr gemacht!

Okay, danke wie immer!

S.

Alt 11.06.2013, 13:17   #12
markusg
/// Malware-holic
 
Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! - Standard

Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren!



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
eBay
Google Toolbar : bitte verzichte auf Toolbars, sind nur ein Zusatzrisiko, verlangsamen den Browser.
IB Updater
Internet Explorer Toolbar
SweetIM
Update Manager
Yontoo
Zinio
öffne CCleaner, analysieren, starten, pcneustarten.
surfen etc is ok, neu aufsetzen musst du nicht.
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

ie auf Standard zurücksetzen.
Zurücksetzen der Internet Explorer 7-Einstellungen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.06.2013, 14:42   #13
solonia
 
Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! - Standard

Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren!



Hallo markusg,
habe alle erwähnten Programme gelöscht! Adobe Reader und Flash Player gelöscht und neu instaliert!

Fragen, bevor ich AdwCleaner runterlade:

Adobe Air auch deinstall?

Einstellungen bei Adobe Reader:
alle vorgenommen, nur bei Sicherheit (erweitert), erweitere Sicherheit angehakt, jedoch was ist mit alle Dateien auswählen gemeint? Da sind keine! Da gibt es nur das Fenster "Dateien hinzufügen" weiter unten?

So, jetzt lade ich schon mal den Cleaner runter.

Den IE habe ich jetzt schon auf Standard zurückgesetzt und den PC neu gestartet. Ich hoffe, das war nicht zu voreilig, das ich das erst nach dem AdwCleanerlauf hätte tun sollen.

Gruß und bis ... :-)!

Solonia

Alt 11.06.2013, 14:44   #14
markusg
/// Malware-holic
 
Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! - Standard

Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren!



hi
sicherheit (erweitert) ausgewählt ist dateien aus potentiell unsicheren quellen, wähle dort alle.
adobe air kann weg.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.06.2013, 15:00   #15
solonia
 
Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! - Standard

Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren!



Hi nochmal, markusg!

So,
Adobe Air gelöscht, mit alle Dateien war bei Adobe X das Häkchen für alle geschützt offen. Habe ich gemacht. Habe den CCleaner analyzieren lassen,
und dann neustarten, ohne das Kästchen Run Cleaner laufen zu lassen?

Sorry, das ich nochmals nachfrage! Aber sicher ist sicher!

S.

Antwort

Themen zu Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren!
administrator, autostart, booten, dateien, entfernen, explorer, festplatte, geld, homepage, logfile, logfiles, löschen, malwarebytes, neu, problem, programm, programme, security, starten, suche, trojaner, trojaner?, virus, virus?, window 7, ändern



Ähnliche Themen: Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren!


  1. Fenster mit wssetup.exe Perion Ltd. geht nach dem Hochfahren auf und ich soll installieren ?
    Log-Analyse und Auswertung - 29.07.2013 (27)
  2. Problem mit wssetup Perion Network
    Plagegeister aller Art und deren Bekämpfung - 12.07.2013 (24)
  3. wssetup.exe von Perion Network Ltd.
    Log-Analyse und Auswertung - 03.07.2013 (12)
  4. wssetup.exe von Perion Ltd. bei jedem Neustart
    Plagegeister aller Art und deren Bekämpfung - 25.06.2013 (7)
  5. Entfernen von wssetup.exe von Perion
    Plagegeister aller Art und deren Bekämpfung - 25.06.2013 (22)
  6. wssetup.exe von Perion Network Ltd. - OTL Log File bereits erstellt
    Log-Analyse und Auswertung - 21.06.2013 (5)
  7. Wssetup.exe von Perion beim Windows-Start
    Log-Analyse und Auswertung - 17.06.2013 (5)
  8. Perion Network - wssetup.exe
    Plagegeister aller Art und deren Bekämpfung - 15.06.2013 (7)
  9. wssetup.exe Perion Network Ltd.
    Plagegeister aller Art und deren Bekämpfung - 14.06.2013 (7)
  10. wssetup.exe Perion Network Ltd. - Hilfe, ich will das los werden!
    Log-Analyse und Auswertung - 14.06.2013 (3)
  11. wssetup.exe von Perion erscheint nach Computerstart
    Plagegeister aller Art und deren Bekämpfung - 12.06.2013 (9)
  12. Hab ich mir was eingefangen? wssetup.exe Perion Network Ltd.
    Log-Analyse und Auswertung - 11.06.2013 (10)
  13. Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren!
    Log-Analyse und Auswertung - 11.06.2013 (5)
  14. Habe ich einen Virus..? Werde aufgefordert wssetup.exe zu installieren
    Plagegeister aller Art und deren Bekämpfung - 09.06.2013 (11)
  15. Probleme mit wssetup.exe Perion Network Ltd.
    Log-Analyse und Auswertung - 08.06.2013 (9)
  16. wssetup.exe Perion Network Ltd.
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (11)
  17. Habe mir wohl was eingefangen! wssetup.exe Perion Network Ltd.
    Plagegeister aller Art und deren Bekämpfung - 06.06.2013 (15)

Zum Thema Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! - Hallo liebe Forums-Betreiber, seit ca. 5 Tagen poppt ein Fenster der Benutzerkontensteuerung nach, ob ich folgendes Programm ändern möchte: Programname: wwsetup.exe Verifizierter Herausgeber: Perion Network Ltld Dateiursprung: Festplatte auf Computer - Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren!...
Archiv
Du betrachtest: Virus? Trojaner? wiederauftauchendes Fenster wssetup.exe von Perion Ltd zu installieren! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.